Sujet Précédent Sujet Suivant

Rapport TOOLBAR

Fermé
MIKE123 - 22 nov. 2008 à 20:27
 MIKE123 - 27 nov. 2008 à 19:52
Bonjour,

Merci d'analyser mon rapport TOOLBAR


-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 2.00GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : acer ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1169 [VPS 081121-0] 4.8.1169 (Activated)
C:\ (Local Disk) - FAT32 - Total:93 Go (Free:71 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (USB) - FAT - Total:255 Mo (Free:0 Go)
F:\ (USB) - FAT - Total:983 Mo (Free:0 Go)
G:\ (USB) - FAT - Total:1927 Mo (Free:0 Go)
H:\ (USB) - FAT32 - Total:982 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 25/08/2008|20:43 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(acer) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://toolbar.ask.com/toolbarv/askRedirect?o=13157&gct=&gc=1&q="
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\iSuDNqss.ini
C:\WINDOWS\system32\iSuDNqss.ini2
[b]==> VUNDO <==/b




1 - "C:\ToolBar SD\TB_1.txt" - 25/08/2008|19:14 - Option : [2]
2 - "C:\ToolBar SD\TB_2.txt" - 25/08/2008|20:44 - Option : [1]

-----------\\ Fin du rapport a 20:44:16,85

@+

12 réponses

Réponse 1 / 12
Utilisateur anonyme
22 nov. 2008 à 20:29
Fait un scan avec MalwareBytes' antimalware et poste le rapport généré
0
MIKE123
22 nov. 2008 à 20:39
Salut

Comment faire le scan malwarebytes
0
Utilisateur anonyme > MIKE123
22 nov. 2008 à 20:57
bonsoir

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´installes; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

a+
0
Réponse 2 / 12
MIKE123
22 nov. 2008 à 21:39
Salut,

voici le rapport de nettoyage Melwarebytes

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1416
Windows 5.1.2600 Service Pack 2

25/08/2008 21:48:41
mbam-log-2008-08-25 (21-48-41).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 82751
Temps écoulé: 10 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 35

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Mjcore\Mjcore.dll (Adware.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqqggvm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systray (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WintelUpdate (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Secondary_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Secondary Start Pages (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Delete on reboot.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ssqQgGVM.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore\Mjcore.dll (Adware.Agent) -> Delete on reboot.
C:\mxuxc.exe (Trojan.Agent) -> Delete on reboot.
C:\d1.exe (Trojan.TinyDownloader705) -> Delete on reboot.
C:\WINDOWS\mrofinu1535.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifefCtS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuvWonOF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ddcCSjKA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yayvTjIB.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8NYB814X\1[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP63\A0009113.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP63\A0009115.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP64\A0009139.old (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP75\A0010868.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\faceback.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\homepage.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo1.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo2.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo3.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo4.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo5.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo6.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promogif1.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promogif2.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promogif3.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcnwg4u.sys (Rootkit.Rustok) -> Delete on reboot.
C:\WINDOWS\system32\pharma.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\other.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\finance.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adult.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lt.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\index.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Merci @+
0
Utilisateur anonyme
22 nov. 2008 à 21:55
vas ds malwarebytes et supprime tout ce qui est en quarentaine....
ensuite:

>Télécharge HiJackThis : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
- Lance le programme, puis sélectionne < do a system scan and save a logfile >
- Enregistre le rapport sur ton bureau.
Et envoie, par copier/coller, ton log Hijackthis sur le forum,


A+

Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
0
Réponse 3 / 12
MIKE123
22 nov. 2008 à 22:13
Merci voici le rapport HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:32, on 25/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\acer\Local Settings\Temporary Internet Files\Content.IE5\GTUV8LYZ\BSG053[1].exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE
C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13157&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13157&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {37fe9585-95a4-4ce4-9479-843dbd0cb957} - C:\WINDOWS\system32\ssqNDuSi.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8029E19-0DC6-4573-8C8A-1E390B34AF85}: NameServer = 10.10.1.202 192.168.20.5
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
0
Utilisateur anonyme
22 nov. 2008 à 22:23
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt


A+
0
Réponse 4 / 12
MIKE123
22 nov. 2008 à 23:27
MERCI VOICI LE RAPPORT COMBOFIX

ComboFix 08-11-22.02 - acer 2008-11-22 23:16:05.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.675 [GMT 1:00]
Lancé depuis: c:\documents and settings\acer\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bcddkdtb.ini
c:\windows\system32\iSuDNqss.ini
c:\windows\system32\iSuDNqss.ini2
c:\windows\system32\sn.txt
c:\windows\system32\xwoljies.ini
c:\windows\system32\xxjgjieo.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hcnwg4u


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-22 au 2008-11-22 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 11:46 160496 --a------ c:\program files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2008-08-22 2084480]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-01-21 2889216]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296]
"PowerDVD"="c:\program files\CyberLink\PowerDVD\PowerDVD.exe" [2004-08-27 430080]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 c:\windows\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 c:\windows\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 c:\windows\ALCWZRD.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswsp.sys [2008-08-15 75856]
R2 aswfsblk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-08-15 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\c:\windows\system32\drivers\epm-psd.sys [2006-11-17 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\drivers\epm-shd.sys [2006-11-17 78208]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [1980-01-01 193878]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [1980-01-01 7100]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{37fe9585-95a4-4ce4-9479-843dbd0cb957} - c:\windows\system32\ssqNDuSi.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-eRecoveryService - (no file)
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 23:19:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpkcsp.dll
c:\windows\system32\gpkrsrc.dll

- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\windows\SYSTEM32\SCARDSVR.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\acer\EMANAGER\ANBMSERV.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\windows\system32\Macromed\Flash\FlashUtil9e.exe
.
**************************************************************************
.
Heure de fin: 2008-11-22 23:20:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-22 22:20:26

Avant-CF: 76 418 449 408 octets libres
Après-CF: 76,416,155,648 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

145 --- E O F --- 2008-08-17 17:27:02

Merci @+
0
Utilisateur anonyme
23 nov. 2008 à 00:07
la suite demain...suis crevé et plusieurs choses a voir...
a demain
0
MIKE123 > Utilisateur anonyme
23 nov. 2008 à 19:11
archet9
Je m'excuse merci pour ta précieuse aide
@+
0
Utilisateur anonyme > MIKE123
23 nov. 2008 à 19:30
de rien...
repasse MBAM en mode sans echec stp:

Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
MIKE123
23 nov. 2008 à 20:02
OK j'ai démarré mon ordinateur en mode sans échec quoi faire maintenant stl?
0
Utilisateur anonyme
23 nov. 2008 à 20:23
le rapport stp...
0
Réponse 6 / 12
MIKE123
23 nov. 2008 à 20:58
Il n'y a pas de rapport où peut il se trouver?
0
Utilisateur anonyme
23 nov. 2008 à 21:17
- Une fois redémarré en mode normal double-cliques sur malwarebytes
- Rends toi dans l'onglet rapport/log
- Tu cliques dessus pour l'afficher une fois affiché
- Tu cliques sur édition en haut du boc notes, et puis sur sélectionner tous
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu cliques droit dans le cadre de la réponse et coller
0
Réponse 7 / 12
MIKE123
23 nov. 2008 à 21:30
OK j'ai compris voici le rapport

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1416
Windows 5.1.2600 Service Pack 2

25/08/2008 21:48:41
mbam-log-2008-08-25 (21-48-41).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 82751
Temps écoulé: 10 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 35

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Mjcore\Mjcore.dll (Adware.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqqggvm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systray (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WintelUpdate (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Secondary_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Secondary Start Pages (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Delete on reboot.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ssqQgGVM.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore\Mjcore.dll (Adware.Agent) -> Delete on reboot.
C:\mxuxc.exe (Trojan.Agent) -> Delete on reboot.
C:\d1.exe (Trojan.TinyDownloader705) -> Delete on reboot.
C:\WINDOWS\mrofinu1535.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifefCtS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuvWonOF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ddcCSjKA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yayvTjIB.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8NYB814X\1[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP63\A0009113.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP63\A0009115.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP64\A0009139.old (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP75\A0010868.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\faceback.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\homepage.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo1.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo2.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo3.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo4.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo5.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo6.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promogif1.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promogif2.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promogif3.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcnwg4u.sys (Rootkit.Rustok) -> Delete on reboot.
C:\WINDOWS\system32\pharma.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\other.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\finance.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adult.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lt.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\index.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Merci @+
0
Utilisateur anonyme
23 nov. 2008 à 21:43
gros malentendu.....
tu m as reposté le 1er rapport que tuas fait...

