Sujet Précédent Sujet Suivant

Ordi infecte besoin d aide

worm1982 Messages postés 78 Statut Membre -  
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,mon ordi est infecte de toute part... je peux meme plus ouvrir internet explorer pis jai plein de pop up d antivirus qui me dise que mon ordi est infecte... qqun pourrait il m assister pour regler le tout merci!
A voir également:

29 réponses

  • 1
  • 2
Réponse 1 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Plusieurs infections.

Télécharge LopS&D (de eric_71)
= = = = >>> En cliquant ici <<< = = = =

Enregistre le fichier sur ton bureau.
Clique droit sur le fichier téléchargé (LopSD.exe) puis sélectionne ‘Exécuter en tant qu’administrateur’.
Une fois le programme lancé tape F pour être en Français.
Réponds OK au message d’alerte qui s’affiche.
Puis exécute l’option 1, Recherche.
Un rapport sera généré.
Poste son intégralité ici.
Note :
Le rapport se trouve ici : C:\LopR.txt
Petit tutorial si besoin ICI.
2
Réponse 2 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Salut,

Désactive l’UAC (User Account Control) le temps de la désinfection.
Démarrer > Panneau de configuration > Comptes d’utilisateurs > Désactiver le contrôle des comptes d’utilisateur.
(Manipulation inverse pour le remettre en fin de désinfection).
(Cela va permettre aux outils de désinfection de travailler correctement).

********

- Télécharge HijackThis Version 2.02 :
= = = = >>> En cliquant ici <<< = = = =

- Enregistre HJTInstall.exe sur ton bureau.
- Clique droit sur HJTInstall.exe puis sélectionne ‘Exécuter en tant qu’administrateur’ afin de lancer l’installation
- Clique sur Install, ensuite sur ‘I Accept
- Clique sur ‘Do a scan system and save log file
- Le bloc-notes s’ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
0
Réponse 3 / 29
worm1982 Messages postés 78 Statut Membre
 
voici le log de hijackthis merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:31, on 2009-04-18
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Video Flash Object - {1A1BFF7E-BF20-4A85-958B-11CF46C829EC} - C:\Windows\system32\aaclient6464.dll
O2 - BHO: DDSMEkl - {2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - C:\Windows\system32\vumer.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DE5F80FD-8A16-4E53-A670-25EDD1152274} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [307206300] "C:\ProgramData\1683494127\307206300.exe"
O4 - HKLM\..\Run: [Total Cleaner] C:\Program Files\Total Cleaner\totalcleaner.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.superantispyware.com/
O20 - Winlogon Notify: feeccfacaef - C:\Windows\system32\feeccfacaef.dll
O21 - SSODL: ieModule - {DAEAD5B5-AB53-4D91-8743-74B9FD9D2AFF} - (no file)
O21 - SSODL: InternetConnection - {C725A651-4A36-4B37-913A-AD6A0130CB1D} - (no file)
O23 - Service: Antispyware Scanning Engine (AntispywareSrv) - Unknown owner - C:\Program Files\Antispyware\Antispyware.srv.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 4 / 29
worm1982 Messages postés 78 Statut Membre
 
