Antivirus 2009-mises à jour automatiques

vdmf Messages postés 144 Statut Membre -  
vdmf Messages postés 144 Statut Membre -
Bonjour,
Bonjour - j'ai plusieurs problêmes "antivirus 2009" s'affiche régulièrement sur mon ordi pour que je l'installe , je n'arrive pas à enclencher la mise à jour automatique (poste de travail clic droit etc j'ai aussi tapé executer "service.msc" etc... sans resultats ! )et j'ai un message d'erreur dans la barre des tâches (les mises à jour sont désactivé)j'ai redemarrer mon ordi plusieurs fois pour essayer de l'enclencher .Au demarrage j'ai ce message "exeption processing message c000003 Parameter etc;;;" et après un autre message "erreur de chargement de C:/Windows ...le module specifié est introuvable".je viens de faire une analyse en ligne avec "Bitdefender" qui n'a rien trouvé.merci .
Configuration: Windows XP
Firefox 3.0.3

15 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    ne mets pas antivirus 2009 c'est une arnaque!

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    -1
  2. vdmf Messages postés 144 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 16:31, on 08/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20861)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrateur.9C024B2278E9436\Bureau\Eden church.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
    O2 - BHO: (no name) - {0767C3C7-2D59-43B1-B55E-5D60FFBC6B02} - C:\WINDOWS\system32\ljJDSjhG.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: {95cb183c-bef8-357a-7cf4-91e130e16f9d} - {d9f61e03-1e19-4fc7-a753-8febc381bc59} - C:\WINDOWS\system32\sbzrpe.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
    O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [dc4dea6b] rundll32.exe "C:\WINDOWS\system32\wpcdmmvk.dll",b
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O11 - Options group: [TABS] Tabbed Browsing
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1219780699484
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: sbzrpe.dll
    O20 - Winlogon Notify: byXOihGa - byXOihGa.dll (file missing)
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    -1
  3. vdmf Messages postés 144 Statut Membre
     
    Bonsoir. mon problème semble avoir été resolu , les mises à jour automatiques semblent activées. Curieux virus et curieux logiciel qui semble avoir été conçu pour cela...
    Logfile of HijackThis v1.99.1
    Scan saved at 19:29, on 08/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20861)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrateur.9C024B2278E9436\Bureau\Eden church.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
    O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O11 - Options group: [TABS] Tabbed Browsing
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1219780699484
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: krrvpl.dll
    O20 - Winlogon Notify: byXOihGa - byXOihGa.dll (file missing)
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    -1
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. vdmf Messages postés 144 Statut Membre
     
    j'ai maintenant deux mises à jour disponibles pour framework 02 et 03 est ce bien utile de l'instaler pour framework 02 et est ce que je peux d'ésinstaler ce dernier ? merci.
    -1
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    le rapport malwarebyte?

    ________________

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    -1
  7. vdmf Messages postés 144 Statut Membre
     
    Bonsoir ! excuse !
    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1242
    Windows 5.1.2600 Service Pack 3

    08/10/2008 19:21:12
    mbam-log-2008-10-08 (19-21-12).txt

    Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|L:\|)
    Eléments examinés: 114744
    Temps écoulé: 1 hour(s), 20 minute(s), 34 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 9
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 24

