VIrus outerinfo, vundo...

Zstine -
Zstine - 10 nov. 2008 à 23:43

Bonjour, J'ai quelque probleme avec les popup outerinfo et de nombreux trojans détectés (par exemple : vundo) par mon antivirus Antivir, j'ai réalisé plusieurs scan en vain, impossible de les supprimer.
Si vous pouviez m'indiquer la marche a suivre pour tout supprimer.
Je vous remercie d'avance.

Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:19, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\??pPatch\d?xplore.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asrock.com/support/index_BIOS.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [play01basebeep] C:\Documents and Settings\All Users\Application Data\Program Software Play 01\Ooze Download.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [509a1a2d] rundll32.exe "C:\WINDOWS\system32\oxtmlehb.dll",b
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\GUY\Local Settings\Temporary Internet Files\Content.IE5\NI073X0P\setup_sbd_fr[1].exe
O4 - HKLM\..\Run: [Sys3.exe] C:\Windows\Sys3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [joysite] C:\DOCUME~1\GUY\APPLIC~1\BLEHCH~1\defy flap 4.exe
O4 - HKCU\..\Run: [Ebtc] "C:\PROGRA~1\YSTEM~1\regsvr32.exe" -vt ndrv
O4 - HKCU\..\Run: [Rvhyc] "C:\Documents and Settings\GUY\Mes documents\?icrosoft.NET\l?ass.exe"
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [Sys3.exe] C:\Windows\Sys3.exe
O4 - HKCU\..\Run: [Sys1.exe] C:\Windows\Sys1.exe
O4 - HKCU\..\Run: [Mqgolmr] C:\WINDOWS\system32\??pPatch\d?xplore.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {030F82CB-EFFB-646E-A920-9323E9DD6F6A} - http://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
O16 - DPF: {2A5E9131-DAB4-C77B-6301-75289DDA0473} - http://bsa.safetydownload.com/libresystem.com/LibreSystem/setup_fr.cab
O16 - DPF: {37753D69-C378-1F1E-0FC1-DA71AC179916} - http://bsa.safetydownload.com/protectionassuree.com/ProtectionAssuree/install_fr.cab
O16 - DPF: {37F2F58D-F05F-249C-2BEB-A70FAF0F848D} - http://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6AE11650-0BA9-4030-86C2-4F92B20033F6} - http://scanner-xpertantivirus.com/setup/setup.cab
O16 - DPF: {7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61} - http://scanner.vav-scan.com/setup/setup.cab
O16 - DPF: {7937597B-0FF3-D542-A260-CE0148E01038} - http://download-es.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
O16 - DPF: {93BCB745-5031-BE3C-C944-F57B43C0A24D} - http://bsa.safetydownload.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
O16 - DPF: {A607A042-119E-CABA-D24C-ED27179B6A1D} - http://bsa.safetydownload.com/libresystem.com/LibreSystem/setup_fr.cab
O16 - DPF: {A8E3068A-AC3A-A082-01BF-7A8823E84773} - http://download-es.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
O16 - DPF: {AF3C507E-8445-90CD-D122-93611D9DF0CA} - http://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
O16 - DPF: {BD4F7A6D-0107-4BDF-B72B-021B717B06CE} - http://scanner.msscanner.com/setup/setup.cab
O16 - DPF: {C5706F4D-FBDD-0EAF-73A2-6EB72C8BF36E} - http://bsa.safetydownload.com/protectionassuree.com/ProtectionAssuree/install_fr.cab
O16 - DPF: {E27AFA80-A9FE-4381-9C06-3CC017391DC9} - http://scanner-pwrantivirus.com/setup/setup.cab
O16 - DPF: {E6AE4637-58DD-4135-9E9A-9A2E613A4D79} - http://bsa.safetydownload.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
O20 - AppInit_DLLs: yspehk.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Afficher la suite

A voir également:

VIrus outerinfo, vundo...
Virus mcafee - Accueil - Piratage
Virus facebook demande d'amis - Accueil - Facebook
Virus informatique - Guide
Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
Undisclosed-recipients virus - Guide

10 réponses

Réponse 1 / 10

Utilisateur anonyme

Bonsoir,

Ya du boulot :)

-Désactive les logiciels de protection (Antivirus, Antispywares) puis :

-Télécharge Combofix sUBs : [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]combofix.exe[/url]
et sauvegarde le sur ton bureau et pas ailleurs!

-Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.

-Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

-Copie/colle un nouveau rapport HiJackThis avec.

Réponse 2 / 10

Utilisateur anonyme

Bonsoir,

Pourquoi combofix?

