Virus : Virtumonde

Nicow -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Je suis infesté de virus. Il y en a notamment 1 qui me donne plus de mal il s'agit de virtumonde. J'ai testé plusieurs antivirus antispyware et utilitaires dédiés à ce virus mais rien : il ne part pas.
J'ai testé la procédure que vous proposez dans votre rubrique astuce : Supprimer le trojan Vundo/Virtumonde
Publié par green day, dernière mise à jour le dimanche 30 novembre 2008 à 20:16:56 par Destrio5. Je ne me suis pa lancé dans l'utilisation de Combofix car je vais pas savoir me dépatouiller en cas de problème.
Donc j'ai utilisé Malwarebytes' Anti-Malware (MBAM).

Ensuite j'ai aussi suivi la procédure Ccleaner + Anti spyware + Bit defender + HiJAckthis que vous conseillez sur votre rubrique astuce : [Virus] Méthode préliminaire de désinfection
Publié par Kristopher, dernière mise à jour le mardi 18 novembre 2008 à 18:06:14 par gobiel.

Voici les logs:

SPYBOT
(dsl mais il m'a enregistrer le log en xps que je ne sais pas ouvrir, mais j'ai récupéré les deux erreurs que j'ai corrigé apres ce scan) :
Virtumonde.prx
Réglages Autorun (funkavimiso)
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\Current\Version\run\funkavisimo

Virtumonde
Réglage utilisateur
HKEY_USERS\S-1-5-20-448539723-20255429265-839522115-10003\Software\Microsoft\fias4013

BITDEFENDER

BitDefender Online Scanner

Scan report generated at: Sat, Dec 13, 2008 - 20:21:16

Scan path: C:\;D:\;E:\;O:\;

Statistics

Time

00:57:42

Files

310980

Folders

7668

Boot Sectors

0

Archives

2163

Packed Files

34159

Results

Identified Viruses

1

Infected Files

1

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

1

Engines Info

Virus Definitions

2349318

Engine build

AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins

17

Archive plugins

45

Unpack plugins

7

E-mail plugins

6

System plugins

4

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\System Volume Information\_restore{78EDCBA2-D056-4BD9-B9A9-D4DFA230FA30}\RP1\A0000072.exe

Infected with: Trojan.FakeAlert.AQE

C:\System Volume Information\_restore{78EDCBA2-D056-4BD9-B9A9-D4DFA230FA30}\RP1\A0000072.exe

Deleted

LOG DE HIJACKTHIS ---------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:59, on 13/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
d:\programmes\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
D:\Programmes\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
D:\Programmes\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9DE35362-8808-444E-BA2A-0F0721D0A639} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {e3c0e565-1638-4672-9b1d-f7102c4b187c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Programmes\eMule\emule.exe -AutoStart
O4 - Global Startup: Device Detector 3.lnk.disabled
O4 - Global Startup: ICON 225 USB Connect.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bl107fd.blu107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: cwnvpp.dll c:\windows\system32\lolajeyo.dll c:\windows\system32\poveyawi.dll
O20 - Winlogon Notify: geBqOfdB - geBqOfdB.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\programmes\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Programmes\CDBurnerXP\NMSAccessU.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7716 bytes

___________________________________________________________________________________________

Voila. Vous savez tout sur les quelques octets que me rendent fous en ce moment.
J'espère que vous pourrez faire quelque chose avec ça.

Salut,
Nico

Configuration: Windows XP
Firefox 3.0.4
AMD Athlon XP2 dual core 1,9GO
Win XP SP2

11 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    ___________________

    puis remets un rapports hijakhcits
    0
  2. Nicow
     
    et la console de récuperation tout ça ... pas la peine selon toi JLPJLP ?
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu peux la mettre

    sinon pas grave
    0
  4. Nicow
     
    Salut JPL JPL t toujours là ? Bon voici mon log.

