Surinfection Win32:Virut,Win32:Rootkit-gen,tr

Résolu
gorgutz -  
gorgutz Messages postés 260 Statut Membre -
Bonjour,
je viens de me connecter à internet pour la première fois, et je suis déjà surinfécté de virus (Win32:Virut), trojans, rootkits...Je dispose d' avast, mais les bestiaux sont durs à érradiquer et mon système est instable.j ai des difficultés à télécharger et installer des mises à jours windows (mon xp date de 2002, et je tourne encore au service pack 1...).N' y connaissant vraiment rien, je cherche de l aide...D avance merci...
Configuration: Windows XP
Internet Explorer 6.0

22 réponses

  • 1
  • 2
  1. cedric241 Messages postés 3380 Statut Membre 119
     
    comence par ça stp:

    Fais un scan avec cet antispyware :

    Telecharge malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.
    0
    1. gorgutz Messages postés 260 Statut Membre 12
       
      Merci pour ton aide et ta promptitude.Voici le rapport:Malwarebytes' Anti-Malware 1.11
      Version de la base de données: 660

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 43113
      Temps écoulé: 1 hour(s), 0 minute(s), 40 second(s)

      Processus mémoire infecté(s): 1
      Module(s) mémoire infecté(s): 4
      Clé(s) du Registre infectée(s): 25
      Valeur(s) du Registre infectée(s): 7
      Elément(s) de données du Registre infecté(s): 2
      Dossier(s) infecté(s): 2
      Fichier(s) infecté(s): 50

      Processus mémoire infecté(s):
      C:\WINDOWS\system32\algs.exe (Backdoor.Bot) -> No action taken.

      Module(s) mémoire infecté(s):
      c:\WINDOWS\system32\rqRiJyvu.dll (Trojan.Vundo) -> No action taken.
      c:\WINDOWS\system32\qoMffCvS.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\hwqrwhbb.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\mljjgded.dll (Trojan.Vundo) -> No action taken.

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrijyvu (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1d3ce66-721f-4a88-b58e-c532286c347b} (Trojan.Vundo) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{a1d3ce66-721f-4a88-b58e-c532286c347b} (Trojan.Vundo) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.
      HKEY_CLASSES_ROOT\Typelib\{7543fbd5-2279-4d03-8f29-eb21531fa2fe} (Trojan.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken.
      HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> No action taken.
      HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> No action taken.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
      HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> No action taken.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM6b81e887 (Trojan.Agent) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update loader (Trojan.FakeAlert) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmona (Trojan.Downloader) -> No action taken.
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Application Layer Gateway Service (Backdoor.Bot) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljjgded -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljjgded -> No action taken.

      Dossier(s) infecté(s):
      C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> No action taken.
      C:\Program Files\Helper (Adware.BHO) -> No action taken.

      Fichier(s) infecté(s):
      c:\WINDOWS\system32\rqRiJyvu.dll (Trojan.Vundo) -> No action taken.
      c:\WINDOWS\system32\qoMffCvS.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\cbdfngim.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\mignfdbc.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\hwqrwhbb.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\bbhwrqwh.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\mljjgded.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\dedgjjlm.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\dedgjjlm.ini2 (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\pxdagjqv.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\vqjgadxp.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\Downloaded Program Files\webinst.dll (Trojan.Agent) -> No action taken.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45U789MB\ddos1[1].htm (Trojan.Vundo) -> No action taken.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45U789MB\sdferw[1].htm (Trojan.Agent) -> No action taken.
      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I49VGGX3\ddos1[1].htm (Trojan.Vundo) -> No action taken.
      C:\Program Files\MalwareAlarm\MalwareAlarm3.dll (Rogue.Multiple) -> No action taken.
      C:\Program Files\Systerac XP Tools 3\iea.exe (Rogue.PornCleanser) -> No action taken.
      C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001162.dll (Rogue.Multiple) -> No action taken.
      C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> No action taken.
      C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> No action taken.
      C:\WINDOWS\system32\ljJCtqQJ.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\pmnOEWPJ.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\rmyvdgca.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\Temp\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> No action taken.
      C:\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> No action taken.
      C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> No action taken.
      C:\Program Files\MalwareAlarm\MalwareAlarm0.ma (Rogue.Malware.Alarm) -> No action taken.
      C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> No action taken.
      C:\Program Files\MalwareAlarm\mfc71.dll (Rogue.Malware.Alarm) -> No action taken.
      C:\Program Files\MalwareAlarm\msvcp71.dll (Rogue.Malware.Alarm) -> No action taken.
      C:\Program Files\MalwareAlarm\msvcr71.dll (Rogue.Malware.Alarm) -> No action taken.
      C:\Program Files\MalwareAlarm\pv.exe (Rogue.Malware.Alarm) -> No action taken.
      C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> No action taken.
      C:\WINDOWS\System32\xxywwwxw.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\oqqqiekb.dll (Trojan.Agent) -> No action taken.
      C:\WINDOWS\xpupdate.exe (Trojan.FakeAlert) -> No action taken.
      C:\WINDOWS\system32\ctfmona.exe (Trojan.Downloader) -> No action taken.
      C:\WINDOWS\system32\algs.exe (Backdoor.Bot) -> No action taken.
      C:\WINDOWS\system32\winIogon.exe (Backdoor.Bot) -> No action taken.
      C:\WINDOWS\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
      C:\WINDOWS\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
      C:\WINDOWS\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
      C:\WINDOWS\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
      C:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
      C:\WINDOWS\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
      C:\WINDOWS\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
      C:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
      C:\WINDOWS\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
      C:\WINDOWS\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken.
      C:\WINDOWS\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
      0
  2. cedric241 Messages postés 3380 Statut Membre 119
     