@+

Réponse 3 / 10

Utilisateur anonyme

O4 - HKLM\..\Run: [509a1a2d] rundll32.exe "C:\WINDOWS\system32\oxtmlehb.dll",b par exemple = vundo

Combofix est un fix que j'utilise toujours pour vundo ensuite je passe d'autre fix pour nettoyer le reste mais CF enleve le plus gros morceau.

Zstine

Rapport HIjackthis comme demandé :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:30, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asrock.com/support/index_BIOS.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {3DA433B7-6F55-4EC9-866E-4999984F8556} - C:\WINDOWS\system32\sstqr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Rvhyc] "C:\Documents and Settings\GUY\Mes documents\?icrosoft.NET\l?ass.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Mqgolmr] C:\WINDOWS\system32\??pPatch\d?xplore.exe
O4 - HKCU\..\Run: [Sys1.exe] C:\Windows\Sys1.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {030F82CB-EFFB-646E-A920-9323E9DD6F6A} - http://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
O16 - DPF: {2A5E9131-DAB4-C77B-6301-75289DDA0473} - http://bsa.safetydownload.com/libresystem.com/LibreSystem/setup_fr.cab
O16 - DPF: {37753D69-C378-1F1E-0FC1-DA71AC179916} - http://bsa.safetydownload.com/protectionassuree.com/ProtectionAssuree/install_fr.cab
O16 - DPF: {37F2F58D-F05F-249C-2BEB-A70FAF0F848D} - http://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6AE11650-0BA9-4030-86C2-4F92B20033F6} - http://scanner-xpertantivirus.com/setup/setup.cab
O16 - DPF: {7937597B-0FF3-D542-A260-CE0148E01038} - http://download-es.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
O16 - DPF: {93BCB745-5031-BE3C-C944-F57B43C0A24D} - http://bsa.safetydownload.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
O16 - DPF: {A607A042-119E-CABA-D24C-ED27179B6A1D} - http://bsa.safetydownload.com/libresystem.com/LibreSystem/setup_fr.cab
O16 - DPF: {A8E3068A-AC3A-A082-01BF-7A8823E84773} - http://download-es.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
O16 - DPF: {AF3C507E-8445-90CD-D122-93611D9DF0CA} - http://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
O16 - DPF: {BD4F7A6D-0107-4BDF-B72B-021B717B06CE} - http://scanner.msscanner.com/setup/setup.cab
O16 - DPF: {C5706F4D-FBDD-0EAF-73A2-6EB72C8BF36E} - http://bsa.safetydownload.com/protectionassuree.com/ProtectionAssuree/install_fr.cab
O16 - DPF: {E27AFA80-A9FE-4381-9C06-3CC017391DC9} - http://scanner-pwrantivirus.com/setup/setup.cab
O16 - DPF: {E6AE4637-58DD-4135-9E9A-9A2E613A4D79} - http://bsa.safetydownload.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
O20 - AppInit_DLLs: yspehk.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Réponse 4 / 10

Utilisateur anonyme

Tu n'as pas fait combofix et tu n'as pas posté le rapport de combofix donc refaire un hijackthis sert strictement a rien.

Fait combofix comme demandé et poste le rapport de celui-ci + un rapport HJT (apres avoir executé Combofix)

j'attends tes 2 rapport.

Zstine

Oui désolé j'ai oublié le rapport de combofix
le voici :

c:\documents and settings\GUY\Mes documents\ICROSO~1.NET
c:\program files\AVM
c:\program files\AVM\avm.ooo
c:\program files\AVM\avm0.dat
c:\program files\AVM\avm1.dat
c:\program files\Insider
c:\program files\Temporary
c:\program files\ystem~1
c:\program files\ystem~1\?ystem\
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows\b147.exe
c:\windows\BM53a929b1.txt
c:\windows\BM53a929b1.xml
c:\windows\Downloaded Program Files\setup.dll
c:\windows\Downloaded Program Files\setup.inf
c:\windows\Downloaded Program Files\UGA6PV_0001_N122M0907NetInstaller.exe
c:\windows\Downloaded Program Files\UGA6PV_0001_N122M2910NetInstaller.exe
c:\windows\Downloaded Program Files\UGDCFR_0001_N122M1912NetInstaller.exe
c:\windows\Downloaded Program Files\UGDCFR_0001_N129M2006NetInstaller.exe
c:\windows\Downloaded Program Files\UGESV_0001_N122M0303NetInstaller.exe
c:\windows\Downloaded Program Files\UGESV_0001_N122M2811NetInstaller.exe
c:\windows\IE4 Error Log.txt
c:\windows\pskt.ini
c:\windows\racle~1
c:\windows\system32\bhelmtxo.ini
c:\windows\system32\ccbeg.ini
c:\windows\system32\ccbeg.ini2
c:\windows\system32\fxmuydqb.ini
c:\windows\system32\gebcc.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\MSINET.oca
c:\windows\system32\nGpxx01
c:\windows\system32\ofilhyfp.ini
c:\windows\system32\ppatch~1
c:\windows\system32\ppatch~1\d?xplore.exe
c:\windows\system32\rqtss.ini
c:\windows\system32\rqtss.ini2
c:\windows\system32\snfvckjg.ini
c:\windows\system32\uaobrepi.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-10 au 2008-11-10 ))))))))))))))))))))))))))))))))))))
.