voici le rapport lopr merci pour l aide

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
BIOS : BIOS Date: 10/01/07 17:10:01 Ver: 5.16
USER : Denis ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 15.0.0.60 (Activated)
Firewall : Norton Internet Security 15.0.0.60 (Activated)
C:\ (Local Disk) - NTFS - Total:325 Go (Free:252 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:9 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 2009-04-18|13:18 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[2008-02-01|21:34] C:\Users\Denis\AppData\Local\Adobe
[2008-01-14|20:22] C:\Users\Denis\AppData\Local\Application Data
[2009-01-15|21:22] C:\Users\Denis\AppData\Local\d3d9caps.dat
[2009-03-25|08:21] C:\Users\Denis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-04-11|09:11] C:\Users\Denis\AppData\Local\GDIPFONTCACHEV1.DAT
[2008-02-29|09:28] C:\Users\Denis\AppData\Local\Google
[2008-09-23|20:51] C:\Users\Denis\AppData\Local\Hewlett-Packard
[2008-01-14|20:22] C:\Users\Denis\AppData\Local\Historique
[2009-04-15|19:31] C:\Users\Denis\AppData\Local\IconCache.db
[2008-04-27|15:52] C:\Users\Denis\AppData\Local\Microsoft
[2008-01-29|21:59] C:\Users\Denis\AppData\Local\Microsoft Games
[2008-04-11|08:59] C:\Users\Denis\AppData\Local\Microsoft Help
[2008-02-08|16:52] C:\Users\Denis\AppData\Local\Mozilla
[2009-04-18|13:17] C:\Users\Denis\AppData\Local\Temp
[2008-01-14|20:22] C:\Users\Denis\AppData\Local\Temporary Internet Files
[2008-02-24|17:02] C:\Users\Denis\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[2009-04-04 01:58][--a------] C:\Windows\tasks\HPCeeScheduleForDenis.job
[2009-04-17 13:21][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{FF862320-5144-40CE-AC69-DFDF066AB50A}.job
[2008-01-14 21:48][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[2009-03-30 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Effectuer une analyse complŠte du systŠme - Propri‚taire.job
[2009-04-16 20:45][--ah-----] C:\Windows\tasks\SA.DAT
[2009-04-15 19:37][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[2009-01-17|17:08] C:\ProgramData\1683494127
[2007-11-23|15:40] C:\ProgramData\Adobe
[2008-10-13|23:06] C:\ProgramData\ahujarat
[2006-11-02|09:02] C:\ProgramData\Application Data
[2009-01-02|11:41] C:\ProgramData\Boole & Partners
[2008-01-13|14:10] C:\ProgramData\Bureau
[2008-01-27|21:34] C:\ProgramData\CyberLink
[2006-11-02|09:02] C:\ProgramData\Desktop
[2006-11-02|09:02] C:\ProgramData\Documents
[2008-01-13|14:10] C:\ProgramData\Favoris
[2006-11-02|09:02] C:\ProgramData\Favorites
[2008-03-28|10:56] C:\ProgramData\fitsxabu
[2008-02-29|09:28] C:\ProgramData\Google
[2008-04-09|20:34] C:\ProgramData\Hewlett-Packard
[2008-04-09|21:23] C:\ProgramData\HP
[2008-04-09|20:41] C:\ProgramData\HP Product Assistant
[2008-04-09|20:44] C:\ProgramData\HPSSUPPLY
[2009-03-16|18:02] C:\ProgramData\hpzinstall.log
[2008-09-19|00:39] C:\ProgramData\kxwxqrgn
[2008-01-13|14:10] C:\ProgramData\Menu D‚marrer
[2009-01-17|17:05] C:\ProgramData\Microsoft
[2009-02-21|23:03] C:\ProgramData\Microsoft Help
[2008-01-13|14:10] C:\ProgramData\ModŠles
[2007-11-23|15:39] C:\ProgramData\muvee Technologies
[2008-03-28|10:56] C:\ProgramData\ovsryalx
[2007-11-23|15:49] C:\ProgramData\PC-Doctor
[2009-03-23|14:34] C:\ProgramData\Spybot - Search & Destroy
[2006-11-02|09:02] C:\ProgramData\Start Menu
[2009-01-30|16:45] C:\ProgramData\Symantec
[2009-03-23|14:37] C:\ProgramData\TEMP
[2006-11-02|09:02] C:\ProgramData\Templates
[2008-04-09|21:24] C:\ProgramData\WEBREG
[2009-01-17|17:05] C:\ProgramData\winlogon.exe
[2008-01-14|21:43] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[2007-11-23|15:40] C:\Program Files\Adobe
[2008-08-19|20:51] C:\Program Files\Air Canada TravelDesk
[2009-01-17|18:14] C:\Program Files\Antispyware
[2009-01-15|23:58] C:\Program Files\Antivirus 2009
[2007-11-23|15:51] C:\Program Files\AWS
[2009-01-02|11:41] C:\Program Files\Boole & Partners
[2009-03-23|17:46] C:\Program Files\CCleaner
[2008-04-11|09:02] C:\Program Files\Common Files
[2007-11-23|15:03] C:\Program Files\CONEXANT
[2007-11-23|15:37] C:\Program Files\CyberLink
[2008-02-18|20:52] C:\Program Files\DivX
[2008-01-13|14:10] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[2009-02-27|00:18] C:\Program Files\FreeHDplay
[2007-11-23|15:50] C:\Program Files\Hewlett-Packard
[2008-04-09|20:44] C:\Program Files\HP
[2008-04-02|18:20] C:\Program Files\ImpotExpert 2007
[2009-03-27|19:33] C:\Program Files\ImpotExpert 2008
[2008-02-24|14:40] C:\Program Files\InstallShield Installation Information
[2008-09-22|03:20] C:\Program Files\Internet Explorer
[2007-11-23|15:41] C:\Program Files\Java
[2006-11-02|08:37] C:\Program Files\Microsoft Games
[2008-04-11|09:05] C:\Program Files\Microsoft Office
[2008-04-11|09:02] C:\Program Files\Microsoft Works
[2008-04-11|09:02] C:\Program Files\Microsoft.NET
[2007-11-23|23:21] C:\Program Files\Movie Maker
[2009-04-18|12:53] C:\Program Files\Mozilla Firefox
[2006-11-02|08:37] C:\Program Files\MSBuild
[2006-11-02|08:37] C:\Program Files\MSN
[2008-02-25|04:01] C:\Program Files\MSXML 4.0
[2007-11-23|15:39] C:\Program Files\muvee Technologies
[2008-01-14|13:03] C:\Program Files\Norton Internet Security
[2007-11-23|16:02] C:\Program Files\PC-Doctor 5 for Windows
[2007-11-23|15:23] C:\Program Files\Realtek
[2006-11-02|08:37] C:\Program Files\Reference Assemblies
[2007-11-23|15:51] C:\Program Files\Services en ligne
[2009-03-23|14:39] C:\Program Files\Spybot - Search & Destroy
[2009-01-17|17:37] C:\Program Files\Symantec
[2009-03-30|20:58] C:\Program Files\Total Cleaner
[2009-03-16|16:21] C:\Program Files\Trend Micro
[2006-11-02|09:01] C:\Program Files\Uninstall Information
[2007-11-23|23:47] C:\Program Files\Windows Calendar
[2007-11-23|23:21] C:\Program Files\Windows Collaboration
[2007-11-23|23:29] C:\Program Files\Windows Defender
[2007-11-23|23:21] C:\Program Files\Windows Journal
[2008-01-14|21:47] C:\Program Files\Windows Live
[2008-01-14|21:48] C:\Program Files\Windows Live Favorites
[2008-01-14|21:48] C:\Program Files\Windows Live Toolbar
[2008-09-22|03:06] C:\Program Files\Windows Mail
[2007-11-23|23:56] C:\Program Files\Windows Media Player
[2008-01-13|14:10] C:\Program Files\Windows NT
[2007-11-23|23:21] C:\Program Files\Windows Photo Gallery
[2008-01-14|13:06] C:\Program Files\Windows Sidebar
[2009-03-23|17:47] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[2007-11-23|15:40] C:\Program Files\Common Files\Adobe
[2008-02-24|14:40] C:\Program Files\Common Files\AnswerWorks 4.0
[2008-04-11|09:02] C:\Program Files\Common Files\DESIGNER
[2008-04-09|20:40] C:\Program Files\Common Files\Hewlett-Packard
[2007-11-23|15:30] C:\Program Files\Common Files\HP
[2007-11-23|16:00] C:\Program Files\Common Files\InstallShield
[2008-02-24|14:33] C:\Program Files\Common Files\Intuit
[2007-11-23|15:41] C:\Program Files\Common Files\Java
[2007-11-23|15:38] C:\Program Files\Common Files\LightScribe
[2007-11-23|15:37] C:\Program Files\Common Files\LS Getting Started
[2009-02-21|23:03] C:\Program Files\Common Files\microsoft shared
[2007-11-23|15:39] C:\Program Files\Common Files\muvee Technologies
[2006-11-02|07:18] C:\Program Files\Common Files\Services
[2006-11-02|07:18] C:\Program Files\Common Files\SpeechEngines
[2009-03-23|20:09] C:\Program Files\Common Files\Symantec Shared
[2008-04-11|09:06] C:\Program Files\Common Files\System
[2008-01-14|21:46] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 66 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 13:18:14
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\Windows\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\PROGRA~1\Antivirus 2009
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Spyware Guard 2008

[F:185][D:5]-> C:\Users\Denis\AppData\Local\Temp
[F:7][D:0]-> C:\Users\Denis\AppData\Roaming\MICROS~1\Windows\Cookies
[F:96][D:14]-> C:\Users\Denis\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:75][D:6]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 2009-04-18|13:18 - Option : [1]

--------------------\\ Fin du rapport a 13:18:31
[ UAC => 1 ]
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Ok, Rien de ce côté là, désinstalle Lop S&D.

