abengine : Accès internet impossible

[profwalken]

Bonjour,

Sur un Pc W7/64bits Familial, le disque était rempli de virus, je l'ai scanné à partir d'un pc sain avec AVG 2015 et éliminé un grand nombre de virus.
J'ai remis le disque sur son pc, une fois sur le bureau W7 , on a bien le réseau via DHCP, en CMD le ping répond sur le LAN et sur WAN. la résolution de nom fonctionne.

J'ai effectué un SFC / scannow --> pas de pb d'intégrité des fichiers détecté

L’accès internet via les 2 navigateurs installés ne fonctionne pas, le logiciel s'ouvre mais rien ne s'affiche.

j'ai aussi des messages systématiques au démarrage:
Une fenetre CMD s'ouvre à chaque démarrage avec taskeng (rien ne s'affiche dans cette fenetre)

Quand je souhaite lancer un EXE, par exemple adwcleaner.
msg du type : adwcleaner_4.11.exe -image incorrecte c:\windows\system32\abengine.dll n'est pas conçu pour s'executer sous windows ou il contient une erreur.......
Je crois que je suis infecté par l'adware abengine

Je ne vois pas comment sortir de cette situation sans formater et reinstaller, est ce la meilleure option?

Merci pour vos conseils,
Cordialement,
Profwalken

[angelique]

• Télécharge, transfere sur ton Bureau pas ailleurs FRST.EXE:
  
  
  
  La page de téléchargement : http://www.bleepingcomputer.com/downloa ... scan-tool/
  Le téléchargement se fait à partir des boutons bleus Download – choisissez la version 32 ou 64 bits selon l’architecture de votre système.
  (Au pire si vous êtes en 64 bits et que vous prenez la version 32 bits, vous aurez un message disant que cette version ne peux fonctionner – cela n’endommage pas le système).
  
  !! Placez le programme sur le bureau et pas ailleurs!!
• Execute FRST.EXE, accepte le disclaimer , Cochez tous les options et cliquez sur le bouton Scan.
  Le scan se lance, les éléments scannés apparaissent en haut.
• Une fois le scan terminé, une popup vous le signale et deux rapports sont générés : FRST.txt et Addition.txt ( Ces deux rapports se trouvent sur le bureau avec le programme FRST. )
  
  
  Utilise le site http://pjjoint.malekal.com/ pour envoyer ton rapport, et poste le lien dans ta prochaine réponse pour analyse.

[profwalken]

Les rapports:
http://pjjoint.malekal.com/files.php?id ... 10w8h5c7o7
http://pjjoint.malekal.com/files.php?id ... 15c5r8j9x6

[angelique]

• Ouvre le bloc-notes : Menu Démarrer / Tous les programmes / Accessoires et Bloc-Notes. (ou executer---> notepad)
  Copie/colle dedans ce qui suit :
  
  