    ComboFix 08-12-12.05 - Vicky 2008-12-13 21:32:46.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1918.1488 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Vicky\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\sojohehu.exe

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://77.74.48.105
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-13 au 2008-12-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-13 19:18 . 2008-12-13 20:23 <REP> d-------- c:\windows\BDOSCAN8
    2008-12-12 16:18 . 2008-12-12 16:18 <REP> d-------- c:\documents and settings\Vicky\Application Data\Malwarebytes
    2008-12-12 16:18 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-12 16:17 . 2008-12-12 16:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-12 16:17 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-12 14:06 . 2007-07-16 17:27 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2008-12-12 14:06 . 2007-07-16 17:27 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-12 14:06 . 2007-07-16 16:32 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2008-12-12 14:06 . 2007-07-16 17:27 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
    2008-12-12 14:06 . 2007-07-16 17:27 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2008-12-12 14:06 . 2007-07-16 17:27 <REP> d-------- c:\documents and settings\Administrateur\Favoris
    2008-12-12 14:06 . 2007-07-16 17:27 <REP> d-------- c:\documents and settings\Administrateur\Bureau
    2008-12-12 14:06 . 2008-12-12 14:06 <REP> d-------- c:\documents and settings\Administrateur
    2008-12-12 13:30 . 2008-12-12 13:30 <REP> d-------- c:\program files\Sunbelt Software
    2008-12-12 13:30 . 2008-10-31 07:09 270,888 -ra------ c:\windows\system32\drivers\SbFw.sys
    2008-12-12 13:30 . 2008-06-21 04:54 65,576 --a------ c:\windows\system32\drivers\SbFwIm.sys
    2008-12-11 22:57 . 2008-12-12 14:32 210 --a------ c:\windows\wininit.ini
    2008-12-11 19:04 . 2008-12-11 19:04 <REP> d-------- c:\program files\Lavasoft
    2008-12-11 19:04 . 2008-12-11 19:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2008-12-09 20:12 . 2006-01-28 10:00 241,664 --------- c:\windows\system32\ZSetupInstaller.dll
    2008-11-22 12:03 . 2008-11-22 12:03 664 --a------ c:\windows\system32\d3d9caps.dat
    2008-11-21 21:47 . 2008-12-13 13:51 <REP> d-------- c:\documents and settings\Vicky\dwhelper
    2008-11-16 18:21 . 2008-11-16 18:21 <REP> d-------- c:\program files\Orange
    2008-11-15 14:47 . 2008-11-15 15:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Birdstep Technology
    2008-11-15 14:46 . 2008-11-15 14:46 <REP> d-------- c:\program files\Huawei Modems
    2008-11-15 14:46 . 2007-08-08 11:12 101,120 --a------ c:\windows\system32\drivers\ewusbmdm.sys
    2008-11-15 14:46 . 2008-11-15 14:46 69,361 --a------ c:\windows\Huawei ModemsUninstall.exe
    2008-11-15 14:46 . 2007-08-08 11:13 24,448 --a------ c:\windows\system32\drivers\ewdcsc.sys
    2008-11-14 19:07 . 2008-11-14 19:07 <REP> d-------- c:\program files\Seagate
    2008-11-14 18:58 . 2008-12-11 21:03 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-09 20:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-11-26 09:40 --------- d-----w c:\documents and settings\Vicky\Application Data\Skype
    2008-11-15 13:46 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-05 19:06 --------- d-----w c:\documents and settings\Vicky\Application Data\SharePod
    2008-11-05 18:58 --------- d-----w c:\program files\iPod
    2008-11-05 18:58 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-05 18:57 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-11-05 18:57 --------- d-----w c:\program files\Bonjour
    2008-11-05 00:09 --------- d-----w c:\program files\Apple Software Update
    2008-10-25 11:59 --------- d-----w c:\program files\Executive Software
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="d:\programmes\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 68856]
    "eMuleAutoStart"="d:\programmes\eMule\emule.exe" [2007-05-13 5308416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Device Detector 3.lnk.disabled [2008-03-29 1656]
    ICON 225 USB Connect.lnk.disabled [2008-11-16 957]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"=c:\windows\system32\ctfmon.exe
    "DAEMON Tools"="d:\programmes\DAEMON Tools\daemon.exe" -lang 1033 -noicon
    "eMuleAutoStart"=d:\programmes\eMule\emule.exe -AutoStart
    "IPEVO Control Center"=d:\programmes\ipevo\IPEVO Control Center.exe -startup
    "SpybotSD TeaTimer"=d:\programmes\Spybot - Search & Destroy\TeaTimer.exe
    "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "Broadcom Wireless Manager UI"=c:\windows\system32\WLTRAY.exe
    "iTunesHelper"="d:\programmes\iTunes\iTunesHelper.exe"
    "QuickTime Task"="d:\programmes\QTTask.exe" -atboottime
    "SigmatelSysTrayApp"=stsystra.exe
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe"
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "d:\\Programmes\\Picasa2\\Picasa2.exe"=
    "d:\\Mes documents\\DSSPlayer\\TpstWnd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Programmes\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\WINDOWS\\system32\\services.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "c:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
    "c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
    "c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
    "d:\\Programmes\\a-squared Free\\a2service.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4123:TCP"= 4123:TCP:eMule_TCP
    "43592:UDP"= 43592:UDP:eMule_UDP
    "80:TCP"= 80:TCP:Picassa
    "80:UDP"= 80:UDP:Picassa