    rassure moi t as supprimé les infections ??

    car sur ce rapport elles ne sont pas supprimé

    regarde dans rapport/log

    si t as supprime tu devrais avoir un autre rapport
    0
    1. gorgutz Messages postés 260 Statut Membre 12
       
      Oui, désolé...je me suis trompé de rapport...Voici l autre...Malwarebytes' Anti-Malware 1.11
      Version de la base de données: 660

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 43113
      Temps écoulé: 1 hour(s), 0 minute(s), 40 second(s)

      Processus mémoire infecté(s): 1
      Module(s) mémoire infecté(s): 4
      Clé(s) du Registre infectée(s): 25
      Valeur(s) du Registre infectée(s): 7
      Elément(s) de données du Registre infecté(s): 2
      Dossier(s) infecté(s): 2
      Fichier(s) infecté(s): 50

      Processus mémoire infecté(s):
      C:\WINDOWS\system32\algs.exe (Backdoor.Bot) -> Unloaded process successfully.

      Module(s) mémoire infecté(s):
      c:\WINDOWS\system32\rqRiJyvu.dll (Trojan.Vundo) -> Unloaded module successfully.
      c:\WINDOWS\system32\qoMffCvS.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\hwqrwhbb.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\mljjgded.dll (Trojan.Vundo) -> Unloaded module successfully.

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrijyvu (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1d3ce66-721f-4a88-b58e-c532286c347b} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{a1d3ce66-721f-4a88-b58e-c532286c347b} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{7543fbd5-2279-4d03-8f29-eb21531fa2fe} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Delete on reboot.
      HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM6b81e887 (Trojan.Agent) -> Delete on reboot.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update loader (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmona (Trojan.Downloader) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Application Layer Gateway Service (Backdoor.Bot) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljjgded -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljjgded -> Delete on reboot.

      Dossier(s) infecté(s):
      C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
      C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      c:\WINDOWS\system32\rqRiJyvu.dll (Trojan.Vundo) -> Delete on reboot.
      c:\WINDOWS\system32\qoMffCvS.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\cbdfngim.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\mignfdbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\hwqrwhbb.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\bbhwrqwh.ini (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\mljjgded.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\dedgjjlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\dedgjjlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\pxdagjqv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\vqjgadxp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\Downloaded Program Files\webinst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45U789MB\ddos1[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45U789MB\sdferw[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I49VGGX3\ddos1[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Program Files\MalwareAlarm\MalwareAlarm3.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Program Files\Systerac XP Tools 3\iea.exe (Rogue.PornCleanser) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001162.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ljJCtqQJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\pmnOEWPJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\rmyvdgca.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.
      C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
      C:\Program Files\MalwareAlarm\MalwareAlarm0.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
      C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
      C:\Program Files\MalwareAlarm\mfc71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
      C:\Program Files\MalwareAlarm\msvcp71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
      C:\Program Files\MalwareAlarm\msvcr71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
      C:\Program Files\MalwareAlarm\pv.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
      C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
      C:\WINDOWS\System32\xxywwwxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\oqqqiekb.dll (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\xpupdate.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ctfmona.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\algs.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\winIogon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      0
  3. As
     