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\ljJDSjhG.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\krrvpl.dll (Trojan.Vundo) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54580b07-b0a2-4e94-9976-87a71365712f} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{54580b07-b0a2-4e94-9976-87a71365712f} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd676e3c-4dcc-4985-a674-1ac0ff7e619d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bd676e3c-4dcc-4985-a674-1ac0ff7e619d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dc4dea6b (Trojan.Vundo) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjdsjhg -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjdsjhg -> Delete on reboot.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\ljJDSjhG.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\GhjSDJjl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\GhjSDJjl.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\krrvpl.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\Documents and Settings\Administrateur.9C024B2278E9436\Local Settings\Temporary Internet Files\Content.IE5\OBRT81RT\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur.9C024B2278E9436\Local Settings\Temporary Internet Files\Content.IE5\RFJJ3XY1\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A57213C1-AAB6-42A7-873D-8F091491EAC7}\RP34\A0015850.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A57213C1-AAB6-42A7-873D-8F091491EAC7}\RP34\A0015851.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A57213C1-AAB6-42A7-873D-8F091491EAC7}\RP34\A0015852.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A57213C1-AAB6-42A7-873D-8F091491EAC7}\RP34\A0015901.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A57213C1-AAB6-42A7-873D-8F091491EAC7}\RP34\A0015902.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A57213C1-AAB6-42A7-873D-8F091491EAC7}\RP34\A0015903.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A57213C1-AAB6-42A7-873D-8F091491EAC7}\RP34\A0016074.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bisbohfg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ftbfyg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\geurntjn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgimmb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mqtqeyig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oqfnue.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\puwfdcrb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sbzrpe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wcyxyetv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvuRJAtu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur.9C024B2278E9436\Local Settings\temp\windfr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    -1
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    fais combofix
    -1
  9. vdmf Messages postés 144 Statut Membre
     
    ComboFix 08-10-08.05 - Administrateur 2008-10-09 23:02:02.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.273 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Administrateur.9C024B2278E9436\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .
    /wow section - STAGE 32