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-09 111184]
    R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-12-12 270888]
    R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-09 20560]
    R2 GtDetectSc;GtDetectSc;"c:\program files\Orange\ICON 225 USB Connect\GtDetectSc.exe" [2007-12-18 196704]
    R2 SbPF.Launcher;SbPF.Launcher;"c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe" [2008-10-31 95528]
    R2 SPF4;Sunbelt Personal Firewall 4;"c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe" [2008-10-31 1365288]
    R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-12-12 65576]
    R3 SNXUAAAF;Sonix USB Audio Lower Filter Driver;c:\windows\system32\DRIVERS\SNXUAAAF.sys [2008-08-17 14269]
    S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]
    S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]
    S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-07-02 337800]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04663e4e-fc56-11dc-91da-00197eaf455f}]
    \Shell\Auto\command - F:\UFO.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c1a856-b31b-11dd-93c7-fd2dd3828dfe}]
    \Shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c1a858-b31b-11dd-93c7-fd2dd3828dfe}]
    \Shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20985950-1d74-11dd-9230-00197eaf455f}]
    \Shell\Auto\command - F:\UFO.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2150b3f2-ff73-11dc-91e1-00197eaf455f}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2815de00-f17d-11dc-91be-00197eaf455f}]
    \Shell\Auto\command - F:\UFO.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b06f26b-1217-11dd-9214-00197eaf455f}]
    \Shell\Auto\command - G:\UFO.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afbb43ba-a286-11dc-90e9-0019b97614d0}]
    \Shell\Auto\command - G:\UFO.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1b5863b-a503-11dc-90f3-0019b97614d0}]
    \Shell\Auto\command - F:\auto.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5a0681a-4fcf-11dc-b50b-0019b97614d0}]
    \Shell\Auto\command - G:\UFO.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e604742e-b402-11dd-93d0-00197eaf455f}]
    \Shell\AutoRun\command - F:\setup.exe AUTORUN=1
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{9DE35362-8808-444E-BA2A-0F0721D0A639} - (no file)
    BHO-{e3c0e565-1638-4672-9b1d-f7102c4b187c} - (no file)
    Notify-geBqOfdB - geBqOfdB.dll
    MSConfigStartUp-fukavimiso - c:\windows\system32\vetariwo.dll

    .
    ------- Examen supplémentaire -------
    .
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Vicky\Application Data\Mozilla\Firefox\Profiles\8y1no2jt.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: c:\program files\DivX\DivX Content Uploader\npUpload.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
    FF - plugin: d:\programmes\Firefox\plugins\npdivx32.dll
    FF - plugin: d:\programmes\Firefox\plugins\npnul32.dll
    FF - plugin: d:\programmes\Firefox\plugins\NPOFFICE.DLL
    FF - plugin: d:\programmes\Firefox\plugins\nppdf32.dll
    FF - plugin: d:\programmes\Firefox\plugins\nppl3260.dll
    FF - plugin: d:\programmes\Firefox\plugins\npqtplugin.dll
    FF - plugin: d:\programmes\Firefox\plugins\npqtplugin2.dll
    FF - plugin: d:\programmes\Firefox\plugins\npqtplugin3.dll
    FF - plugin: d:\programmes\Firefox\plugins\npqtplugin4.dll
    FF - plugin: d:\programmes\Firefox\plugins\npqtplugin5.dll
    FF - plugin: d:\programmes\Firefox\plugins\npqtplugin6.dll
    FF - plugin: d:\programmes\Firefox\plugins\npqtplugin7.dll
    FF - plugin: d:\programmes\Firefox\plugins\nprjplug.dll
    FF - plugin: d:\programmes\Firefox\plugins\nprpjplug.dll
    FF - plugin: d:\programmes\Firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: d:\programmes\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: d:\programmes\Plugins\npqtplugin.dll
    FF - plugin: d:\programmes\Plugins\npqtplugin2.dll
    FF - plugin: d:\programmes\Plugins\npqtplugin3.dll
    FF - plugin: d:\programmes\Plugins\npqtplugin4.dll
    FF - plugin: d:\programmes\Plugins\npqtplugin5.dll
    FF - plugin: d:\programmes\Plugins\npqtplugin6.dll
    FF - plugin: d:\programmes\Plugins\npqtplugin7.dll
    FF - plugin: d:\programmes\Real player\Netscape6\nppl3260.dll
    FF - plugin: d:\programmes\Real player\Netscape6\nprjplug.dll
    FF - plugin: d:\programmes\Real player\Netscape6\nprpjplug.dll
    FF - plugin: d:\programmes\VLC\npvlc.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-13 21:41:07
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(672)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\System32\BCMLogon.dll