    Bonjour,
    je viens d'acheter un ordinateur sous système freedos , je n'arrive pas à installer mon xp (ori) , pour cause mon portable ne retrouve pas de lecteur disque dur ou du moins il demande de vérifier les connections ou configurations liées au lecteur du disque dur.
    merci de bien vouloir m'aider
    As
    0
  4. cedric241 Messages postés 3380 Statut Membre 119
     
    réouvre maleware byte
    va dans l onglet quarantaine
    supprime tout

    puis fais ça :

    Télécharge Clean:

    -> http://www.malekal.com/download/clean.zip

    -> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

    Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

    -> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

    http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914
    0
    1. gorgutz Messages postés 260 Statut Membre 12
       
      Voilà, voilà! 20/04/2008 a 14:21:50,04

      *** Recherche des fichiers dans C:

      *** Recherche des fichiers dans C:\WINDOWS\

      *** Recherche des fichiers dans C:\WINDOWS\system32
      C:\WINDOWS\system32\i FOUND
      C:\WINDOWS\system32\SBFC.dat FOUND
      C:\WINDOWS\system32\SBRC.dat FOUND
      "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
      "C:\WINDOWS\Downloaded Program Files\CONFLICT.2" FOUND
      "C:\WINDOWS\Downloaded Program Files\CONFLICT.3" FOUND
      "C:\WINDOWS\Downloaded Program Files\CONFLICT.4" FOUND

      *** Recherche des fichiers dans C:\Program Files
      *** Fin du rapport !
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. cedric241 Messages postés 3380 Statut Membre 119
     
    ok réouvre clean et passe l option 2

    puis poste moi le rapport stp
    0
    1. gorgutz Messages postés 260 Statut Membre 12
       
      Voilà la suite:Rapport clean par Malekal_morte - http://www.malekal.com
      Script execute en mode sans echec 20/04/2008 a 14:42:41,03

      Microsoft Windows XP [version 5.1.2600]

      *** Suppression des fichiers dans C:

      *** Suppression des fichiers dans C:\WINDOWS\

      *** Suppression des fichiers dans C:\WINDOWS\system32
      tentative de suppression de C:\WINDOWS\system32\i
      tentative de suppression de C:\WINDOWS\system32\SBFC.dat
      tentative de suppression de C:\WINDOWS\system32\SBRC.dat
      tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"
      tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.2"
      tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.3"
      tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.4"

      *** Suppression des fichiers dans C:\Program Files

      *** Suppression des clefs du registre effectuee..
      *** Fin du rapport !
      0
  7. cedric241 Messages postés 3380 Statut Membre 119
     
    ok on continue maintenant fais ça :

    Télécharge HijackThis ici :

    -> https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Post le rapport généré ici stp...
    0
    1. gorgutz Messages postés 260 Statut Membre 12
       
      ok:Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:52:40, on 20/04/2008
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\WINDOWS\system32\dllcache\mravsc32.exe
      C:\WINDOWS\System32\inetsrv\inetinfo.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\mqsvc.exe
      C:\WINDOWS\System32\gqezey.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\System32\RUNDLL32.EXE
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\WINDOWS\System32\mqtgsvc.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\cidaemon.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Documents and Settings\Nico\Local Settings\Temporary Internet Files\Content.IE5\3YKR72IJ\HiJackThis[1].exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: {d6204c42-a0c1-1409-abd4-a550dceb9db1} - {1bd9becd-055a-4dba-9041-1c0a24c4026d} - C:\WINDOWS\System32\npaoxjra.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
      O4 - HKLM\..\Run: [Microsoft Anivirus Monitor Process] antiv.exe
      O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\FICHIE~1\LIBRES~1\cookw.exe" -start
      O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Nico\Bureau\install_sbd_fr.exe
      O4 - HKLM\..\Run: [LibreSystem] C:\Program Files\LibreSystem\SysRep.exe
      O4 - HKLM\..\Run: [PCDAS] C:\Program Files\SpyErazer\pcd-as.exe /10003
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [68b2db1b] rundll32.exe "C:\WINDOWS\System32\hwqrwhbb.dll",b
      O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
      O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Service SNMP (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
      0
  8. cedric241 Messages postés 3380 Statut Membre 119
     
    bon plusieures choses si ton xp est un original :

    instale le SP2 (pack de mise a jours ):

    https://www.01net.com/telecharger/windows/Utilitaire/dll_librairies/fiches/29989.html

    instal aussi internet 7 :