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-09 au 2008-10-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-08 17:43 . 2008-10-08 17:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-08 17:43 . 2008-10-08 17:43 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2008-10-08 17:43 . 2008-10-08 17:43 <REP> d-------- C:\Documents and Settings\Administrateur.9C024B2278E9436\Application Data\Malwarebytes
    2008-10-08 17:43 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-08 17:43 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-08 17:42 . 2008-10-08 17:42 1,023,790 ---hs---- C:\WINDOWS\system32\tnfbvoth.ini
    2008-10-08 16:58 . 2008-10-08 16:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-10-08 16:58 . 2008-10-08 16:58 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-10-08 02:17 . 2008-10-08 02:17 1,023,958 ---hs---- C:\WINDOWS\system32\kvmmdcpw.ini
    2008-10-07 22:46 . 2008-10-07 22:46 1,023,958 ---hs---- C:\WINDOWS\system32\rdelnigh.ini
    2008-10-07 21:23 . 2008-10-07 21:23 1,023,958 ---hs---- C:\WINDOWS\system32\pwipuipc.ini
    2008-10-07 20:51 . 2008-10-07 20:52 1,023,958 ---hs---- C:\WINDOWS\system32\fjsxgyev.ini
    2008-10-07 20:50 . 2008-10-07 21:34 135,445 --ahs---- C:\WINDOWS\system32\RAdKkUtv.ini2
    2008-10-07 20:50 . 2008-10-07 21:35 135,445 --ahs---- C:\WINDOWS\system32\RAdKkUtv.ini
    2008-10-07 19:42 . 2008-10-07 19:42 0 --a------ C:\WINDOWS\system32\FOXIT_PDF
    2008-10-06 22:11 . 2008-10-06 22:11 8,791,996 --a------ C:\Documents and Settings\Administrateur_(converted).avi
    2008-10-06 18:34 . 2008-10-06 18:41 <REP> d-------- C:\Program Files\My BootDisk
    2008-10-05 14:49 . 2008-10-05 14:49 <REP> d-------- C:\Documents and Settings\Administrateur.9C024B2278E9436\Application Data\Canneverbe_Limited
    2008-10-05 13:28 . 2008-10-05 13:28 <REP> d-------- C:\Program Files\MSBuild
    2008-10-05 13:23 . 2008-10-08 20:03 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-10-05 13:22 . 2008-10-05 13:22 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-10-05 13:12 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-10-05 03:50 . 2008-10-05 03:50 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-10-05 01:58 . 2008-10-05 01:58 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-10-05 01:51 . 2008-10-05 01:28 270,848 --a------ C:\WINDOWS\mscoree.dll
    2008-10-04 18:38 . 2008-10-05 16:14 <REP> d-------- C:\Program Files\Astonsoft
    2008-10-04 18:38 . 2008-10-04 18:45 <REP> d-------- C:\Documents and Settings\Administrateur.9C024B2278E9436\Application Data\DeepBurner
    2008-10-04 18:20 . 2008-10-04 18:20 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-10-04 14:41 . 2008-10-08 13:51 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-10-03 13:36 . 2008-10-04 19:04 <REP> d-------- C:\Program Files\Spotmau WinCare 2008
    2008-10-03 02:44 . 2008-10-03 02:44 <REP> d-------- C:\Documents and Settings\Administrateur.9C024B2278E9436\Application Data\Apple Computer
    2008-10-03 02:31 . 2008-10-03 02:31 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-10-03 02:30 . 2008-10-03 02:30 <REP> d-------- C:\Program Files\Apple Software Update
    2008-10-03 02:30 . 2008-10-03 02:30 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
    2008-10-01 19:44 . 2008-10-01 19:50 <REP> d-------- C:\Program Files\Bitcomet Ultra Accelerator
    2008-10-01 16:01 . 2008-10-01 16:02 <REP> d-------- C:\Program Files\BitTorrent
    2008-10-01 16:01 . 2008-10-03 03:53 <REP> d-------- C:\Program Files\BitComet
    2008-10-01 12:30 . 2008-10-01 16:00 <REP> d-------- C:\Program Files\BitComet(2)
    2008-10-01 00:30 . 2008-10-01 00:30 <REP> d-------- C:\DRIVERS
    2008-09-30 22:59 . 2008-10-01 16:59 <REP> d-------- C:\Program Files\Alwil Software
    2008-09-30 18:06 . 2008-10-01 14:10 <REP> d-------- C:\Program Files\ESET
    2008-09-30 04:21 . 2008-09-30 04:21 268 --ah----- C:\sqmdata03.sqm
    2008-09-30 04:21 . 2008-09-30 04:21 244 --ah----- C:\sqmnoopt03.sqm
    2008-09-27 22:08 . 2003-04-18 15:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2008-09-27 22:08 . 2003-01-26 12:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
    2008-09-27 17:58 . 2008-09-27 17:59 <REP> d--hs---- C:\Diskeeper
    2008-09-27 14:35 . 2008-09-27 14:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation
    2008-09-26 12:17 . 2008-09-26 12:17 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-09-26 12:15 . 2008-09-26 12:15 <REP> d-------- C:\Program Files\Real
    2008-09-26 12:15 . 2008-09-26 12:17 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-09-25 22:40 . 2008-09-25 23:06 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2008-09-25 22:40 . 2008-09-25 23:06 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedBit
    2008-09-25 22:39 . 2008-09-25 23:07 <REP> d-------- C:\Program Files\DAP
    2008-09-21 21:48 . 2008-09-21 21:48 235 --a------ C:\ffmpeg_debug.bat