Analyse avec Smitfraudfix :

- Télécharge SmitfraudFix (de S!Ri, balltrap34 et moe31)
= = = = >>> En cliquant ici <<< = = = =
ou ICI

- Enregistre-le sur le bureau
- Clique droit sur SmitfraudFix.exe et sélectionne « Exécuter en tant qu’administrateur ».
- Choisis l’option 1 puis Entrée.
- Un rapport sera généré, poste-le dans ta prochaine réponse.
Note :
Process.exe est détecté par certains antivirus comme étant un risktool. Il ne s’agit pas d’un virus mais d’un utilitaire destiné à mettre fin à des processus.

/!\ Ne fais l’étape 2 que si on te le demande, on doit d’abord examiner le premier rapport de SmitfraudFix /!\
0
Réponse 6 / 29
worm1982 Messages postés 78 Statut Membre
 
je ne sais pas comment desinstaller le prog LOP S&D je lai pas vu dans panneau de config/prog et fonctionnalite

voici le rapport de smith merci

SmitFraudFix v2.410

Scan done at 13:29:23,67, 2009-04-18
Run from C:\Users\Denis\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf FOUND !
C:\resycled\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Denis

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Denis\AppData\Local\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Denis\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Denis\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

C:\Windows\system32\drivers\opdxpqvjndko.sys detected !
use a Rootkit scanner

C:\Windows\system32\opdxrrjmoobs.dll detected !
use a Rootkit scanner

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
DNS Server Search Order: 24.200.241.37
DNS Server Search Order: 24.201.245.77
DNS Server Search Order: 24.200.243.189

HKLM\SYSTEM\CCS\Services\Tcpip\..\{23665C9F-4764-44D2-8172-4D55B4054882}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 7 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Tu as juste à supprimer le fiichier pour lop et le rapport qui se situe à la racine du disque (C:\lopR.txt).

Nettoyage avec Smitfraudfix :

Redémarre en mode sans échec, pour cela, redémarre l’ordinateur, avant le logo Windows, tapote sur la touche F8.
Un menu va apparaître, choisis Mode sans échec grâce aux flèches directionnelles de ton clavier et appuie ensuite sur le touche Entrée de ton clavier.

- Lance SmitfraudFix double clic sur SmitfraudFix.cmd (ne clique sur aucun autre fichier)
- Choisis l’option 2 et appuie sur Entrée
- Réponds o (Oui) aux deux questions suivantes si elles sont posées
- Un rapport sera généré sauvegarde le dans un dossier.

Redémarre en mode normal :
- Menu Démarrer
- Arrêter
- Redémarre l’ordinateur

Poste l’intégralité du rapport que tu as sauvegardé.
0
worm1982 Messages postés 78 Statut Membre
 
jai redemarre en mode sans echec et jai du repondre a seulement une question par oui: voulez deleter les fichiers ... voici le rapport

SmitFraudFix v2.410

Scan done at 13:58:36,60, 2009-04-18
Run from C:\Users\Denis\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\autorun.inf Deleted
C:\resycled\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» RK.2


C:\Windows\system32\drivers\opdxpqvjndko.sys detected !
use a Rootkit scanner

C:\Windows\system32\opdxrrjmoobs.dll detected !
use a Rootkit scanner


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 8 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Poste un nouveau rapport Hijackthis stp.
Si tu trouves "Antispyware" dans la liste des programmes, désinstalle le.
(C:\Program Files\Antispyware)
0
worm1982 Messages postés 78 Statut Membre
 
jai desinstalle antispyware

voici le rapport hijackthis merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:39, on 2009-04-18
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Total Cleaner\totalcleaner.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Video Flash Object - {1A1BFF7E-BF20-4A85-958B-11CF46C829EC} - C:\Windows\system32\aaclient6464.dll
O2 - BHO: DDSMEkl - {2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - C:\Windows\system32\vumer.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DE5F80FD-8A16-4E53-A670-25EDD1152274} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [307206300] "C:\ProgramData\1683494127\307206300.exe"
O4 - HKLM\..\Run: [Total Cleaner] C:\Program Files\Total Cleaner\totalcleaner.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.superantispyware.com/
O20 - Winlogon Notify: feeccfacaef - C:\Windows\system32\feeccfacaef.dll
O21 - SSODL: ieModule - {DAEAD5B5-AB53-4D91-8743-74B9FD9D2AFF} - (no file)
O21 - SSODL: InternetConnection - {C725A651-4A36-4B37-913A-AD6A0130CB1D} - (no file)
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 9 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
C'est toi qui a installé TotalCleaner ?
Si oui, à quoi te sert-il ?

Affiche les fichiers cachés et système en suivant cette procédure :
http://www.vista-xp.fr/forum/topic16.html

********Ensuite********

Analyse ces fichiers : 
C:\Windows\system32\aaclient6464.dll
C:\Windows\system32\vumer.dll
C:\ProgramData\1683494127\307206300.exe
C:\Windows\system32\feeccfacaef.dll

Sur le site de virustotal :
https://www.virustotal.com/gui/

Parcourir > Sélectionne ton fichier > Analyser, patiente que l’analyse soit terminée.

Poste bien les rapports en m’indiquant à chaque rapport envoyé le nom du fichier concerné !

(Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant).