    - - - - - - - > 'explorer.exe'(2572)
    c:\program files\Windows Media Player\wmpband.dll
    d:\programmes\iTunes\iTunesMiniPlayer.dll
    d:\programmes\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
    d:\programmes\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\WLTRYSVC.EXE
    c:\windows\system32\BCMWLTRY.EXE
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    d:\programmes\a-squared Free\a2service.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Olympus\DeviceDetector\DM1Service.exe
    d:\programmes\CDBurnerXP\NMSAccessU.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-12-13 21:44:34 - La machine a redémarré [Vicky]
    ComboFix-quarantined-files.txt 2008-12-13 20:44:27

    Avant-CF: 725 409 792 octets libres
    Après-CF: 664,420,352 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn /usepmtimer

    268 --- E O F --- 2007-09-28 17:19:12
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Telecharge UsbFix sur ton bureau
    http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

    --> Lance l installation avec les parametres par default

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    --> Double clic sur le raccourci UsbFix sur ton bureau

    --> Le pc va redémarer

    -->Apres redémarrage post le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
    Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
    0
  7. Nicow
     
    impossible de poster mon log !!!

    peux tu m'envoyer ton adresse mail sur nicowpons@hotmail.com et je te transmet le log.

    je ne comprends pas g essayé hier aujourd'hui... rien?
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  9. Nicow
     
    slt

    LOG.TXT

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Vicky at 2008-12-14 20:09:19
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 616 MB (6%) free of 10 GB
    Total RAM: 1918 MB (70% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:09:26, on 14/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    D:\Programmes\eMule\emule.exe
    C:\WINDOWS\system32\spoolsv.exe
    d:\programmes\a-squared Free\a2service.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
    C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
    D:\Programmes\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Documents and Settings\Vicky\Bureau\RSIT.exe
    D:\Programmes\HijackThis\Vicky.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmes\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] D:\Programmes\eMule\emule.exe -AutoStart
    O4 - Global Startup: Device Detector 3.lnk.disabled
    O4 - Global Startup: ICON 225 USB Connect.lnk.disabled
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
    O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
    O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bl107fd.blu107.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\programmes\a-squared Free\a2service.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
    O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMSAccessU - Unknown owner - D:\Programmes\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    utilise pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
    (dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
    https://www.malekal.com/tutoriel-ccleaner/
    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    ________________

    mettre a jour internet explorer
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
    ________________

    mettre a jour java:

    Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
    Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
    Double-clique sur le répertoire JavaRa obtenu.
    Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
    Clique sur Search For Updates.
    Sélectionne Update Using jucheck.exe puis clique sur Search.
    Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
    Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
    Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
    Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
    Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
    (c:\JavaRa.log)
    Ferme l'application.

    si cela ne fonctionne pas

    https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

    tu peux désinstaller les vieilles versions.

    _______________________

    si tout es ok

    désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
    puis redemarre ton ordi
    puis réactive la

    encore des soucis?
    0
  11. Nicow
     
    Pffffffffffffff,

    Ca y est je suis clean d'apres deux antispyware et 1 anti virus.

    MErci BEAUCOUP jpljpl, tu m'a bien aidé. d'ailleurs maintenant que je n'ai plus besoins de toi je peux te le dire : c'est pas un nom ca jpljpl, lol.

    C'est super ce que vous faites vous tous les assistants antivirus anonymes du web.

    Salut

    JavaRa 1.12 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Tue Dec 16 20:33:43 2008

    Found and removed: C:\Program Files\Java\jre1.5.0_06

    Found and removed: Software\JavaSoft\Java2D\1.5.0_06

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

    Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

    ------------------------------------

    Finished reporting.
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    bonne suite!
    0