2008-11-10 22:02 . 2008-11-10 22:02 <REP> d-------- c:\program files\Trend Micro
2008-11-01 15:27 . 2008-11-01 15:27 <REP> d-------- c:\windows\system32\fr-fr
2008-10-27 19:58 . 2008-10-27 20:15 <REP> d-------- C:\DVDVideoSoft
2008-10-27 19:20 . 2008-10-27 19:21 <REP> d-------- c:\program files\Fichiers communs\DVDVideoSoft
2008-10-27 19:20 . 2008-10-27 19:20 <REP> d-------- c:\program files\DVDVideoSoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 21:27 --------- d-----w c:\program files\Wanadoo
2008-11-04 14:11 --------- d-----w c:\program files\OINAnalytics
2008-10-28 14:24 --------- d-----w c:\program files\The Cleaner Free
2008-10-24 21:32 --------- d-----w c:\documents and settings\GUY\Application Data\vlc
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DA433B7-6F55-4EC9-866E-4999984F8556}]
2008-02-07 10:05 334336 --------- c:\windows\system32\sstqr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rvhyc"="c:\documents and settings\GUY\Mes documents\?icrosoft.NET\l?ass.exe" [?]
"Mqgolmr"="c:\windows\system32\??pPatch\d?xplore.exe" [?]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-14 1057280]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2005-05-26 1506544]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=yspehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"=

S3 snpstd2;Trust WB-3400T Webcam;c:\windows\system32\DRIVERS\snpstd2.sys [2004-10-14 347264]
.
Contenu du dossier 'Tâches planifiées'

2008-11-10 c:\windows\Tasks\AB1CF26F910B6C77.job
- c:\docume~1\guy\applic~1\blehch~1\NURB LOCKS MAGS.exe []

2008-11-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-19 15:07]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{40719449-714E-4176-B78C-4E84FE66E2A8} - (no file)
BHO-{5E9402B7-FFCA-4D0B-8469-5AC6A2ED8971} - (no file)
BHO-{64331580-39C8-4F2B-AF1A-0E95F92C7B30} - c:\windows\system32\gebcc.dll
BHO-{6B01F76B-1427-4922-8F21-C7E54FD4CE3C} - (no file)
BHO-{6B221E01-F517-4959-8C41-81948E7F2F17} - (no file)
BHO-{7F175450-3824-490B-9141-4EF6ADF6C5CD} - c:\windows\system32\ddcCVLDu.dll
BHO-{8132B9C9-43F9-42FA-B237-BBD25DC8FC79} - (no file)
BHO-{8549A56D-6FCB-44E5-982B-87D78AA55F9A} - (no file)
BHO-{927CCD67-1AFB-4026-9430-2A037632E606} - (no file)
BHO-{9567e3bd-7f87-4a5f-adfb-5dbd27e9cf52} - c:\windows\system32\yspehk.dll
BHO-{98663E21-9CCE-4CF6-863C-911A9523A66F} - (no file)
BHO-{C7370B7A-5342-433A-B009-ABD9FB245115} - (no file)
BHO-{C7BB41C3-A590-4DD5-9680-AC3A5C6C4954} - (no file)
BHO-{D86EE54F-56F6-0E5D-AA3D-7EA297B44C95} - c:\windows\system32\brdrymy.dll
HKCU-Run-joysite - c:\docume~1\GUY\APPLIC~1\BLEHCH~1\defy flap 4.exe
HKCU-Run-Ebtc - c:\progra~1\YSTEM~1\regsvr32.exe
HKCU-Run-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
HKCU-Run-Sys3.exe - c:\windows\Sys3.exe
HKCU-Run-Sys1.exe - c:\windows\Sys1.exe
HKLM-Run-play01basebeep - c:\documents and settings\All Users\Application Data\Program Software Play 01\Ooze Download.exe
HKLM-Run-509a1a2d - c:\windows\system32\oxtmlehb.dll
HKLM-Run-Sys3.exe - c:\windows\Sys3.exe
HKLM-Run-Device Detector - DevDetect.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-VTTimer - VTTimer.exe
ShellExecuteHooks-{7F175450-3824-490B-9141-4EF6ADF6C5CD} - c:\windows\system32\ddcCVLDu.dll
Notify-ddcCVLDu - ddcCVLDu.dll
Notify-urqoljj - urqoljj.dll