Il se peut que tu ne trouves pas les deux derniers fichiers à analyser.
0
worm1982 Messages postés 78 Statut Membre
 
cest pas mon ordi alors pour total cleaner je sais pas...je devrais le desinstaller?

1)Fichier aaclient6464.dll reçu le 2009.04.18 20:31:25 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 6/40 (15%)

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.04.18 -
AhnLab-V3 5.0.0.2 2009.04.18 -
AntiVir 7.9.0.143 2009.04.17 -
Antiy-AVL 2.0.3.1 2009.04.17 -
Authentium 5.1.2.4 2009.04.18 -
Avast 4.8.1335.0 2009.04.18 Win32:Exchanger-M
AVG 8.5.0.287 2009.04.18 -
BitDefender 7.2 2009.04.18 -
CAT-QuickHeal 10.00 2009.04.18 -
ClamAV 0.94.1 2009.04.18 -
Comodo 1120 2009.04.18 -
DrWeb 4.44.0.09170 2009.04.18 Trojan.DownLoad.35144
eSafe 7.0.17.0 2009.04.13 -
eTrust-Vet 31.6.6455 2009.04.14 -
F-Prot 4.4.4.56 2009.04.17 -
F-Secure 8.0.14470.0 2009.04.18 Trojan-Downloader.Win32.Exchanger.aum
Fortinet 3.117.0.0 2009.04.18 -
GData 19 2009.04.18 Win32:Exchanger-M
Ikarus T3.1.1.49.0 2009.04.18 -
K7AntiVirus 7.10.707 2009.04.17 -
Kaspersky 7.0.0.125 2009.04.18 Trojan-Downloader.Win32.Exchanger.aum
McAfee 5588 2009.04.18 -
McAfee+Artemis 5588 2009.04.18 -
McAfee-GW-Edition 6.7.6 2009.04.18 -
Microsoft 1.4502 2009.04.18 -
NOD32 4018 2009.04.18 -
Norman 6.00.06 2009.04.17 -
nProtect 2009.1.8.0 2009.04.18 -
Panda 10.0.0.14 2009.04.18 -
PCTools 4.4.2.0 2009.04.17 -
Prevx1 V2 2009.04.18 High Risk Fraudulent Security Program
Rising 21.25.52.00 2009.04.18 -
Sophos 4.40.0 2009.04.18 -
Sunbelt 3.2.1858.2 2009.04.18 -
Symantec 1.4.4.12 2009.04.18 -
TheHacker 6.3.4.0.309 2009.04.16 -
TrendMicro 8.700.0.1004 2009.04.17 -
VBA32 3.12.10.2 2009.04.12 -
ViRobot 2009.4.18.1685 2009.04.18 -
VirusBuster 4.6.5.0 2009.04.18 -
Information additionnelle
File size: 77312 bytes
MD5...: 6ac1322cecd44c0a883b7bec037c85bf
SHA1..: 2516240f3ff7634bdd52ad013e7de9f57f7dbaff
SHA256: 1ce984830a5add41ce5b932ad2089948f8a88205339b94ca9ee29f11cc38d88d
SHA512: d5a1e519e484eeebd436583ef9ff7b7431e6527acfed96a411ae5b814f980291
1ad0770de133c3541bff2f10c6d0a6bbe9b5100d80ab46192209e426c3906603
ssdeep: 1536:T/w1jsQAngWb2y/z7c9Vopp1TRsuDgb2:jw1ogWTc9aX1TRx/
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1980
timedatestamp.....: 0x40c42b24 (Mon Jun 07 08:45:24 2004)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9b5 0xa00 6.23 f312541b6ed8e03104d7dc3e09fd6fb3
.rdata 0x2000 0x276 0x400 3.14 351244aa1a2039f9f5d3321216d8f4aa
.data 0x3000 0xc8 0x200 1.27 5a90321004ea9f3572c5898a0005f370
.rsrc 0x4000 0x10a90 0x10c00 7.38 9dafc4ec0f576a51b453bc07087023bc
.reloc 0x15000 0x1d000 0x200 2.01 0d8d3d5809a94d097ba698c4dd95b957

( 5 imports )
> COMCTL32.dll: InitCommonControlsEx
> KERNEL32.dll: VirtualFree, VirtualAlloc, GetProcAddress, LoadLibraryA, VirtualProtect
> USER32.dll: RegisterWindowMessageA, MessageBoxW, DialogBoxParamA, LoadMenuA, LoadIconA, GetSystemMetrics
> GDI32.dll: CreateFontW
> ADVAPI32.dll: QueryServiceConfigA, CreateServiceW, StartServiceW

( 0 exports )
RDS...: NSRL Reference Data Set
-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E9C1806C00F5FA4D2E5F011A599A15004360166E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E9C1806C00F5FA4D2E5F011A599A15004360166E</a>

2)Fichier vumer.dll reçu le 2009.04.18 20:36:47 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 30/40 (75%)