  HKLM-x32\...\Run: [mbot_fr_81] => [X]
  IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
  IFEO\internetenhancer.exe: [Debugger] TaskList.exe
  IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
  IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
  IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
  IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
  IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
  BHO-x32: Krab Web 1.0.0.7 -> {feadf62f-aec2-46a1-a087-40149f311df9} -> C:\Program Files (x86)\Krab Web\KrabWebBHO.dll No File
  Toolbar: HKU\S-1-5-21-1061949835-1076567848-1644617993-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
  Winsock: Catalog9 01 C:\Windows\system32\abengine.dll File Not found ()
  Winsock: Catalog9 02 C:\Windows\system32\abengine.dll File Not found ()
  Winsock: Catalog9 03 C:\Windows\system32\abengine.dll File Not found ()
  Winsock: Catalog9 04 C:\Windows\system32\abengine.dll File Not found ()
  Winsock: Catalog9 15 C:\Windows\system32\abengine.dll File Not found ()
  Winsock: Catalog9-x64 01 C:\Windows\system32\abengine64.dll File Not found ()
  Winsock: Catalog9-x64 02 C:\Windows\system32\abengine64.dll File Not found ()
  Winsock: Catalog9-x64 03 C:\Windows\system32\abengine64.dll File Not found ()
  Winsock: Catalog9-x64 04 C:\Windows\system32\abengine64.dll File Not found ()
  Winsock: Catalog9-x64 05 C:\Windows\system32\MyOSProtect64.dll File Not found ()
  Winsock: Catalog9-x64 06 C:\Windows\system32\MyOSProtect64.dll File Not found ()
  Winsock: Catalog9-x64 07 C:\Windows\system32\MyOSProtect64.dll File Not found ()
  Winsock: Catalog9-x64 08 C:\Windows\system32\MyOSProtect64.dll File Not found ()
  Winsock: Catalog9-x64 19 C:\Windows\system32\MyOSProtect64.dll File Not found ()
  Winsock: Catalog9-x64 20 C:\Windows\system32\abengine64.dll File Not found ()
  CHR Extension: (elioihkkcdgakfbahdoddophfngopipi) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-09-16]
  CHR Extension: (jhodopgnkbcmfgggehanaepcofglnboh) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh [2014-10-23]
  CHR Extension: (ojkcdipcgfaekbeaelaapakgnjflfglf) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkcdipcgfaekbeaelaapakgnjflfglf [2014-09-16]
  S2 MaintainerSvc1.05.7044970; C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.exe [123632 2015-02-12] () [File not signed]
  S2 TpMfvNBXVtj; "C:\ProgramData\cYXIZoMMJw\TpMfvNBXVtj.exe" [X]
  S2 Util Krab Web; "C:\Program Files (x86)\Krab Web\bin\utilKrabWeb.exe" [X]
  S1 mwiynzm4ndy1yjz; system32\drivers\mwiynzm4ndy1yjz.sys [X]
  2015-02-09 07:42 - 2015-02-25 14:52 - 00000000 ____D () C:\Program Files (x86)\Smwyyntm1ndi1zdz
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
  Task: {3CADB76B-3F6C-4ED9-A62E-7527B428A7C5} - System32\Tasks\RunTool => C:\Users\Eric\AppData\Local\34af2826-3827-4d22-9d4e-87045376687f\sysad.exe [2015-02-12] ()
  Task: {50494F26-BA86-4E8B-8DF0-A9A0E2511F7B} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
  Task: {A66FFDAF-644E-4E58-8069-6BEE38DBD19B} - System32\Tasks\upfs7235 => C:\PROGRA~2\Flowsurf\upfs7235.exe <==== ATTENTION
  Task: {BD4669FF-E977-4BE1-83CB-E343963C970C} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
  2015-02-25 14:59 - 2014-11-19 10:19 - 00000000 ____D () C:\Program Files (x86)\0ca45c95134d
  2015-02-25 14:59 - 2014-11-19 10:18 - 00000000 ____D () C:\Program Files\WWE
  2015-02-25 14:53 - 2014-02-07 10:59 - 00000000 ____D () C:\Users\Eric\Desktop\RK_Quarantine
  C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e
  C:\ProgramData\cYXIZoMMJw
  C:\Users\Eric\AppData\Local\34af2826-3827-4d22-9d4e-87045376687f
  C:\PROGRA~2\Flowsurf
  C:\Program Files (x86)\Krab Web
  EmptyTemp:
  

• Menu Fichier / Enregistrer-sous
  Place toi sur le bureau.
  Dans le champs en bas, nom du fichier mets : fixlist.txt
  Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.
• Ferme toutes les applications, y compris ton navigateur
• Double-clique sur FRST.exe
  /!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  Sur le menu principal, clique une seule fois sur Fix et patiente le temps de la correction
  
  
  Un redémarrage peut être nécessaire (pas obligatoire).
• L'outil va créer un rapport de correction Fixlog.txt. Poste ce rapport dans ta réponse.
• Ouvre une invite de commande en tant qu'administrateur, recherche cmd < clic droit executer en tant qu'administrateur
  
  Dans la fenetre , tape et valide par enter:
  
  netsh winsock reset
• Redémarre Ѡindows

[profwalken]

Voici le fichier fixlog:

Code : Tout sélectionner

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Eric at 2015-02-26 11:04:21 Run:1
Running from C:\Users\Eric\Desktop
Loaded Profiles: Eric (Available profiles: Eric)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [mbot_fr_81] => [X]
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
BHO-x32: Krab Web 1.0.0.7 -> {feadf62f-aec2-46a1-a087-40149f311df9} -> C:\Program Files (x86)\Krab Web\KrabWebBHO.dll No File
Toolbar: HKU\S-1-5-21-1061949835-1076567848-1644617993-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Winsock: Catalog9 01 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9-x64 01 C:\Windows\system32\abengine64.dll File Not found ()
Winsock: Catalog9-x64 02 C:\Windows\system32\abengine64.dll File Not found ()
Winsock: Catalog9-x64 03 C:\Windows\system32\abengine64.dll File Not found ()
Winsock: Catalog9-x64 04 C:\Windows\system32\abengine64.dll File Not found ()
Winsock: Catalog9-x64 05 C:\Windows\system32\MyOSProtect64.dll File Not found ()
Winsock: Catalog9-x64 06 C:\Windows\system32\MyOSProtect64.dll File Not found ()
Winsock: Catalog9-x64 07 C:\Windows\system32\MyOSProtect64.dll File Not found ()
Winsock: Catalog9-x64 08 C:\Windows\system32\MyOSProtect64.dll File Not found ()
Winsock: Catalog9-x64 19 C:\Windows\system32\MyOSProtect64.dll File Not found ()
Winsock: Catalog9-x64 20 C:\Windows\system32\abengine64.dll File Not found ()
CHR Extension: (elioihkkcdgakfbahdoddophfngopipi) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-09-16]
CHR Extension: (jhodopgnkbcmfgggehanaepcofglnboh) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh [2014-10-23]
CHR Extension: (ojkcdipcgfaekbeaelaapakgnjflfglf) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkcdipcgfaekbeaelaapakgnjflfglf [2014-09-16]
S2 MaintainerSvc1.05.7044970; C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.exe [123632 2015-02-12] () [File not signed]
S2 TpMfvNBXVtj; "C:\ProgramData\cYXIZoMMJw\TpMfvNBXVtj.exe" [X]
S2 Util Krab Web; "C:\Program Files (x86)\Krab Web\bin\utilKrabWeb.exe" [X]
S1 mwiynzm4ndy1yjz; system32\drivers\mwiynzm4ndy1yjz.sys [X]
2015-02-09 07:42 - 2015-02-25 14:52 - 00000000 ____D () C:\Program Files (x86)\Smwyyntm1ndi1zdz
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
Task: {3CADB76B-3F6C-4ED9-A62E-7527B428A7C5} - System32\Tasks\RunTool => C:\Users\Eric\AppData\Local\34af2826-3827-4d22-9d4e-87045376687f\sysad.exe [2015-02-12] ()
Task: {50494F26-BA86-4E8B-8DF0-A9A0E2511F7B} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {A66FFDAF-644E-4E58-8069-6BEE38DBD19B} - System32\Tasks\upfs7235 => C:\PROGRA~2\Flowsurf\upfs7235.exe <==== ATTENTION
Task: {BD4669FF-E977-4BE1-83CB-E343963C970C} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e
C:\ProgramData\cYXIZoMMJw
C:\Users\Eric\AppData\Local\34af2826-3827-4d22-9d4e-87045376687f
C:\PROGRA~2\Flowsurf
C:\Program Files (x86)\Krab Web
EmptyTemp:

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_fr_81 => value deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ContentExplorer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancerservice.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerApp.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerAppservice.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancerservice.exe" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{feadf62f-aec2-46a1-a087-40149f311df9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{feadf62f-aec2-46a1-a087-40149f311df9}" => Key deleted successfully.
HKU\S-1-5-21-1061949835-1076567848-1644617993-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. 
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000005 => Deleted successfully.
Winsock: Catalog entry 000000000006 => Deleted successfully.
Winsock: Catalog entry 000000000007 => Deleted successfully.
Winsock: Catalog entry 000000000008 => Deleted successfully.
Winsock: Catalog entry 000000000019 => Deleted successfully.
Winsock: Catalog entry 000000000020 => Deleted successfully.
C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi => Moved successfully.
C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh => Moved successfully.
C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkcdipcgfaekbeaelaapakgnjflfglf => Moved successfully.
MaintainerSvc1.05.7044970 => Service deleted successfully.
TpMfvNBXVtj => Service deleted successfully.
Util Krab Web => Service deleted successfully.
mwiynzm4ndy1yjz => Service deleted successfully.
C:\Program Files (x86)\Smwyyntm1ndi1zdz => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\abengine" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CADB76B-3F6C-4ED9-A62E-7527B428A7C5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CADB76B-3F6C-4ED9-A62E-7527B428A7C5}" => Key deleted successfully.
C:\Windows\System32\Tasks\RunTool => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunTool" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{50494F26-BA86-4E8B-8DF0-A9A0E2511F7B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50494F26-BA86-4E8B-8DF0-A9A0E2511F7B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A66FFDAF-644E-4E58-8069-6BEE38DBD19B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A66FFDAF-644E-4E58-8069-6BEE38DBD19B}" => Key deleted successfully.
C:\Windows\System32\Tasks\upfs7235 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\upfs7235" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD4669FF-E977-4BE1-83CB-E343963C970C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD4669FF-E977-4BE1-83CB-E343963C970C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate" => Key deleted successfully.
C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e => Moved successfully.
C:\ProgramData\cYXIZoMMJw => Moved successfully.
C:\Users\Eric\AppData\Local\34af2826-3827-4d22-9d4e-87045376687f => Moved successfully.
"C:\PROGRA~2\Flowsurf" => File/Directory not found.
"C:\Program Files (x86)\Krab Web" => File/Directory not found.
EmptyTemp: => Removed 80 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 11:04:25 ====

Suite à cela j'ai passé un coup de mbam, il a trouvé encore 120 saletés à virer, puis j'ai passé ccleaner qui a aussi nettoyé la Base de registre.
La Machine à retrouvé l'accès à internet mais elle n'est pas très réactive.

[angelique]

Donc ton probleme de départ est résolu ""Accès internet impossible""


➫ supprime frst.exe, ses rapports et C:\FRST


➫ vide la quarantaine de mbam



➫ Quelques conseils :

Pour prévenir les sites malicieux, tu peux installer Blockulicious : http://forum.malekal.com/blockulicious- ... 46656.html


Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/

[profwalken]

Ok un grand merci pour cette assistance très efficace.