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.asrock.com/support/index_BIOS.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {030F82CB-EFFB-646E-A920-9323E9DD6F6A} - hxxp://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
c:\windows\Downloaded Program Files\UGDCFR_0001_N122M1912NetInstaller.inf
c:\windows\Downloaded Program Files\UGDCFR_0001_N122M1912NetInstaller.exe

O16 -: {2A5E9131-DAB4-C77B-6301-75289DDA0473} - hxxp://bsa.safetydownload.com/libresystem.com/LibreSystem/setup_fr.cab
c:\windows\Downloaded Program Files\UGESV_0001_N122M2811NetInstaller.inf
c:\windows\Downloaded Program Files\UGESV_0001_N122M2811NetInstaller.exe

O16 -: {37753D69-C378-1F1E-0FC1-DA71AC179916} - hxxp://bsa.safetydownload.com/protectionassuree.com/ProtectionAssuree/install_fr.cab
c:\windows\Downloaded Program Files\UGA6PV_0001_N122M1202NetInstaller.inf
c:\windows\Downloaded Program Files\UGA6PV_0001_N122M1202NetInstaller.exe

O16 -: {37F2F58D-F05F-249C-2BEB-A70FAF0F848D} - hxxp://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
c:\windows\Downloaded Program Files\CONFLICT.1\UGDCFR_0001_N122M1912NetInstaller.inf
c:\windows\Downloaded Program Files\CONFLICT.1\UGDCFR_0001_N122M1912NetInstaller.exe

O16 -: {6AE11650-0BA9-4030-86C2-4F92B20033F6} - hxxp://scanner-xpertantivirus.com/setup/setup.cab
c:\windows\Downloaded Program Files\CONFLICT.3\setup.inf
c:\windows\Downloaded Program Files\CONFLICT.3\setup.dll

O16 -: {7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61}

O16 -: {7937597B-0FF3-D542-A260-CE0148E01038} - hxxp://download-es.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
c:\windows\Downloaded Program Files\CONFLICT.1\UGESV_0001_N122M0303NetInstaller.inf
c:\windows\Downloaded Program Files\CONFLICT.1\UGESV_0001_N122M0303NetInstaller.exe

O16 -: {93BCB745-5031-BE3C-C944-F57B43C0A24D} - hxxp://bsa.safetydownload.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
c:\windows\Downloaded Program Files\UGESV_0001_N122M0303NetInstaller.inf
c:\windows\Downloaded Program Files\UGESV_0001_N122M0303NetInstaller.exe

O16 -: {A607A042-119E-CABA-D24C-ED27179B6A1D} - hxxp://bsa.safetydownload.com/libresystem.com/LibreSystem/setup_fr.cab
c:\windows\Downloaded Program Files\UGESV_0001_N122M2811NetInstaller.inf
c:\windows\Downloaded Program Files\UGESV_0001_N122M2811NetInstaller.exe

O16 -: {A8E3068A-AC3A-A082-01BF-7A8823E84773} - hxxp://download-es.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
c:\windows\Downloaded Program Files\CONFLICT.2\UGESV_0001_N122M0303NetInstaller.inf
c:\windows\Downloaded Program Files\CONFLICT.2\UGESV_0001_N122M0303NetInstaller.exe

O16 -: {AF3C507E-8445-90CD-D122-93611D9DF0CA} - hxxp://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
c:\windows\Downloaded Program Files\CONFLICT.1\UGDCFR_0001_N122M1912NetInstaller.inf
c:\windows\Downloaded Program Files\CONFLICT.1\UGDCFR_0001_N122M1912NetInstaller.exe

O16 -: {BD4F7A6D-0107-4BDF-B72B-021B717B06CE} - hxxp://scanner.msscanner.com/setup/setup.cab
c:\windows\Downloaded Program Files\CONFLICT.1\setup.inf
c:\windows\Downloaded Program Files\CONFLICT.1\setup.dll

O16 -: {C5706F4D-FBDD-0EAF-73A2-6EB72C8BF36E} - hxxp://bsa.safetydownload.com/protectionassuree.com/ProtectionAssuree/install_fr.cab
c:\windows\Downloaded Program Files\UGA6PV_0001_N122M1202NetInstaller.inf
c:\windows\Downloaded Program Files\UGA6PV_0001_N122M1202NetInstaller.exe