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.04.18 AdWare.Win32.BHO!IK
AhnLab-V3 5.0.0.2 2009.04.18 Win-Trojan/Bho.199698
AntiVir 7.9.0.143 2009.04.17 ADSPY/Bho.199696
Antiy-AVL 2.0.3.1 2009.04.17 -
Authentium 5.1.2.4 2009.04.18 W32/Trojan2.GJPU
Avast 4.8.1335.0 2009.04.18 Win32:Adware-gen
AVG 8.5.0.287 2009.04.18 Generic12.BHBP
BitDefender 7.2 2009.04.18 Trojan.Generic.1401280
CAT-QuickHeal 10.00 2009.04.18 Trojan.Agent.irc
ClamAV 0.94.1 2009.04.18 -
Comodo 1120 2009.04.18 Unclassified Malware
DrWeb 4.44.0.09170 2009.04.18 Adware.Bho.420
eSafe 7.0.17.0 2009.04.13 -
eTrust-Vet 31.6.6455 2009.04.14 -
F-Prot 4.4.4.56 2009.04.17 W32/Trojan2.GJPU
F-Secure 8.0.14470.0 2009.04.18 Trojan.Win32.BHO.qxv
Fortinet 3.117.0.0 2009.04.18 -
GData 19 2009.04.18 Trojan.Generic.1401280
Ikarus T3.1.1.49.0 2009.04.18 AdWare.Win32.BHO
K7AntiVirus 7.10.707 2009.04.17 Trojan.Win32.BHO
Kaspersky 7.0.0.125 2009.04.18 Trojan.Win32.BHO.qxv
McAfee 5588 2009.04.18 Generic AdClicker.g
McAfee+Artemis 5588 2009.04.18 Generic AdClicker.g
McAfee-GW-Edition 6.7.6 2009.04.18 Ad-Spyware.Bho.199696
Microsoft 1.4502 2009.04.18 Trojan:Win32/BHO.AL
NOD32 4018 2009.04.18 -
Norman 6.00.06 2009.04.17 W32/BHO.JCY
nProtect 2009.1.8.0 2009.04.18 Trojan/W32.BHO.199698
Panda 10.0.0.14 2009.04.18 Generic Trojan
PCTools 4.4.2.0 2009.04.17 Trojan.BHO.KQW
Prevx1 V2 2009.04.18 Medium Risk Malware
Rising 21.25.52.00 2009.04.18 -
Sophos 4.40.0 2009.04.18 Troj/MukBho-Gen
Sunbelt 3.2.1858.2 2009.04.18 -
Symantec 1.4.4.12 2009.04.18 Adware.Gen
TheHacker 6.3.4.0.309 2009.04.16 Trojan/BHO.kqw
TrendMicro 8.700.0.1004 2009.04.17 -
VBA32 3.12.10.2 2009.04.12 Trojan.Win32.BHO.kqw
ViRobot 2009.4.18.1685 2009.04.18 -
VirusBuster 4.6.5.0 2009.04.18 Trojan.BHO.SIA
Information additionnelle
File size: 199698 bytes
MD5...: ab8b5842dbfb162ac54a15f1ab08e3d9
SHA1..: 51de266d71dc651613da9da2e1ff9f9e08ffa2a0
SHA256: b49ef2c9b1e059d4b97acc5f4cc42472b4f70eec2f5e1abca6df3d644de99d6d
SHA512: c7bad3a925e381ab8e6b63d35ba146b57b7208e8a68d562094d87e55a9a10b80
bab8b66753c7a3bd3ac3813108ea6eaa2b04bb9812bbee46d8e976bc4eab0358
ssdeep: 6144:iX2JilPREU1NR0WQ20IvsIZlXnKVYpaxhbP:6lpEKNR220IvsIvyxhr
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1f6cd
timedatestamp.....: 0x496b92ee (Mon Jan 12 18:58:54 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x22cde 0x22e00 5.98 d158e302bc11f5b1913bfd4dbc6ce1af
.rdata 0x24000 0x9732 0x9800 5.97 23652d54174dd147bda597f59d69c8df
.data 0x2e000 0x884 0x800 3.70 88b834018c3bb41d59e272d38d32fa9d
.rsrc 0x2f000 0xe30 0x1000 4.06 bccb7b4f8bc6699a31a9b33ba4e0a8e9
.reloc 0x30000 0x29ec 0x2a00 5.85 2626b5a9389061fb6a120a94c02ca063

( 9 imports )
> KERNEL32.dll: GetCurrentProcess, FlushInstructionCache, lstrlenW, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InterlockedIncrement, InterlockedDecrement, InitializeCriticalSection, DisableThreadLibraryCalls, WaitForMultipleObjects, lstrlenA, MultiByteToWideChar, WaitForSingleObject, CreateThread, Sleep, SetEvent, CloseHandle, CreateEventW, ResetEvent, GetFileSize, ReadFile, CreateFileW, FormatMessageW, LocalAlloc, LocalFree, FreeLibrary, LoadLibraryW, GetProcAddress, lstrcpyA, lstrcmpW, GetLocaleInfoW, GetLastError, GetVersionExW, WideCharToMultiByte, lstrcpyW, GetModuleFileNameW, GetComputerNameW, lstrcpynW
> ole32.dll: CoCreateInstance, CoInitialize, CoUninitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: StrStrW, StrToIntW, StrChrW
> ATL.DLL: -, -, -, -, -, -, -, -, -, -, -
> MSVCP60.dll: _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, __1_Lockit@std@@QAE@XZ, __0_Lockit@std@@QAE@XZ, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ID@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD0@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ
> MSVCRT.dll: __0exception@@QAE@ABV0@@Z, _except_handler3, strtol, printf, memset, __1exception@@UAE@XZ, _purecall, memcpy, _CxxThrowException, strlen, time, __CxxFrameHandler, __2@YAPAXI@Z, __0exception@@QAE@ABQBD@Z, strchr, free, __dllonexit, _onexit, __1type_info@@UAE@XZ, _terminate@@YAXXZ, _initterm, _adjust_fdiv, memcmp, malloc
> USER32.dll: wsprintfA, wsprintfW
> ADVAPI32.dll: RegCloseKey, RegQueryInfoKeyW, RegEnumValueW, RegDeleteKeyW, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
RDS...: NSRL Reference Data Set
-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=245D76C11275BB110CF503BC7807B30055928105' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=245D76C11275BB110CF503BC7807B30055928105</a>
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=ab8b5842dbfb162ac54a15f1ab08e3d9' target='_blank'>https://www.symantec.com?md5=ab8b5842dbfb162ac54a15f1ab08e3d9</a>

3)Fichier 307206300.exe reçu le 2009.04.18 20:39:55 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 34/40 (85%)