    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    apres je te conseil de sésinstaller avast car c est une vrai passoire ( t en a eu le preuve) et instal antivir :

    https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

    puis met le a jours et lance l analyse complete et poste moi le rapport stp
    0
  9. gorgutz Messages postés 260 Statut Membre 12
     
    Rapport avira:
    Avira AntiVir Personal
    Report file date: dimanche 20 avril 2008 17:24

    Scanning for 1218459 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: NICOLAS-YH79R6H

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 15:12:55
    ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 15:13:00
    Engineversion : 8.1.0.32
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.26 233850 Bytes 20/04/2008 15:13:24
    AESCN.DLL : 8.1.0.14 119156 Bytes 20/04/2008 15:13:22
    AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
    AEPACK.DLL : 8.1.1.2 364917 Bytes 20/04/2008 15:13:19
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/04/2008 15:13:17
    AEHEUR.DLL : 8.1.0.18 1167735 Bytes 20/04/2008 15:13:15
    AEHELP.DLL : 8.1.0.14 115063 Bytes 20/04/2008 15:13:06
    AEGEN.DLL : 8.1.0.17 299380 Bytes 20/04/2008 15:13:05
    AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
    AECORE.DLL : 8.1.0.27 168310 Bytes 20/04/2008 15:13:03
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 20 avril 2008 17:24

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
    Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'mqtgsvc.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'mqsvc.exe' - '1' Module(s) have been scanned
    Scan process 'snmp.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'msdtc.exe' - '1' Module(s) have been scanned
    Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
    Scan process 'mravsc32.exe' - '1' Module(s) have been scanned
    Module is infected -> 'C:\WINDOWS\system32\dllcache\mravsc32.exe'
    Scan process 'cisvc.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    Process 'mravsc32.exe' has been terminated
    C:\WINDOWS\system32\dllcache\mravsc32.exe
    [DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
    [NOTE] The file was deleted!

    32 processes with 31 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    C:\WINDOWS\system32\hwqrwhbb.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!