O16 -: {E27AFA80-A9FE-4381-9C06-3CC017391DC9} - hxxp://scanner-pwrantivirus.com/setup/setup.cab
c:\windows\Downloaded Program Files\CONFLICT.2\setup.inf
c:\windows\Downloaded Program Files\CONFLICT.2\setup.dll

O16 -: {E6AE4637-58DD-4135-9E9A-9A2E613A4D79} - hxxp://bsa.safetydownload.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
c:\windows\Downloaded Program Files\UGESV_0001_N122M0303NetInstaller.inf
c:\windows\Downloaded Program Files\UGESV_0001_N122M0303NetInstaller.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 22:25:50
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\tsd32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Fichiers communs\ACD Systems\FR\DevDetect.exe
c:\windows\system32\rundll32.exe
c:\program files\Wanadoo\TaskBarIcon.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre1.5.0_10\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2008-11-10 22:31:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-10 21:31:19

Avant-CF: 12 842 024 960 octets libres
Après-CF: 12,865,286,144 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

232

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 10

Utilisateur anonyme

Ton rapport est incomplet reposte le en selectionnant tout le contenu du bloc notes ds lequel se trouve le rapport.

Zstine

ComboFix 08-11-09.04 - GUY 2008-11-10 22:21:25.1 - NTFSx86
Lancé depuis: c:\documents and settings\GUY\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\GUY\Mes documents\ICROSO~1.NET
c:\program files\AVM
c:\program files\AVM\avm.ooo
c:\program files\AVM\avm0.dat
c:\program files\AVM\avm1.dat
c:\program files\Insider
c:\program files\Temporary
c:\program files\ystem~1
c:\program files\ystem~1\?ystem\
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows\b147.exe
c:\windows\BM53a929b1.txt
c:\windows\BM53a929b1.xml
c:\windows\Downloaded Program Files\setup.dll
c:\windows\Downloaded Program Files\setup.inf
c:\windows\Downloaded Program Files\UGA6PV_0001_N122M0907NetInstaller.exe
c:\windows\Downloaded Program Files\UGA6PV_0001_N122M2910NetInstaller.exe
c:\windows\Downloaded Program Files\UGDCFR_0001_N122M1912NetInstaller.exe
c:\windows\Downloaded Program Files\UGDCFR_0001_N129M2006NetInstaller.exe
c:\windows\Downloaded Program Files\UGESV_0001_N122M0303NetInstaller.exe
c:\windows\Downloaded Program Files\UGESV_0001_N122M2811NetInstaller.exe
c:\windows\IE4 Error Log.txt
c:\windows\pskt.ini
c:\windows\racle~1
c:\windows\system32\bhelmtxo.ini
c:\windows\system32\ccbeg.ini
c:\windows\system32\ccbeg.ini2
c:\windows\system32\fxmuydqb.ini
c:\windows\system32\gebcc.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\MSINET.oca
c:\windows\system32\nGpxx01
c:\windows\system32\ofilhyfp.ini
c:\windows\system32\ppatch~1
c:\windows\system32\ppatch~1\d?xplore.exe
c:\windows\system32\rqtss.ini
c:\windows\system32\rqtss.ini2
c:\windows\system32\snfvckjg.ini
c:\windows\system32\uaobrepi.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-10 au 2008-11-10 ))))))))))))))))))))))))))))))))))))
.

2008-11-10 22:02 . 2008-11-10 22:02 <REP> d-------- c:\program files\Trend Micro
2008-11-01 15:27 . 2008-11-01 15:27 <REP> d-------- c:\windows\system32\fr-fr
2008-10-27 19:58 . 2008-10-27 20:15 <REP> d-------- C:\DVDVideoSoft
2008-10-27 19:20 . 2008-10-27 19:21 <REP> d-------- c:\program files\Fichiers communs\DVDVideoSoft
2008-10-27 19:20 . 2008-10-27 19:20 <REP> d-------- c:\program files\DVDVideoSoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 21:27 --------- d-----w c:\program files\Wanadoo
2008-11-04 14:11 --------- d-----w c:\program files\OINAnalytics
2008-10-28 14:24 --------- d-----w c:\program files\The Cleaner Free
2008-10-24 21:32 --------- d-----w c:\documents and settings\GUY\Application Data\vlc
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DA433B7-6F55-4EC9-866E-4999984F8556}]
2008-02-07 10:05 334336 --------- c:\windows\system32\sstqr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rvhyc"="c:\documents and settings\GUY\Mes documents\?icrosoft.NET\l?ass.exe" [?]
"Mqgolmr"="c:\windows\system32\??pPatch\d?xplore.exe" [?]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-14 1057280]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2005-05-26 1506544]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=yspehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"=

