Rapport TOOLBAR

MIKE123 -  
 MIKE123 -
Bonjour,

Merci d'analyser mon rapport TOOLBAR

-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 2.00GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : acer ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1169 [VPS 081121-0] 4.8.1169 (Activated)
C:\ (Local Disk) - FAT32 - Total:93 Go (Free:71 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (USB) - FAT - Total:255 Mo (Free:0 Go)
F:\ (USB) - FAT - Total:983 Mo (Free:0 Go)
G:\ (USB) - FAT - Total:1927 Mo (Free:0 Go)
H:\ (USB) - FAT32 - Total:982 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 25/08/2008|20:43 )

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(acer) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://toolbar.ask.com/toolbarv/askRedirect?o=13157&gct=&gc=1&q="
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\iSuDNqss.ini
C:\WINDOWS\system32\iSuDNqss.ini2
[b]==> VUNDO <==/b

1 - "C:\ToolBar SD\TB_1.txt" - 25/08/2008|19:14 - Option : [2]
2 - "C:\ToolBar SD\TB_2.txt" - 25/08/2008|20:44 - Option : [1]

-----------\\ Fin du rapport a 20:44:16,85

@+
Configuration: Windows XP
Internet Explorer 6.0

12 réponses

  1. Utilisateur anonyme
     
    Fait un scan avec MalwareBytes' antimalware et poste le rapport généré
    0
    1. MIKE123
       
      Salut

      Comment faire le scan malwarebytes
      0
      1. archet9 > MIKE123
         
        bonsoir

        Telecharge malwarebytes + tutoriel :

        -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

        Tu l´installes; le programme va se mettre automatiquement a jour.

        Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

        Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

        Puis click sur "rechercher".

        Laisse le scanner le pc...

        Si des elements on ete trouvés > click sur supprimer la selection.

        si il t´es demandé de redemarrer > click sur "yes".

        A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

        Copie et colle le rapport stp.

        a+
        0
  2. MIKE123
     
    Salut,

    voici le rapport de nettoyage Melwarebytes

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1416
    Windows 5.1.2600 Service Pack 2

    25/08/2008 21:48:41
    mbam-log-2008-08-25 (21-48-41).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 82751
    Temps écoulé: 10 minute(s), 44 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 26
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 5
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 35

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Program Files\Mjcore\Mjcore.dll (Adware.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqqggvm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systray (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WintelUpdate (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Secondary_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Secondary Start Pages (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\Mjcore (Trojan.BHO) -> Delete on reboot.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\ssqQgGVM.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Program Files\Mjcore\Mjcore.dll (Adware.Agent) -> Delete on reboot.
    C:\mxuxc.exe (Trojan.Agent) -> Delete on reboot.
    C:\d1.exe (Trojan.TinyDownloader705) -> Delete on reboot.
    C:\WINDOWS\mrofinu1535.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifefCtS.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\tuvWonOF.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\ddcCSjKA.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\yayvTjIB.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8NYB814X\1[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP63\A0009113.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP63\A0009115.exe (Adware.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP64\A0009139.old (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP75\A0010868.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\faceback.exe (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\homepage.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo1.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo2.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo3.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo4.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo5.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo6.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promogif1.gif (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promogif2.gif (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promogif3.gif (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hcnwg4u.sys (Rootkit.Rustok) -> Delete on reboot.
    C:\WINDOWS\system32\pharma.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\other.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\finance.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\adult.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lt.res (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\index.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Merci @+
    0
    1. archet9
       
      vas ds malwarebytes et supprime tout ce qui est en quarentaine....
      ensuite:

      >Télécharge HiJackThis : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
      - Lance le programme, puis sélectionne < do a system scan and save a logfile >
      - Enregistre le rapport sur ton bureau.
      Et envoie, par copier/coller, ton log Hijackthis sur le forum,


      A+

      Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
      0
  3. MIKE123
     
    Merci voici le rapport HIJACKTHIS

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:31:32, on 25/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\acer\Local Settings\Temporary Internet Files\Content.IE5\GTUV8LYZ\BSG053[1].exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\PROGRA~1\INTERN~1\IEXPLORE.EXE
    C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\trend micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13157&gct=&gc=1&q=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13157&gct=&gc=1&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {37fe9585-95a4-4ce4-9479-843dbd0cb957} - C:\WINDOWS\system32\ssqNDuSi.dll (file missing)
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C8029E19-0DC6-4573-8C8A-1E390B34AF85}: NameServer = 10.10.1.202 192.168.20.5
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    0
    1. archet9
       
      ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
      http://download.bleepingcomputer.com/sUBs/ComboFix.exe

      /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

      ---> Double-clique sur Combofix.exe
      Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
      Accepte en cliquant sur "Oui"

      ---> Mets-le en langue française F
      Tape sur la touche 1 (Yes) pour démarrer le scan.

