|
|
Auteur
|
Message
|
1
|
|
|
|
je ne sais pas comment...Mais je me suis fait prendre! Comment puis-je me débarrasser de malwarrior? J'ai mcafee security center mais...Il ne semble rien faire pour moi cette fois ci!
Merci
|
|
|
|
|
bonsoir,
Passe un coup de MalwareBytes et supprime tout ce qu'il trouve :
pour cela, suis ce tuto : http://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
Post moi le rapport généré à la fin dans ta prochaine réponse 
|
|
|
|
|
Bonsoir!
Premièrement, je tiens a vous remercier du fond du coeur de prendre le temps de m'aider.
J'ai rebooté mon ordi après le scan. Le malwarrior n'a pas réouvert, à l'ouverture de mon ordi mais je n'ai toujours pas mon gestionnaire de tâches!!
J'ai reçu 2 rapports
Voici le rapport préliminaire:
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 738
Type de recherche: Examen complet (C:\|)
Eléments examinés: 199486
Temps écoulé: 1 hour(s), 16 minute(s), 33 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 14
Processus mémoire infecté(s):
c:\Documents and Settings\Marie-Josée\Local Settings\Temp\ms1210394822.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe (Rogue.MalWarrior) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\qoMDvULB.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wyveuxyq.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\BurstWriting\BurstWriting.dll (Trojan.BHO) -> Unloaded module successfully.
C:\WINDOWS\system32\tuvUOGvt.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36dbad1f-3574-4ac2-88e5-edbdb90af5f5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{36dbad1f-3574-4ac2-88e5-edbdb90af5f5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\burstwriting.burstwriting (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\burstwriting.burstwriting.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0b0a76e7-ade1-41f4-b157-559605721b3a} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{50da37bb-7083-4fa7-80cf-de4cdb634166} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieobject.ieobjectobj (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieobject.ieobjectobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca13d72f-2dac-4d99-b08d-c5ea1c920e89} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca13d72f-2dac-4d99-b08d-c5ea1c920e89} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84febff8-945b-4f9a-b9b8-b68ec5020770} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84febff8-945b-4f9a-b9b8-b68ec5020770} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvuogvt (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a4d4bbb2 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\InetChk (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MalWarrior (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update loader (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TacOnlyOne\MalWarrior (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{84febff8-945b-4f9a-b9b8-b68ec5020770} (Trojan.Vundo) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdvulb -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdvulb -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\Documents and Settings\Marie-Josée\Local Settings\Temp\ms1210394822.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMDvULB.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\BLUvDMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BLUvDMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wyveuxyq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qyxuevyw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\BurstWriting\BurstWriting.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080510082559578.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080510110150687.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080510133836281.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080510153345296.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvUOGvt.dll (Trojan.Vundo) -> Delete on reboot.
Et Voici le 2ieme rapport:
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 738
Type de recherche: Examen complet (C:\|)
Eléments examinés: 199486
Temps écoulé: 1 hour(s), 16 minute(s), 33 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 14
Processus mémoire infecté(s):
c:\Documents and Settings\Marie-Josée\Local Settings\Temp\ms1210394822.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe (Rogue.MalWarrior) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\qoMDvULB.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wyveuxyq.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\BurstWriting\BurstWriting.dll (Trojan.BHO) -> Unloaded module successfully.
C:\WINDOWS\system32\tuvUOGvt.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36dbad1f-3574-4ac2-88e5-edbdb90af5f5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{36dbad1f-3574-4ac2-88e5-edbdb90af5f5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\burstwriting.burstwriting (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\burstwriting.burstwriting.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0b0a76e7-ade1-41f4-b157-559605721b3a} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{50da37bb-7083-4fa7-80cf-de4cdb634166} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieobject.ieobjectobj (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieobject.ieobjectobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca13d72f-2dac-4d99-b08d-c5ea1c920e89} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca13d72f-2dac-4d99-b08d-c5ea1c920e89} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84febff8-945b-4f9a-b9b8-b68ec5020770} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84febff8-945b-4f9a-b9b8-b68ec5020770} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvuogvt (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a4d4bbb2 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\InetChk (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MalWarrior (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update loader (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TacOnlyOne\MalWarrior (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{84febff8-945b-4f9a-b9b8-b68ec5020770} (Trojan.Vundo) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdvulb -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdvulb -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\Documents and Settings\Marie-Josée\Local Settings\Temp\ms1210394822.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMDvULB.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\BLUvDMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BLUvDMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wyveuxyq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qyxuevyw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\BurstWriting\BurstWriting.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080510082559578.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080510110150687.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080510133836281.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080510153345296.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvUOGvt.dll (Trojan.Vundo) -> Delete on reboot.