    The registry was scanned ( '30' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\upload_moi_NICOLAS-YH79R6H.tar.gz
    [0] Archive type: GZ
    --> upload_moi.tar
    [1] Archive type: TAR (tape archiver)
    --> WINDOWS/System32/mto.exe
    [DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
    --> WINDOWS/System32/yygc.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    --> WINDOWS/System32/gqezey.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> WINDOWS/System32/jvpjbgoz.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> WINDOWS/System32/scctkkh.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    --> WINDOWS/System32/tfsjotr.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> WINDOWS/System32/bpfgar.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    --> WINDOWS/System32/moywed.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> WINDOWS/System32/vscauso.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    --> WINDOWS/System32/yzed.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> WINDOWS/System32/qretpke.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    --> WINDOWS/System32/mljjgded.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    --> WINDOWS/System32/hwqrwhbb.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    --> WINDOWS/System32/rqRiJyvu.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    --> WINDOWS/System32/qoMffCvS.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    --> WINDOWS/System32/npaoxjra.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45U789MB\ddos[1].htm
    [DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [WARNING] The file was ignored!
    C:\Documents and Settings\Nico\Local Settings\Temp\_bm1fcmlkY2NudF9oYV9tYV9rdzFfbWE1ZnJz_c29mdA_bm1fX2YyYTQ5MzEwMGJlZTExZGQ5ZGM0ZmZmZmZmY2ZmZmZmX2I0OWI2Y2NmOGY1YjQ1ZjY4MTJmNDMwODJjMmFhN2Yx_.EXE
    [DETECTION] Is the Trojan horse TR/Peed.A.280
    [NOTE] The file was deleted!
    C:\Documents and Settings\Nico\Local Settings\Temp\_ZGlyZWN0bHlvbl9tYTVmcnM_a2V5aW4_a2V5aW4_.exe
    [DETECTION] Is the Trojan horse TR/Peed.A.280
    [WARNING] The file was ignored!
    C:\Program Files\SpyErazer\QuarantineFolder\{362579CF-D429-4992-9E23-03DC3EC767D1}
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP16\A0005634.exe
    [DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP16\A0005635.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001169.exe
    [DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001170.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001171.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001174.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001176.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001177.scr
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001178.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001179.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001180.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001181.exe
    [DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001182.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001183.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001184.exe
    [DETECTION] Is the Trojan horse TR/Killav.28714
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001189.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\abzwsiz.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\anlyvs.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\awofuyuc.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\bcslh.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\bocitfj.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\bpfgar.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\bpnx.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\bxmaq.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\bxolgqna.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\cakzznkw.exe
    [DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\cqcrwdmx.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\dlwyyz.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\dpkemvm.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\dqkb.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\dszton.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\dvjeaezu.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\dxeewn.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\dzfe.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\eqoypoh.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\gaxxx.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\ghmkiwj.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\gjjezxqx.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\gqezey.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\hnjb.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\htunbg.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\iqxcx.exe
    [DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\jiuuws.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\jvpjbgoz.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\jxcnb.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\kdlsnqv.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\kopwzp.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\lfxk.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\llnzhw.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\lyxpsqae.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\mevp.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\mljjgded.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\momp.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\moywed.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\mto.exe
    [DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\mugf.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\mugi.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\nkehmhxn.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\nlfywc.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\npaoxjra.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\nutue.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\ohwvnyxn.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\ootfetsr.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\oyjqn.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\powtls.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\puiuxy.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\pwdp.exe
    [DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\qefau.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\qoMffCvS.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\qpag.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\qretpke.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\qunmjmrz.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\rnaifgzv.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\rqRiJyvu.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\rsyn.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\saurucf.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\scctkkh.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\srqzydse.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\stkt.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\swns.exe
    [DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\tbagy.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\tfsjotr.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\tiwxwe.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\tnbesl.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\uddjlabm.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\unosbb.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\upwwn.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\vohltyb.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\vscauso.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\wkigrp.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\xctnr.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\xpiglyei.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\yicy.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\yygc.exe
    [DETECTION] Is the Trojan horse TR/NoUpdate.B.48
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\yzed.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\zhts.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\zoju.exe
    [DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\drivers\etc\hosts
    [DETECTION] Is the Trojan horse TR/Qhost.AA
    [NOTE] The file was deleted!
    C:\WINDOWS\Temp\DIL4.tmp
    [DETECTION] Is the Trojan horse TR/Favadd.BF
    [NOTE] The file was deleted!

    End of the scan: dimanche 20 avril 2008 18:00
    Used time: 35:38 min

    The scan has been done completely.

    2202 Scanning directories
    96337 Files were scanned
    122 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    103 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    96215 Files not concerned
    950 Archives were scanned
    5 Warnings
    103 Notes
    0
  10. cedric241 Messages postés 3380 Statut Membre 119
     
    ok il a fait le menage

    refais un scan hijackthis et poste moi le rapport stp
    0
  11. gorgutz Messages postés 260 Statut Membre 12
     
    ok,here we go:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:21:04, on 20/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\mqsvc.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Nico\Local Settings\Temporary Internet Files\Content.IE5\3YKR72IJ\HiJackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: {d6204c42-a0c1-1409-abd4-a550dceb9db1} - {1bd9becd-055a-4dba-9041-1c0a24c4026d} - C:\WINDOWS\System32\npaoxjra.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [Microsoft Anivirus Monitor Process] antiv.exe
    O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
    O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\FICHIE~1\LIBRES~1\cookw.exe" -start
    O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Nico\Bureau\install_sbd_fr.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
    O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    0
  12. cedric241 Messages postés 3380 Statut Membre 119
     
    ok il te reste des infections

    fais ceci :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  13. gorgutz Messages postés 260 Statut Membre 12
     
    rapport combofix:
    ComboFix 08-04-18.3 - Nico 2008-04-20 18:38:53.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.533 [GMT 2:00]
    Endroit: C:\Documents and Settings\Nico\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\Cache
    C:\WINDOWS\system32\dedgjjlm.ini
    C:\WINDOWS\system32\dedgjjlm.ini2