va en mode sans echec 'comme expliqué + haut et relance mbam...et colle le rapport stp..
a+
0
Réponse 8 / 12
MIKE123
24 nov. 2008 à 20:19
Bonsoir,

ok j'ai compris voici le rapport mbma mode sans échec


Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1416
Windows 5.1.2600 Service Pack 2

25/08/2008 21:48:41
mbam-log-2008-08-25 (21-48-41).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 82751
Temps écoulé: 10 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 35

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Mjcore\Mjcore.dll (Adware.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqqggvm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c83f6149-4782-4dab-a478-96f195a376a2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systray (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WintelUpdate (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Secondary_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Secondary Start Pages (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Delete on reboot.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ssqQgGVM.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore\Mjcore.dll (Adware.Agent) -> Delete on reboot.
C:\mxuxc.exe (Trojan.Agent) -> Delete on reboot.
C:\d1.exe (Trojan.TinyDownloader705) -> Delete on reboot.
C:\WINDOWS\mrofinu1535.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifefCtS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuvWonOF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ddcCSjKA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yayvTjIB.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8NYB814X\1[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP63\A0009113.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP63\A0009115.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP64\A0009139.old (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP75\A0010868.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\faceback.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\homepage.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo1.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo2.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo3.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo4.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo5.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promo6.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promogif1.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promogif2.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\promogif3.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcnwg4u.sys (Rootkit.Rustok) -> Delete on reboot.
C:\WINDOWS\system32\pharma.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\other.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\finance.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adult.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lt.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\index.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Merci @+
0
Utilisateur anonyme
24 nov. 2008 à 20:35
decidemment.....
ton log date du 25/08
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1416
Windows 5.1.2600 Service Pack 2

25/08/2008 21:48:41

TU REFAIS1 SCAN mbam en mode sans echec...
a+
0
Réponse 9 / 12
MIKE123
24 nov. 2008 à 21:29
ok je viens de refaire le mbma et voici le rapport

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1416
Windows 5.1.2600 Service Pack 2

24/11/2008 21:25:28
mbam-log-2008-11-24 (21-25-28).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 79657
Temps écoulé: 7 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Merci @+
0
Utilisateur anonyme
24 nov. 2008 à 21:48
ok relance toolbar option 1
et colle le rapport stp
a+
0
Réponse 10 / 12
MIKE123
24 nov. 2008 à 21:58
SALUT
résultat rapport toolbar


-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 2.00GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : acer ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1169 [VPS 081122-0] 4.8.1169 (Not Activated)
C:\ (Local Disk) - FAT32 - Total:93 Go (Free:72 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 24/11/2008|21:56 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(acer) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://fr.yahoo.com/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"search page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 25/08/2008|19:14 - Option : [2]
2 - "C:\ToolBar SD\TB_2.txt" - 25/08/2008|20:44 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 24/11/2008|21:56 - Option : [1]

-----------\\ Fin du rapport a 21:56:58,00

Merci @+
0
Réponse 11 / 12
MIKE123
25 nov. 2008 à 18:44
Bonsoir,

Merci Archet9 de m'aider à analyser le dernier rapport toolbar

@+
0
Utilisateur anonyme
25 nov. 2008 à 20:28
donne moi des nouvelles du pc stp....

a+
0
Réponse 12 / 12
MIKE123
27 nov. 2008 à 19:52
Salut,

mon pc est actuellement plus rapide est-il complètement nettoyé?

Merci @+
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
Probleme bogue
Ines -
Pimmer -

1 réponse