|
|
|
|
|
rebonsoir
J'ai refait un 2ieme nettoyage et voici le rapport la 2ieme fois!
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 738
Type de recherche: Examen complet (C:\|)
Eléments examinés: 200227
Temps écoulé: 1 hour(s), 14 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\qoMDvULB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BLUvDMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BLUvDMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wyveuxyq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvUOGvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
|
|
|
|
|
bonjour,
Télécharge ComboFix (créé par sUBs) sur ton Bureau
Démarre en mode sans échec : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
ComboFix redémarrera ton PC
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
|
|
|
|
|
Rebonjour!
J,ai eux un peu plus de difficulté cette fois Mais, je crois que j'y suis arrivé!?
voici le rapport:
ComboFix 08-05-09.1 - Marie-Josée 2008-05-11 11:24:02.2 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Marie-Josée\Mes documents\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\xummbvpv.ini
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-11 to 2008-05-11 ))))))))))))))))))))))))))))))))))))
.
2008-05-11 11:03 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-05-11 11:03 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-11 11:03 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-05-11 11:03 . 2004-08-20 11:42 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-11 11:03 . 2004-08-20 11:30 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-05-11 11:03 . 2004-08-20 11:42 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-05-11 11:03 . 2006-04-11 10:35 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-11 11:03 . 2008-05-11 11:03 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-11 11:03 . 2008-05-11 11:23 1,024 --ah----- C:\Documents and Settings\Administrateur\ntuser.dat.LOG
2008-05-10 20:19 . 2008-05-10 20:19 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-10 20:19 . 2008-05-10 20:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 20:19 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-10 20:19 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-10 15:05 . 2008-05-10 15:05 4,078 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-10 15:04 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-10 15:04 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-10 15:04 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-10 15:04 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-10 15:04 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-10 15:04 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-10 15:04 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-10 08:26 . 2008-05-10 08:26 <REP> d-------- C:\Program Files\BurstWriting
2008-05-10 00:47 . 2008-05-10 00:47 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-04 21:01 . 2008-05-04 21:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-04 21:01 . 2008-05-04 21:01 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 15:32 --------- d-----w C:\Program Files\Morpheus
2008-05-11 05:53 --------- d-----w C:\Program Files\Media Resizer
2008-05-10 05:26 --------- d-----w C:\Program Files\McAfee
2008-05-03 14:17 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-03 11:25 --------- d-----w C:\Program Files\Dl_cats
2008-04-30 22:38 --------- d-----w C:\Program Files\Java
2008-03-23 06:52 --------- d-----w C:\Program Files\Windows Live
2008-03-21 15:55 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-21 15:54 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-21 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-07 20:18 360448]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2005-04-18 12:16 73728]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="C:\Program Files\McAfee.com\Shredder\SHRED32.exe" [2005-07-15 00:51 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12 98304]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 11:40 430080]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 09:50 73728]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 03:49 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-06-07 02:41 185896]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Jeu\\rct\\RCT\\RCT.exe"=
"C:\\Jeu\\Age Of Empires II\\age2_x1.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-11 15:32:38 C:\WINDOWS\Tasks\ActiveShield.job"
- C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
"2008-05-10 00:00:00 C:\WINDOWS\Tasks\Analyse McAfee.com - Mon ordinateur (1) (KADOU-Marie-Josée).job"
Y a t'il autres choses que je peux faire?