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DHLP

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-20 17:08 . 2008-04-20 17:08 <REP> d-------- C:\Program Files\Avira
    2008-04-20 17:08 . 2008-04-20 17:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-20 16:54 . 2008-04-20 18:38 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
    2008-04-20 16:47 . 2008-04-20 16:47 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2008-04-20 16:41 . 2008-04-20 16:44 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-04-20 16:19 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-04-20 16:19 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-04-20 16:19 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-04-20 16:19 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-04-20 16:19 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-04-20 16:19 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-04-20 16:19 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-04-20 16:19 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-04-20 16:19 . 2006-10-27 15:09 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
    2008-04-20 16:19 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-20 16:07 . 2008-04-20 16:07 <REP> d-------- C:\Documents and Settings\NetworkService\Menu D‚marrer
    2008-04-20 15:51 . 2008-04-20 16:09 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
    2008-04-20 15:44 . 2004-08-19 16:09 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
    2008-04-20 15:44 . 2004-08-19 16:10 32,768 --a------ C:\WINDOWS\system32\snmp.exe
    2008-04-20 15:44 . 2004-08-19 16:10 32,768 --a--c--- C:\WINDOWS\system32\dllcache\snmp.exe
    2008-04-20 15:42 . 2008-04-20 15:42 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-04-20 15:42 . 2004-08-19 16:09 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
    2008-04-20 15:26 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02423_.tmp
    2008-04-20 15:17 . 2008-04-20 15:48 <REP> d-------- C:\WINDOWS\EHome
    2008-04-20 15:08 . 2008-04-20 15:08 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
    2008-04-20 12:04 . 2008-04-20 12:04 <REP> d-------- C:\Documents and Settings\Nico\Application Data\Malwarebytes
    2008-04-20 12:03 . 2008-04-20 13:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-20 12:03 . 2008-04-20 12:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-20 12:03 . 2008-04-20 12:03 74,752 --a------ C:\scxxsjah.exe
    2008-04-20 10:28 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
    2008-04-20 09:49 . 2008-04-20 13:11 1,541,089 ---hs---- C:\WINDOWS\system32\bbhwrqwh.ini
    2008-04-20 09:46 . 2008-04-20 09:46 118 --a------ C:\WINDOWS\system32\ymgokcbp.bat
    2008-04-20 09:06 . 2008-04-20 09:47 1,540,677 ---hs---- C:\WINDOWS\system32\hcqbtvso.ini
    2008-04-20 08:51 . 2004-08-03 23:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime
    2008-04-20 08:51 . 2004-08-03 23:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime
    2008-04-20 08:51 . 2004-08-03 23:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime
    2008-04-20 08:51 . 2004-08-03 23:04 79,360 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime
    2008-04-20 08:51 . 2003-04-24 14:00 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime
    2008-04-20 08:51 . 2004-08-03 23:04 65,536 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime
    2008-04-20 08:51 . 2003-04-24 14:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
    2008-04-20 08:51 . 2003-04-24 14:00 31,360 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
    2008-04-20 08:49 . 2003-04-24 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
    2008-04-20 08:48 . 2003-04-24 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-04-20 08:47 . 2003-04-24 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
    2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
    2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
    2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
    2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
    2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
    2008-04-20 08:42 . 2008-04-20 08:42 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
    2008-04-20 08:41 . 2004-08-19 16:09 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
    2008-04-20 08:41 . 2003-04-24 14:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
    2008-04-20 08:41 . 2003-04-24 14:00 65,536 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
    2008-04-20 08:41 . 2003-04-24 14:00 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
    2008-04-20 08:25 . 2003-04-24 14:00 1,086,182 -ra------ C:\WINDOWS\SET22.tmp
    2008-04-19 18:41 . 2008-04-19 18:41 <REP> d-------- C:\Program Files\Google