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.04.18 Generic.Win32.Malware!IK
AhnLab-V3 5.0.0.2 2009.04.18 Win-Trojan/Agent.1843712
AntiVir 7.9.0.143 2009.04.17 SPR/Fraud.SystemS.1
Antiy-AVL 2.0.3.1 2009.04.17 Trojan/Win32.Agent
Authentium 5.1.2.4 2009.04.18 W32/TrojanX.BKQM
Avast 4.8.1335.0 2009.04.18 Win32:FakeAV-AQ
AVG 8.5.0.287 2009.04.18 Generic12.AXTZ
BitDefender 7.2 2009.04.18 Trojan.Generic.1370139
CAT-QuickHeal 10.00 2009.04.18 Trojan.Agent.bfdu
ClamAV 0.94.1 2009.04.18 -
Comodo 1120 2009.04.18 TrojWare.Win32.Agent.bizk
DrWeb 4.44.0.09170 2009.04.18 -
eSafe 7.0.17.0 2009.04.13 Win32.FakeAlert.winw
eTrust-Vet 31.6.6455 2009.04.14 Win32/FakeAV.XO
F-Prot 4.4.4.56 2009.04.17 W32/TrojanX.BKQM
F-Secure 8.0.14470.0 2009.04.18 Trojan.Win32.Agent.bizk
Fortinet 3.117.0.0 2009.04.18 W32/FakeAlert.WINWEBSECURITY!tr
GData 19 2009.04.18 Trojan.Generic.1370139
Ikarus T3.1.1.49.0 2009.04.18 Generic.Win32.Malware
K7AntiVirus 7.10.707 2009.04.17 Trojan.Win32.Agent.bfdu
Kaspersky 7.0.0.125 2009.04.18 Trojan.Win32.Agent.bizk
McAfee 5588 2009.04.18 FakeAlert-WinwebSecurity
McAfee+Artemis 5588 2009.04.18 FakeAlert-WinwebSecurity
McAfee-GW-Edition 6.7.6 2009.04.18 Riskware.Fraud.SystemS.1
Microsoft 1.4502 2009.04.18 Program:Win32/Winwebsec
NOD32 4018 2009.04.18 a variant of Win32/Adware.WinWebSecurity
Norman 6.00.06 2009.04.17 W32/Agent.KLLJ
nProtect 2009.1.8.0 2009.04.18 Trojan/W32.Agent.1843754
Panda 10.0.0.14 2009.04.18 Adware/SystemSecurity
PCTools 4.4.2.0 2009.04.17 -
Prevx1 V2 2009.04.18 Medium Risk Malware
Rising 21.25.52.00 2009.04.18 -
Sophos 4.40.0 2009.04.18 Mal/FakeAV-AA
Sunbelt 3.2.1858.2 2009.04.18 Trojan-Downloader.Win32.Agent.avzz
Symantec 1.4.4.12 2009.04.18 -
TheHacker 6.3.4.0.309 2009.04.16 Trojan/Agent.bizk
TrendMicro 8.700.0.1004 2009.04.17 -
VBA32 3.12.10.2 2009.04.12 Trojan.Win32.Agent.bfuw
ViRobot 2009.4.18.1685 2009.04.18 Trojan.Win32.Agent.1843712
VirusBuster 4.6.5.0 2009.04.18 Trojan.Simpostor.L
Information additionnelle
File size: 1843748 bytes
MD5...: 60d8c6485027ea57657b8ad7cd74cde7
SHA1..: d3e5a5ef44fe2079a641c86275216237d31b062e
SHA256: 617ed22d9de3e62cec4ab7b8937ad3b501fce778906ab78fa96c89f10d23b72d
SHA512: 2f7a9b7ecd09bfd5a42199b4db0ae7fbb73e1f51f18491b570a65cdb94fccbdb
8fe56218420b85c7f024e20827f3a7dd4fc84318303888e0ceaf817b946243d9
ssdeep: 24576:+29hLNHXgU9fqLYFrY/kO5/5jnD/vbKZiEMWTOVWWp8mFTqUCXdgPiD4RJ
4/sX9K:iLT/T7KtMWTOVWWp8QThPSCFG
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
RDS...: NSRL Reference Data Set
-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=307676A824E7266C22A91C7942F947001B94DCEA' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=307676A824E7266C22A91C7942F947001B94DCEA</a>

4)Fichier feeccfacaef.dll reçu le 2009.04.18 20:43:46 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 36/40 (90%)

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.04.18 AdWare.Win32.BHO!IK
AhnLab-V3 5.0.0.2 2009.04.18 -
AntiVir 7.9.0.143 2009.04.17 Worm/Autorun.erw.1
Antiy-AVL 2.0.3.1 2009.04.17 -
Authentium 5.1.2.4 2009.04.18 W32/Worm.ALYC
Avast 4.8.1335.0 2009.04.18 Win32:Trojan-gen {Other}
AVG 8.5.0.287 2009.04.18 Worm/Generic.TEI
BitDefender 7.2 2009.04.18 Worm.Generic.43916
CAT-QuickHeal 10.00 2009.04.18 Worm.AutoRun.erw
ClamAV 0.94.1 2009.04.18 -
Comodo 1120 2009.04.18 Worm.Win32.AutoRun.erw
DrWeb 4.44.0.09170 2009.04.18 DLOADER.Trojan
eSafe 7.0.17.0 2009.04.13 Win32.AutoRun.Agent.
eTrust-Vet 31.6.6455 2009.04.14 Win32/Swimnag!generic
F-Prot 4.4.4.56 2009.04.17 W32/Worm.ALYC
F-Secure 8.0.14470.0 2009.04.18 Worm.Win32.AutoRun.erw
Fortinet 3.117.0.0 2009.04.18 W32/AutoRun.ERW!worm
GData 19 2009.04.18 Worm.Generic.43916
Ikarus T3.1.1.49.0 2009.04.18 AdWare.Win32.BHO
K7AntiVirus 7.10.707 2009.04.17 Worm.Win32.AutoRun.erw
Kaspersky 7.0.0.125 2009.04.18 Worm.Win32.AutoRun.erw
McAfee 5588 2009.04.18 W32/Autorun.worm.zz
McAfee+Artemis 5588 2009.04.18 W32/Autorun.worm.zz
McAfee-GW-Edition 6.7.6 2009.04.18 Worm.Autorun.erw.1
Microsoft 1.4502 2009.04.18 Worm:Win32/Autorun.HU
NOD32 4018 2009.04.18 Win32/AutoRun.Agent.FY
Norman 6.00.06 2009.04.17 W32/AutoRun.LLT
nProtect 2009.1.8.0 2009.04.18 Worm/W32.AutoRun.278033
Panda 10.0.0.14 2009.04.18 W32/AutoRun.DJ.worm
PCTools 4.4.2.0 2009.04.17 Worm.Autorun.ERW
Prevx1 V2 2009.04.18 High Risk Worm
Rising 21.25.52.00 2009.04.18 Worm.Win32.Autorun.fee
Sophos 4.40.0 2009.04.18 W32/AutoRun-QD
Sunbelt 3.2.1858.2 2009.04.18 Worm.Win32.AutoRun.erw
Symantec 1.4.4.12 2009.04.18 W32.SillyFDC
TheHacker 6.3.4.0.309 2009.04.16 W32/AutoRun.erw
TrendMicro 8.700.0.1004 2009.04.17 -
VBA32 3.12.10.2 2009.04.12 Worm.Win32.AutoRun.wik
ViRobot 2009.4.18.1685 2009.04.18 Worm.Win32.Autorun.278033
VirusBuster 4.6.5.0 2009.04.18 Worm.AutoRun.FRK
Information additionnelle
File size: 278033 bytes
MD5...: beaa01229dff740e33e981d9f575161a
SHA1..: 840c9607efa2c4581a2880677351591d3a3b15df
SHA256: fceb41d39ef06ec20736bac2f02a214e0817eef954b01e2a393ebe1a97cc1ac6
SHA512: 3f985792c72f99e200e5bf78ade7a0b5c69472091446254583768cdd0837327a
b65607ee55425bdc7e1fd45ca99d8b74b04cbe98aaa2e81dc1cc970a93aa2750
ssdeep: 6144:BEVnokFoqkL6uAyaRGTdRYpAGh1dTE6XeZ9dF0Ymp9:BEVokeLHdRYpDh1R
E5DFXm7
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x11905
timedatestamp.....: 0x4970f85c (Fri Jan 16 21:13:00 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1259c 0x12600 6.03 d045f1901eb953089af7a7d9431e12b3
.rdata 0x14000 0x7295 0x7400 6.40 935e215bd013b79ee9dcd89a8c794a73
.data 0x1c000 0xb8c 0xc00 4.17 d73643b10a849e278b799866afc5f115
.rsrc 0x1d000 0x27a8c 0x27c00 8.00 5b1c1f3ea979703a5e3024f0a7126774
.reloc 0x45000 0x1716 0x1800 5.51 83e498f82eeaa9ebf7c702ccb294d24b