S3 snpstd2;Trust WB-3400T Webcam;c:\windows\system32\DRIVERS\snpstd2.sys [2004-10-14 347264]
.
Contenu du dossier 'Tâches planifiées'

2008-11-10 c:\windows\Tasks\AB1CF26F910B6C77.job
- c:\docume~1\guy\applic~1\blehch~1\NURB LOCKS MAGS.exe []

2008-11-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-19 15:07]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{40719449-714E-4176-B78C-4E84FE66E2A8} - (no file)
BHO-{5E9402B7-FFCA-4D0B-8469-5AC6A2ED8971} - (no file)
BHO-{64331580-39C8-4F2B-AF1A-0E95F92C7B30} - c:\windows\system32\gebcc.dll
BHO-{6B01F76B-1427-4922-8F21-C7E54FD4CE3C} - (no file)
BHO-{6B221E01-F517-4959-8C41-81948E7F2F17} - (no file)
BHO-{7F175450-3824-490B-9141-4EF6ADF6C5CD} - c:\windows\system32\ddcCVLDu.dll
BHO-{8132B9C9-43F9-42FA-B237-BBD25DC8FC79} - (no file)
BHO-{8549A56D-6FCB-44E5-982B-87D78AA55F9A} - (no file)
BHO-{927CCD67-1AFB-4026-9430-2A037632E606} - (no file)
BHO-{9567e3bd-7f87-4a5f-adfb-5dbd27e9cf52} - c:\windows\system32\yspehk.dll
BHO-{98663E21-9CCE-4CF6-863C-911A9523A66F} - (no file)
BHO-{C7370B7A-5342-433A-B009-ABD9FB245115} - (no file)
BHO-{C7BB41C3-A590-4DD5-9680-AC3A5C6C4954} - (no file)
BHO-{D86EE54F-56F6-0E5D-AA3D-7EA297B44C95} - c:\windows\system32\brdrymy.dll
HKCU-Run-joysite - c:\docume~1\GUY\APPLIC~1\BLEHCH~1\defy flap 4.exe
HKCU-Run-Ebtc - c:\progra~1\YSTEM~1\regsvr32.exe
HKCU-Run-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
HKCU-Run-Sys3.exe - c:\windows\Sys3.exe
HKCU-Run-Sys1.exe - c:\windows\Sys1.exe
HKLM-Run-play01basebeep - c:\documents and settings\All Users\Application Data\Program Software Play 01\Ooze Download.exe
HKLM-Run-509a1a2d - c:\windows\system32\oxtmlehb.dll
HKLM-Run-Sys3.exe - c:\windows\Sys3.exe
HKLM-Run-Device Detector - DevDetect.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-VTTimer - VTTimer.exe
ShellExecuteHooks-{7F175450-3824-490B-9141-4EF6ADF6C5CD} - c:\windows\system32\ddcCVLDu.dll
Notify-ddcCVLDu - ddcCVLDu.dll
Notify-urqoljj - urqoljj.dll

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.asrock.com/support/index_BIOS.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {030F82CB-EFFB-646E-A920-9323E9DD6F6A} - hxxp://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
c:\windows\Downloaded Program Files\UGDCFR_0001_N122M1912NetInstaller.inf
c:\windows\Downloaded Program Files\UGDCFR_0001_N122M1912NetInstaller.exe

O16 -: {2A5E9131-DAB4-C77B-6301-75289DDA0473} - hxxp://bsa.safetydownload.com/libresystem.com/LibreSystem/setup_fr.cab
c:\windows\Downloaded Program Files\UGESV_0001_N122M2811NetInstaller.inf
c:\windows\Downloaded Program Files\UGESV_0001_N122M2811NetInstaller.exe

O16 -: {37753D69-C378-1F1E-0FC1-DA71AC179916} - hxxp://bsa.safetydownload.com/protectionassuree.com/ProtectionAssuree/install_fr.cab
c:\windows\Downloaded Program Files\UGA6PV_0001_N122M1202NetInstaller.inf
c:\windows\Downloaded Program Files\UGA6PV_0001_N122M1202NetInstaller.exe

O16 -: {37F2F58D-F05F-249C-2BEB-A70FAF0F848D} - hxxp://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
c:\windows\Downloaded Program Files\CONFLICT.1\UGDCFR_0001_N122M1912NetInstaller.inf
c:\windows\Downloaded Program Files\CONFLICT.1\UGDCFR_0001_N122M1912NetInstaller.exe