Merci
|
|
|
|
|
Télécharge HijackThis
Guide d'utilisation : http://mickael.barroux.free.fr/securite/hijackthis.php
Clique alors sur "Do a system scan and save a logfile"
Le scan se fait très rapidement, puis un bloc-note apparaît
(le "logfile")
Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
le texte est alors séléctionné, retourne dans "Edition" toujours
en laissant le texte séléctionné, et clique sur copier.
Colle le contenu ici dans ta prochaine réponse !
|
|
|
|
|
rebonjour!
beaucoup plus simple cette fois! ouf! Dois-je fix checked?
merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:26, on 2008-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\DOCUME~1\MARIE-~1\LOCALS~1\TEMPOR~1\Content.SH! C:\DOCUME~1\MARIE-~1\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\MARIE-~1\LOCALS~1\TEMPOR~1\Content.IE5\BAL66D7V\QLOPGZ~1.SH! C:\DOCUME~1\MARIE-~1\LOCALS~1\HISTOR~1\History.SH!
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?e706334e9482414c8312c7ae4629f151
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?e706334e9482414c8312c7ae4629f151
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
--
End of file - 11591 bytes
|
|
|
|
|
Fais un scan BitDefender en ligne (avec Internet Explorer pas avec Firefox !)
(clique à gauche sur scan online).
et post moi le rapport de ce scan ici une fois terminé !
Guide d'utilisation de Bitdefender en ligne (merci Bruce Lee) : http://cybersecurite.xooit.com/t201-Scan-en-ligne-BitDefender.htm
bonne soirée 
|
|
|
|
|
Bonsoir!
Je crois que j'ai manqué le rapport? En tout cas, je le trouve pas dans le bureau (je ne sais pas le nom du fichier peut-etre?)
Alors, je vais recommencer( avec bitdefender)
merci
|
|
|
|
|
Bonsoir!
Je crois que je n'y arrive pas?
Voici ce que j'ai (du 2ieme scan)
BitDefender Online Scanner - Real Time Virus Report
Generated at: Sun, May 11, 2008 - 23:08:28
--------------------------------------------------------------------------------
Scan Info
Scanned Files
506340
Infected Files
2
Virus Detected
Adware.Webdir.B
1
Adware.SpySheriff.BS
1
--------------------------------------------------------------------------------
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
Merci
|
|
|
|
|
|
bonjour, tu n'as plus de souci ?
|
|
|
|
|
Bonjour!
Je crois que je n'ai plus de souci mais comment en être certaine?
|
|
|
|
|
bonjour,
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
Double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée !!!
Copie le texte qui se trouve dans l'encadré ci-dessous, et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved.
C:\WINDOWS\system32\kr_done1de\
Clique sur MoveIt! pour lancer la suppression.
Si OTMoveIt propose de redémarrer ton PC, accepte.
Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.
Dans ta future réponse, envoie le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.
|
|
|
|
|
Bonjour!
OTMoveIt dit:
Cannot create file C:\_OTMoveit\movedFiles\05132008_081514.log.
Je ne trouve pas le rapport
|
|
|
|
|
ok donc c'est bon ton pc est propre
Suppression des outils :
Télécharge ToolsCleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/toolscleaner-34055291-avis-opinion(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Tutorial ici : http://bibou0007.com/tutos-f45/tutorial-toolscleaner-2-t375.htm
Supprime tous les rapports qui sont apparus lors des divers scans
Edite ton premier post avec  et mets [resolu] devant le titre de ton sujet.
Voici quelques liens pour des conseils en sécurité :
Mon site Web sur la sécurité informatique !
Comment protéger son PC pour éviter d'être infecté ?
Prends le temps de les lire car elles sont très enréchissantes.
Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapporte ton infection :
- Voir les règles de Malware-Complaints
- Enregistre sur le forum à partir du bouton register en haut :
Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age
Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10&sid=0ea0981a2025873f(...)
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10
au plaisir et bonne journée 
|
|
|
1
|
|
|
|