    2008-09-21 21:48 . 2008-09-21 21:48 228 --a------ C:\ffmpeg.bat
    2008-09-21 21:46 . 2008-09-21 21:46 325 --a------ C:\QuEnc.bat
    2008-09-21 00:20 . 2008-09-21 00:20 <REP> d-------- C:\Program Files\P2P_Energy
    2008-09-21 00:20 . 2008-09-21 00:20 <REP> d-------- C:\Program Files\Conduit
    2008-09-20 20:21 . 2008-09-20 20:21 <REP> d-------- C:\Documents and Settings\Administrateur.9C024B2278E9436\Application Data\Grisoft
    2008-09-20 20:20 . 2008-09-20 20:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
    2008-09-20 20:20 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-09-19 00:31 . 2008-09-19 00:31 <REP> d-------- C:\Documents and Settings\Administrateur.9C024B2278E9436\Application Data\Search Settings
    2008-09-18 21:26 . 2008-09-19 21:56 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-09-18 21:26 . 2008-09-19 21:54 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-09-18 19:25 . 2008-09-18 19:25 <REP> d-------- C:\Program Files\NCH Software
    2008-09-18 17:23 . 2008-09-18 17:23 <REP> d-------- C:\Program Files\NCH Swift Sound
    2008-09-18 04:30 . 2008-09-18 05:42 <REP> d-------- C:\Program Files\MediaCoder
    2008-09-18 04:20 . 2008-09-18 04:20 <REP> d-------- C:\Program Files\Search Settings
    2008-09-18 04:19 . 1998-06-24 02:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
    2008-09-18 03:25 . 2008-10-03 17:40 <REP> d-------- C:\Documents and Settings\Administrateur.9C024B2278E9436\Application Data\foobar2000
    2008-09-18 03:24 . 2008-09-18 03:25 <REP> d-------- C:\Program Files\foobar2000
    2008-09-17 17:32 . 2008-09-17 17:33 <REP> d-------- C:\Program Files\AviSynth 2.5
    2008-09-17 17:29 . 2008-09-17 17:43 <REP> d-------- C:\Program Files\m4ng
    2008-09-17 13:42 . 2008-09-17 13:43 <REP> d-------- C:\Program Files\Diskeeper Corporation
    2008-09-16 17:44 . 2008-05-09 12:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll
    2008-09-16 17:44 . 2008-05-09 12:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll
    2008-09-16 17:44 . 2008-05-09 12:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll
    2008-09-16 17:44 . 2008-05-09 12:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll
    2008-09-16 17:44 . 2008-05-08 13:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe
    2008-09-16 17:44 . 2008-05-09 10:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe
    2008-09-16 17:44 . 2008-05-09 12:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll
    2008-09-15 22:01 . 2008-09-15 22:01 <REP> d-------- C:\WINDOWS\system32\xircom
    2008-09-15 22:01 . 2008-09-15 22:01 <REP> d-------- C:\WINDOWS\system32\npp
    2008-09-15 22:01 . 2008-09-15 22:01 <REP> d-------- C:\Program Files\microsoft frontpage
    2008-09-15 21:54 . 2008-09-15 21:54 <REP> d-------- C:\WINDOWS\system32\bits
    2008-09-15 21:49 . 2008-09-15 21:55 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-15 21:41 . 2008-09-15 21:55 <REP> d-------- C:\WINDOWS\EHome
    2008-09-15 21:32 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
    2008-09-15 21:32 . 2008-04-13 19:34 11,264 --------- C:\WINDOWS\system32\spnpinst.exe
    2008-09-14 17:15 . 2008-09-14 17:15 <REP> d-------- C:\Documents and Settings\Administrateur.9C024B2278E9436\Application Data\vlc
    2008-09-11 21:12 . 2008-09-11 21:12 <REP> dr-h----- C:\Documents and Settings\Administrateur.9C024B2278E9436\Application Data\SecuROM
    2008-09-11 21:08 . 2004-08-30 14:25 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
    2008-09-11 21:08 . 2004-12-10 10:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
    2008-09-11 21:08 . 2007-04-12 15:01 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL
    2008-09-11 20:36 . 2008-09-11 20:36 <REP> d-------- C:\Program Files\EA Sports
    2008-09-11 20:34 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2008-09-10 16:43 . 2008-09-10 16:43 <REP> d-------- C:\Program Files\Packard Bell
    2008-09-09 08:53 . 2008-09-09 09:03 <REP> d-------- C:\Program Files\SpamPal
    2008-09-09 08:53 . 2008-09-09 08:53 <REP> d-------- C:\Documents and Settings\Administrateur.9C024B2278E9436\Application Data\SpamPal

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -1
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    le rapport est incomplet

    met le en plusieurs fois si besoin

    et recolle un rapport hijakhcits et dis tes soucis actuels
    -1
  11. vdmf Messages postés 144 Statut Membre
     
    Tout va bien pour l'instant ! je ne trouve que ce rapport merci de m'avoir aidé ! Bonne soirée !
    -1
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok bonne continuation si besoin tu diras
    -1
  13. vdmf Messages postés 144 Statut Membre
     
    Bon Week-end ! curieux ce MalwareByte's Anti-Malware...
    -1
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    garde le . Vire combofix et hijackthis
    -1
  15. vdmf Messages postés 144 Statut Membre
     
    O.K ! Tchao !
    -1