O16 -: {6AE11650-0BA9-4030-86C2-4F92B20033F6} - hxxp://scanner-xpertantivirus.com/setup/setup.cab
c:\windows\Downloaded Program Files\CONFLICT.3\setup.inf
c:\windows\Downloaded Program Files\CONFLICT.3\setup.dll

O16 -: {7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61}

O16 -: {7937597B-0FF3-D542-A260-CE0148E01038} - hxxp://download-es.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
c:\windows\Downloaded Program Files\CONFLICT.1\UGESV_0001_N122M0303NetInstaller.inf
c:\windows\Downloaded Program Files\CONFLICT.1\UGESV_0001_N122M0303NetInstaller.exe

O16 -: {93BCB745-5031-BE3C-C944-F57B43C0A24D} - hxxp://bsa.safetydownload.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
c:\windows\Downloaded Program Files\UGESV_0001_N122M0303NetInstaller.inf
c:\windows\Downloaded Program Files\UGESV_0001_N122M0303NetInstaller.exe

O16 -: {A607A042-119E-CABA-D24C-ED27179B6A1D} - hxxp://bsa.safetydownload.com/libresystem.com/LibreSystem/setup_fr.cab
c:\windows\Downloaded Program Files\UGESV_0001_N122M2811NetInstaller.inf
c:\windows\Downloaded Program Files\UGESV_0001_N122M2811NetInstaller.exe

O16 -: {A8E3068A-AC3A-A082-01BF-7A8823E84773} - hxxp://download-es.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
c:\windows\Downloaded Program Files\CONFLICT.2\UGESV_0001_N122M0303NetInstaller.inf
c:\windows\Downloaded Program Files\CONFLICT.2\UGESV_0001_N122M0303NetInstaller.exe

O16 -: {AF3C507E-8445-90CD-D122-93611D9DF0CA} - hxxp://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
c:\windows\Downloaded Program Files\CONFLICT.1\UGDCFR_0001_N122M1912NetInstaller.inf
c:\windows\Downloaded Program Files\CONFLICT.1\UGDCFR_0001_N122M1912NetInstaller.exe

O16 -: {BD4F7A6D-0107-4BDF-B72B-021B717B06CE} - hxxp://scanner.msscanner.com/setup/setup.cab
c:\windows\Downloaded Program Files\CONFLICT.1\setup.inf
c:\windows\Downloaded Program Files\CONFLICT.1\setup.dll

O16 -: {C5706F4D-FBDD-0EAF-73A2-6EB72C8BF36E} - hxxp://bsa.safetydownload.com/protectionassuree.com/ProtectionAssuree/install_fr.cab
c:\windows\Downloaded Program Files\UGA6PV_0001_N122M1202NetInstaller.inf
c:\windows\Downloaded Program Files\UGA6PV_0001_N122M1202NetInstaller.exe

O16 -: {E27AFA80-A9FE-4381-9C06-3CC017391DC9} - hxxp://scanner-pwrantivirus.com/setup/setup.cab
c:\windows\Downloaded Program Files\CONFLICT.2\setup.inf
c:\windows\Downloaded Program Files\CONFLICT.2\setup.dll

O16 -: {E6AE4637-58DD-4135-9E9A-9A2E613A4D79} - hxxp://bsa.safetydownload.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
c:\windows\Downloaded Program Files\UGESV_0001_N122M0303NetInstaller.inf
c:\windows\Downloaded Program Files\UGESV_0001_N122M0303NetInstaller.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 22:25:50
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\tsd32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Fichiers communs\ACD Systems\FR\DevDetect.exe
c:\windows\system32\rundll32.exe
c:\program files\Wanadoo\TaskBarIcon.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre1.5.0_10\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2008-11-10 22:31:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-10 21:31:19

Avant-CF: 12 842 024 960 octets libres
Après-CF: 12,865,286,144 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

232

Réponse 6 / 10

Utilisateur anonyme

Ok,

Poste maintenant un rapport HiJackThis stp.

Du mieux sur le pc ?