( 8 imports )
> KERNEL32.dll: DisableThreadLibraryCalls, CloseHandle, CreateFileW, SetEvent, WinExec, GetDriveTypeW, lstrcmpiW, SetFileAttributesW, Sleep, CreateThread, CreateEventW, WaitForSingleObject, CancelWaitableTimer, CreateWaitableTimerW, SetWaitableTimer, OpenProcess, TerminateProcess, DeleteFileW, GetFileAttributesW, MoveFileExW, GetFileSize, WriteFile, ReadFile, FindResourceExW, LoadResource, LockResource, SizeofResource, GetLogicalDriveStringsW, lstrcpynW, lstrlenW, lstrcmpW, lstrcpyA, lstrlenA, GetLastError, LocalFree, lstrcpyW, LocalAlloc, FormatMessageW, GetComputerNameW, GetLocalTime, GetModuleFileNameW, GetSystemDirectoryW, WideCharToMultiByte, MultiByteToWideChar, GetVersionExW
> MSVCP60.dll: _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ID@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, __0_Lockit@std@@QAE@XZ, __1_Lockit@std@@QAE@XZ, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z
> MSVCRT.dll: memset, time, __2@YAPAXI@Z, strlen, _CxxThrowException, __CxxFrameHandler, __0exception@@QAE@ABV0@@Z, __1exception@@UAE@XZ, __0exception@@QAE@ABQBD@Z, strchr, free, __1type_info@@UAE@XZ, _initterm, malloc, _adjust_fdiv, __dllonexit, _onexit, memcpy
> USER32.dll: wsprintfA, GetWindowTextW, wsprintfW, GetWindowTextLengthW, EnumWindowStationsW, EnumDesktopsW, GetWindowThreadProcessId, OpenWindowStationW, CloseDesktop, EnumDesktopWindows, OpenDesktopW
> ADVAPI32.dll: RegCreateKeyExW, RegQueryValueExW, RegQueryValueExA, RegSetValueExW, RegSetValueExA, RegCloseKey
> WININET.dll: HttpOpenRequestW, HttpQueryInfoW, InternetConnectW, InternetOpenW, InternetCrackUrlW, HttpSendRequestW, InternetReadFile, InternetCloseHandle
> SHLWAPI.dll: StrRChrW, StrStrW, StrStrIW, StrToIntW, StrChrW
> PSAPI.DLL: GetModuleBaseNameW

( 10 exports )
i, l, lck, lf, sd, ss, sss, stsss, sup, u
RDS...: NSRL Reference Data Set
-
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=beaa01229dff740e33e981d9f575161a' target='_blank'>http://research.sunbelt-software.com/...
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=BB1E670F11F84E2B3E93049CF9EB10004ED99DF0' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=BB1E670F11F84E2B3E93049CF9EB10004ED99DF0</a>
0
Réponse 10 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Très bien.

Télécharge Malwarebytes’ Anti-Malware
= = = = >>> En cliquant ici <<< = = = =

- Sur la page clique sur Télécharger Malwarebyte’s Anti-Malware
- Enregistre le sur le bureau
- Double clique sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, mets à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes
- Double-clique sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Clique sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu clique dessus pour l’afficher.
- Une fois affiché, cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu reclique sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu clique droit dans le cadre de la réponse et coller

Si tu as besoin d’aide regarde ce tutorial ICI
0
worm1982 Messages postés 78 Statut Membre
 
jai telecharger malwarebytes et je n arrive pas a le mettre a jour. J obtiens le message d erreur suivant:
echec de la mise a jour.Vérifier que vous etes connecte a internet et que votre pare-feu est parametre pour autoriser mbam a acceder a internet.