      /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

      En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

      Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

      /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

      Note : Le rapport se trouve également là : C:\ComboFix.txt


      A+
      0
  4. MIKE123
     
    MERCI VOICI LE RAPPORT COMBOFIX

    ComboFix 08-11-22.02 - acer 2008-11-22 23:16:05.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.675 [GMT 1:00]
    Lancé depuis: c:\documents and settings\acer\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\bcddkdtb.ini
    c:\windows\system32\iSuDNqss.ini
    c:\windows\system32\iSuDNqss.ini2
    c:\windows\system32\sn.txt
    c:\windows\system32\xwoljies.ini
    c:\windows\system32\xxjgjieo.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_hcnwg4u

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-22 au 2008-11-22 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans ce laps de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-15 16:59 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
    2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
    2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\dllcache\win32k.sys
    2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
    2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
    2008-07-28 11:46 160496 --a------ c:\program files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2008-08-22 2084480]
    "Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224]
    "ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-01-21 2889216]
    "LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296]
    "PowerDVD"="c:\program files\CyberLink\PowerDVD\PowerDVD.exe" [2004-08-27 430080]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 c:\windows\system32\Hdaudpropshortcut.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 c:\windows\AGRSMMSG.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-11-02 c:\windows\SoundMan.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2004-12-10 c:\windows\ALCWZRD.EXE]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 c:\windows\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
    "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=

    R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswsp.sys [2008-08-15 75856]
    R2 aswfsblk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-08-15 20560]
    R2 EpmPsd;Acer EPM Power Scheme Driver;\??\c:\windows\system32\drivers\epm-psd.sys [2006-11-17 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\drivers\epm-shd.sys [2006-11-17 78208]
    R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [1980-01-01 193878]
    R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [1980-01-01 7100]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{37fe9585-95a4-4ce4-9479-843dbd0cb957} - c:\windows\system32\ssqNDuSi.dll
    WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
    HKCU-Run-eRecoveryService - (no file)
    HKLM-Run-eRecoveryService - (no file)

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-22 23:19:22
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(928)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\rsaenh.dll
    c:\windows\system32\gpkcsp.dll
    c:\windows\system32\gpkrsrc.dll

    - - - - - - - > 'lsass.exe'(984)
    c:\windows\system32\msprivs.dll
    c:\windows\system32\rsaenh.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\SYSTEM32\ATI2EVXX.EXE
    c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
    c:\windows\SYSTEM32\SCARDSVR.EXE
    c:\windows\SYSTEM32\ATI2EVXX.EXE
    c:\acer\EMANAGER\ANBMSERV.EXE
    c:\windows\SYSTEM32\RUNDLL32.EXE
    c:\windows\system32\Macromed\Flash\FlashUtil9e.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-22 23:20:26 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-11-22 22:20:26

    Avant-CF: 76 418 449 408 octets libres
    Après-CF: 76,416,155,648 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    145 --- E O F --- 2008-08-17 17:27:02

    Merci @+
    0
    1. archet9
       
      la suite demain...suis crevé et plusieurs choses a voir...
      a demain
      0
      1. MIKE123 > archet9
         
        archet9
        Je m'excuse merci pour ta précieuse aide
        @+
        0
      2. archet9 > MIKE123
         
        de rien...
        repasse MBAM en mode sans echec stp:

        Comment aller en Mode sans échec
        1) Redémarre ton ordi
        2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
        3) Tu verras un écran avec options de démarrage apparaître
        4) Choisis la première option : Sans Échec, et valide avec "Entrée"
        a+
        0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. MIKE123
     
    OK j'ai démarré mon ordinateur en mode sans échec quoi faire maintenant stl?
    0
    1. archet9
       
      le rapport stp...
      0
  7. MIKE123
     
    Il n'y a pas de rapport où peut il se trouver?
    0
    1. archet9
       
      - Une fois redémarré en mode normal double-cliques sur malwarebytes
      - Rends toi dans l'onglet rapport/log
      - Tu cliques dessus pour l'afficher une fois affiché
      - Tu cliques sur édition en haut du boc notes, et puis sur sélectionner tous
      - Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
      - Tu cliques droit dans le cadre de la réponse et coller
      0
  8. MIKE123
     
    OK j'ai compris voici le rapport

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1416
    Windows 5.1.2600 Service Pack 2

    25/08/2008 21:48:41
    mbam-log-2008-08-25 (21-48-41).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 82751
    Temps écoulé: 10 minute(s), 44 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 26
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 5
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 35