Zstine

Oui il semblerait, merci beaucoup pour ton aide :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:06, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asrock.com/support/index_BIOS.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {3DA433B7-6F55-4EC9-866E-4999984F8556} - C:\WINDOWS\system32\sstqr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Rvhyc] "C:\Documents and Settings\GUY\Mes documents\?icrosoft.NET\l?ass.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Mqgolmr] C:\WINDOWS\system32\??pPatch\d?xplore.exe
O4 - HKCU\..\Run: [Sys1.exe] C:\Windows\Sys1.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {030F82CB-EFFB-646E-A920-9323E9DD6F6A} - http://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
O16 - DPF: {2A5E9131-DAB4-C77B-6301-75289DDA0473} - http://bsa.safetydownload.com/libresystem.com/LibreSystem/setup_fr.cab
O16 - DPF: {37753D69-C378-1F1E-0FC1-DA71AC179916} - http://bsa.safetydownload.com/protectionassuree.com/ProtectionAssuree/install_fr.cab
O16 - DPF: {37F2F58D-F05F-249C-2BEB-A70FAF0F848D} - http://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6AE11650-0BA9-4030-86C2-4F92B20033F6} - http://scanner-xpertantivirus.com/setup/setup.cab
O16 - DPF: {7937597B-0FF3-D542-A260-CE0148E01038} - http://download-es.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
O16 - DPF: {93BCB745-5031-BE3C-C944-F57B43C0A24D} - http://bsa.safetydownload.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
O16 - DPF: {A607A042-119E-CABA-D24C-ED27179B6A1D} - http://bsa.safetydownload.com/libresystem.com/LibreSystem/setup_fr.cab
O16 - DPF: {A8E3068A-AC3A-A082-01BF-7A8823E84773} - http://download-es.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
O16 - DPF: {AF3C507E-8445-90CD-D122-93611D9DF0CA} - http://sec.storageguardsoft.com/defensenetsurfage.com/DefenseNetSurfage/installer_fr.cab
O16 - DPF: {BD4F7A6D-0107-4BDF-B72B-021B717B06CE} - http://scanner.msscanner.com/setup/setup.cab
O16 - DPF: {C5706F4D-FBDD-0EAF-73A2-6EB72C8BF36E} - http://bsa.safetydownload.com/protectionassuree.com/ProtectionAssuree/install_fr.cab
O16 - DPF: {E27AFA80-A9FE-4381-9C06-3CC017391DC9} - http://scanner-pwrantivirus.com/setup/setup.cab
O16 - DPF: {E6AE4637-58DD-4135-9E9A-9A2E613A4D79} - http://bsa.safetydownload.com/disqudurprotection.com/DisqudurProtection/setup_fr.cab
O20 - AppInit_DLLs: yspehk.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Réponse 7 / 10

Utilisateur anonyme

-Telecharge MBAM--> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

-Installe-le et mets-le a jour

-Execute un scan complet en mode sans echec

-Supprime tout ce qui a été trouvé (liste en rouge) ->"suppression de la selection"

-Poste le rapport.

Zstine

Le scan de MBAM est en cours
Y a-t-il encore beaucoup d'étapes après cela ?
Merci d'avance pour la réponse

Réponse 8 / 10

Zstine

comment faire pour le mode sans echec

Réponse 9 / 10

Utilisateur anonyme

Regarde ce tuto pour t'aider -> https://www.malekal.com/demarrer-windows-mode-sans-echec/

Zstine

Je l'ai lancé sans le mode sans echec
C'est suffisant ?
J'ose pas trop bidouiller vu que c'est l'ordinateur de mon père

Zstine

Scan avec MBAM fini je ne sais pas quoi faire après
Peux tu m'aider stp

Zstine

Rapport de scan MBAM :

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1380
Windows 5.1.2600 Service Pack 2

10/11/2008 23:37:38
mbam-log-2008-11-10 (23-37-25).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 83670
Temps écoulé: 33 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\sstqr.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3da433b7-6f55-4ec9-866e-4999984f8556} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3da433b7-6f55-4ec9-866e-4999984f8556} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/conflict.1/setup.dll (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> No action taken.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3da433b7-6f55-4ec9-866e-4999984f8556} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\CONFLICT.1\setup.dll (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys1.exe (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\OINAnalytics (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\sstqr.dll (Trojan.BHO.H) -> No action taken.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\setup.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{37D91C5C-9AD7-490F-851F-F2459A97AFFE}\RP292\A0071866.dll (Adware.ZenoSearch) -> No action taken.
C:\System Volume Information\_restore{37D91C5C-9AD7-490F-851F-F2459A97AFFE}\RP337\A0084336.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{37D91C5C-9AD7-490F-851F-F2459A97AFFE}\RP343\A0095492.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{37D91C5C-9AD7-490F-851F-F2459A97AFFE}\RP343\A0095493.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\fee9\lenamd83122.exe (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\b147.exe.vir (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\setup.dll.vir (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\OINAnalytics\installer.dll (Trojan.Agent) -> No action taken.

Réponse 10 / 10

Utilisateur anonyme

Salut,

tu n'est pas obliger de le faire en mode sans échec.

@+

Discussions similaires

Softonic,est-ce un virus ?

Désinstaller Softonic

virus Artemis!

Message Apple virus !!

VIrus outerinfo, vundo...

10 réponses

Votre réponse

Discussions similaires

Newsletters