Je ne connais rien au pare feu et encore moins comment le configurer. Devrais je desinstaller total cleaner
merci
0
Réponse 11 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Désinstalle le oui.
Commence par faire un scan Malwarebytes complet sans mise à jour pour le moment.
0
worm1982 Messages postés 78 Statut Membre
 
desole mais ca la pris 60 minutes a scanner

voici le rapport de mbam

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1945
Windows 6.0.6000

2009-04-18 16:14:01
mbam-log-2009-04-18 (16-14-01).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 166408
Temps écoulé: 54 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 52
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 46

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\ddsme.kl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{52cde0e4-d73b-11dd-9b90-fcc056d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{624f9012-d73b-11dd-95af-61c156d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2502bbd0-d73b-11dd-b4ec-cebf56d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2502bbd0-d73b-11dd-b4ec-cebf56d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2502bbd0-d73b-11dd-b4ec-cebf56d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ddsme.kl.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{de5f80fd-8a16-4e53-a670-25edd1152274} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e21495f-0004-4614-9dc9-6b8f7e5024f5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{de5f80fd-8a16-4e53-a670-25edd1152274} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\aquaplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FreeHDPlay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeHDPlay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\307206300 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\InternetConnection (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ieModule (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\ProgramData\1683494127 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeHDPlay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeHDPlay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\FreeHDPlay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\ProgramData\1683494127\307206300.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\ProgramData\1683494127\config.udb (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\ProgramData\1683494127\init.udb (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\ProgramData\1683494127\Langs.udb (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> Delete on reboot.
C:\Windows\System32\vumer.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\FreeHDplay\Uninstall.exe (Trojan.DNSChanger) -> Delete on reboot.
C:\ProgramData\ahujarat\klipgfyl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Denis\Downloads\Setup.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktop\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktop\FlashPlayer.v9.012(2).exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktop\FlashPlayer.v9.012.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktop\track-end.v.3.418.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\gaopdxrrjmoobs.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07HI3GPN\u437[1].jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XW3G73AB\g419[1].jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Delete on reboot.
C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeHDPlay\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Antispyware\SpyCleaner.dll (Rogue.Antispyware) -> Delete on reboot.
C:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Delete on reboot.
C:\Users\Denis\Desktop\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\RECYCLER\S-7-9-37-100019535-100026981-100006319-8488.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktopblackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Denis\DesktopEditorFKWP1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Denis\DesktopEditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktopfilemanagerclient.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktopfkwp1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktopfkwp2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Denis\Desktopfwebd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Denis\DesktopFWebdEditor.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Denis\DesktopTrojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Protect\svhost2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\winscenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Internet Explorer\DLLs\trswoddomo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Propriétaire\Desktop\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\gaopdxpqvjndko.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\gaopdxyuctoinv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 12 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Vide la quarantaine de Malwarebytes Anti Malware.

Réessaye la mise à jour.
Si ça ne marche pas, essaye une réinstallation de l'outil.
0
worm1982 Messages postés 78 Statut Membre
 
jai vide la quarantaine... et jai update le mbam apres??? merci
0
Réponse 13 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Oui, retente la mise à jour.
0
worm1982 Messages postés 78 Statut Membre
 
apres je fais quoi
0
Réponse 14 / 29
worm1982 Messages postés 78 Statut Membre
 
mise a jour reussi merci
0
Réponse 15 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Très bien.
Alors refais un scan complet stp.
Il reste des fichiers illégitimes !
0
worm1982 Messages postés 78 Statut Membre
 
je peux le faire mais malheureusement je dois quitter apres et je devrais etre de retour dans 3 heures...
seras tu toujours la? sinon pour continuer a m aider je m y prends comment? je repost un message complet?
0
Réponse 16 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Nos messages se sont croisés...
0
worm1982 Messages postés 78 Statut Membre
 
Je peux le faire mais malheureusement je dois quitter apres et je devrais etre de retour dans 3 heures...
seras tu toujours la? sinon pour continuer a m aider je m y prends comment? je repost un message complet?
0
Réponse 17 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Si tu veux prendre de l'avance tu peux faire ceci :

- Mets à jour Malwarebytes Anti Malware.
- Fais un scan complet, supprime ce qu'il trouve et poste le rapport (comme tout à l'heure).
- Télécharge Toolscleaner (on l'utilisera plus tard.
- Télécharge Ccleaner Slim (on l'utilisera plus tard aussi)
Dans 3 heures (à 2h20..), je ne sais pas, on verra ...
0
Réponse 18 / 29
worm1982 Messages postés 78 Statut Membre
 
je sais pas si crapoulou est toujours la mais sinon si qqun veut prendre la releve ca serait apprecie
bon le scan de mbam est fini... le scan ne revele plus rien

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2002
Windows 6.0.6000

2009-04-18 19:57:39
mbam-log-2009-04-18 (19-57-39).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 167997
Temps écoulé: 54 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 19 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Je suis là.
Je regarde.
0
worm1982 Messages postés 78 Statut Membre
 
ok et bien jai poste le scan de mbam pis il a detecte aucune infection...maintenant je fais quoi
merci
0
Réponse 20 / 29
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Télécharge Random’s System Information Tool (RSIT) de random/random et enregistre l’exécutable sur le Bureau.
= = = = >>> En cliquant ici <<< = = = =

* Clique droit sur RSIT.exe puis sélectionne ‘Exécuter en tant qu’administrateur’ pour le lancer.
* Une première fenêtre s’ouvre, clique alors sur Continue (Disclaimer).
* Si la dernière version de HijackThis n’est pas détectée sur ton PC, RSIT le téléchargera et te demandera d’accepter la licence.
* Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront (probablement avec le bloc-notes).
* Poste le contenu de log.txt.
0
worm1982 Messages postés 78 Statut Membre
 
voici le rapport

Logfile of random's system information tool 1.06 (written by random/random)
Run by Denis at 2009-04-18 20:09:04
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 258 GB (77%) free of 334 GB
Total RAM: 2039 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:17, on 2009-04-18
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Denis\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Denis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Video Flash Object - {1A1BFF7E-BF20-4A85-958B-11CF46C829EC} - C:\Windows\system32\aaclient6464.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Total Cleaner] C:\Program Files\Total Cleaner\totalcleaner.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.superantispyware.com/
O20 - Winlogon Notify: feeccfacaef - C:\Windows\system32\feeccfacaef.dll
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0