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Program Files\Mjcore\Mjcore.dll (Adware.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqqggvm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systray (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WintelUpdate (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Secondary_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Secondary Start Pages (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\Mjcore (Trojan.BHO) -> Delete on reboot.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\ssqQgGVM.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Program Files\Mjcore\Mjcore.dll (Adware.Agent) -> Delete on reboot.
    C:\mxuxc.exe (Trojan.Agent) -> Delete on reboot.
    C:\d1.exe (Trojan.TinyDownloader705) -> Delete on reboot.
    C:\WINDOWS\mrofinu1535.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifefCtS.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\tuvWonOF.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\ddcCSjKA.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\yayvTjIB.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8NYB814X\1[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP63\A0009113.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP63\A0009115.exe (Adware.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP64\A0009139.old (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP75\A0010868.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\faceback.exe (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\homepage.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo1.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo2.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo3.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo4.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo5.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo6.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promogif1.gif (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promogif2.gif (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promogif3.gif (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hcnwg4u.sys (Rootkit.Rustok) -> Delete on reboot.
    C:\WINDOWS\system32\pharma.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\other.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\finance.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\adult.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lt.res (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\index.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Merci @+
    0
    1. archet9
       
      gros malentendu.....
      tu m as reposté le 1er rapport que tuas fait...

      va en mode sans echec 'comme expliqué + haut et relance mbam...et colle le rapport stp..
      a+
      0
  9. MIKE123
     
    Bonsoir,

    ok j'ai compris voici le rapport mbma mode sans échec

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1416
    Windows 5.1.2600 Service Pack 2

    25/08/2008 21:48:41
    mbam-log-2008-08-25 (21-48-41).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 82751
    Temps écoulé: 10 minute(s), 44 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 26
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 5
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 35

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Program Files\Mjcore\Mjcore.dll (Adware.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqqggvm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systray (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WintelUpdate (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Secondary_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Secondary Start Pages (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\Mjcore (Trojan.BHO) -> Delete on reboot.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\ssqQgGVM.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Program Files\Mjcore\Mjcore.dll (Adware.Agent) -> Delete on reboot.
    C:\mxuxc.exe (Trojan.Agent) -> Delete on reboot.
    C:\d1.exe (Trojan.TinyDownloader705) -> Delete on reboot.
    C:\WINDOWS\mrofinu1535.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifefCtS.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\tuvWonOF.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\ddcCSjKA.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\yayvTjIB.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8NYB814X\1[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP63\A0009113.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP63\A0009115.exe (Adware.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP64\A0009139.old (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP75\A0010868.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\faceback.exe (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\homepage.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo1.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo2.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo3.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo4.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo5.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promo6.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promogif1.gif (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promogif2.gif (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\promogif3.gif (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hcnwg4u.sys (Rootkit.Rustok) -> Delete on reboot.
    C:\WINDOWS\system32\pharma.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\other.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\finance.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\adult.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lt.res (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\index.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Merci @+
    0
    1. archet9
       
      decidemment.....
      ton log date du 25/08
      Malwarebytes' Anti-Malware 1.30
      Version de la base de données: 1416
      Windows 5.1.2600 Service Pack 2

      25/08/2008 21:48:41

      TU REFAIS1 SCAN mbam en mode sans echec...
      a+
      0
  10. MIKE123
     
    ok je viens de refaire le mbma et voici le rapport

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1416
    Windows 5.1.2600 Service Pack 2

    24/11/2008 21:25:28
    mbam-log-2008-11-24 (21-25-28).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 79657
    Temps écoulé: 7 minute(s), 30 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Merci @+
    0
    1. archet9
       
      ok relance toolbar option 1
      et colle le rapport stp
      a+
      0
  11. MIKE123
     
    SALUT
    résultat rapport toolbar

    -----------\\ ToolBar S&D 1.2.5 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 2.00GHz )
    BIOS : Phoenix NoteBIOS 4.0 Release 6.1
    USER : acer ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1169 [VPS 081122-0] 4.8.1169 (Not Activated)
    C:\ (Local Disk) - FAT32 - Total:93 Go (Free:72 Go)
    D:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
    Option : [1] ( 24/11/2008|21:56 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (acer) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://fr.yahoo.com/"
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "search page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 25/08/2008|19:14 - Option : [2]
    2 - "C:\ToolBar SD\TB_2.txt" - 25/08/2008|20:44 - Option : [1]
    3 - "C:\ToolBar SD\TB_3.txt" - 24/11/2008|21:56 - Option : [1]

    -----------\\ Fin du rapport a 21:56:58,00

    Merci @+
    0
  12. MIKE123
     
    Bonsoir,

    Merci Archet9 de m'aider à analyser le dernier rapport toolbar

    @+
    0
    1. archet9
       
      donne moi des nouvelles du pc stp....

      a+
      0
  13. MIKE123
     
    Salut,

    mon pc est actuellement plus rapide est-il complètement nettoyé?

    Merci @+
    0