    2008-04-19 14:53 . 2008-04-19 16:26 4 --a------ C:\WINDOWS\scanreg.ini
    2008-04-19 14:49 . 2005-02-01 14:49 12 --a------ C:\WINDOWS\system32\wsxttime.sys
    2008-04-19 14:37 . 2008-04-20 16:57 <REP> d-------- C:\Program Files\Systerac XP Tools 3
    2008-04-19 14:36 . 2008-04-19 14:36 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-04-19 14:23 . 2008-04-20 16:55 <REP> d-------- C:\Program Files\SpyErazer
    2008-04-19 14:23 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
    2008-04-19 14:23 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
    2008-04-19 14:23 . 2008-04-19 14:23 3,120 --a------ C:\WINDOWS\system32\118290.54
    2008-04-19 14:23 . 2008-04-19 14:23 3,120 --a------ C:\WINDOWS\118294.78
    2008-04-19 14:23 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
    2008-04-19 11:30 . 2008-04-20 16:46 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-04-19 11:30 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-04-19 11:27 . 2008-04-19 11:27 <REP> d-------- C:\WINDOWS\system32\bits
    2008-04-19 11:26 . 2004-08-19 16:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
    2008-04-19 11:26 . 2004-08-19 16:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2008-04-19 11:26 . 2004-08-19 16:09 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
    2008-04-19 11:26 . 2004-08-19 16:09 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
    2008-04-19 11:20 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-04-19 11:20 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-04-19 11:18 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
    2008-04-19 11:18 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
    2008-04-19 11:18 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
    2008-04-19 11:18 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
    2008-04-19 11:18 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
    2008-04-19 11:18 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
    2008-04-19 11:18 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-04-19 11:18 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
    2008-04-19 10:59 . 2008-04-20 12:05 2 --a------ C:\1756552116
    2008-04-19 09:19 . 2007-01-25 16:37 4,027,456 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
    2008-04-19 09:18 . 2008-04-19 09:18 <REP> d-------- C:\Program Files\Realtek AC97
    2008-04-19 09:18 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
    2008-04-19 09:18 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
    2008-04-19 09:17 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
    2008-04-19 09:01 . 2008-04-19 09:01 <REP> d---s---- C:\Documents and Settings\Nico\UserData
    2008-04-19 07:22 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2008-04-19 07:19 . 2008-04-20 11:38 109,756 --a------ C:\WINDOWS\BM6b81e887.xml
    2008-04-19 06:43 . 2003-04-24 14:00 1,086,182 -ra------ C:\WINDOWS\SET1B.tmp
    2008-04-19 06:43 . 2003-04-24 14:00 13,923 -ra------ C:\WINDOWS\SET27.tmp
    2008-04-18 00:44 . 2008-04-18 00:44 116 --a------ C:\WINDOWS\system32\nbsven.bat
    2008-04-17 18:07 . 2008-04-19 19:26 425,459 --a------ C:\Documents and Settings\Nico\scan.dat
    2008-04-17 18:06 . 2008-04-17 18:06 114 --a------ C:\WINDOWS\system32\hjkh.bat
    2008-04-17 18:03 . 2008-04-17 18:03 123 --a------ C:\WINDOWS\system32\ikye.bat
    2008-04-17 17:59 . 2008-04-17 17:59 0 -ra------ C:\WINDOWS\system32\TFTP672
    2008-04-17 17:50 . 2008-04-17 17:50 <REP> d-------- C:\Documents and Settings\Nico\Application Data\libresystem
    2008-04-17 17:45 . 2008-04-17 17:45 <REP> dr------- C:\Documents and Settings\All Users\Application Data\libresystem
    2008-04-17 17:44 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2008-04-17 17:23 . 2008-04-17 17:23 121 --a------ C:\WINDOWS\system32\unnpqyed.bat
    2008-04-16 21:38 . 2003-04-24 14:00 28,160 --a--c--- C:\WINDOWS\system32\dllcache\msoobe.exe
    2008-04-16 21:33 . 2004-08-19 15:52 411,648 --a------ C:\WINDOWS\system32\mstsc.exe
    2008-04-16 21:22 . 2003-04-24 14:00 1,086,182 -ra------ C:\WINDOWS\SET19.tmp
    2008-04-16 21:22 . 2003-04-24 14:00 13,923 -ra------ C:\WINDOWS\SET25.tmp
    2008-04-16 19:30 . 2008-04-16 19:30 <REP> d-------- C:\Documents and Settings\Daphn‚
    2008-04-16 19:19 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-04-16 19:19 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
    2008-04-16 19:19 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
    2008-04-16 19:18 . 2008-04-16 19:18 <REP> d-------- C:\Program Files\Alwil Software
    2008-04-16 18:58 . 2008-04-16 18:58 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-04-16 18:54 . 2008-04-16 18:54 0 -ra------ C:\WINDOWS\system32\TFTP5412
    2008-04-16 18:40 . 2008-04-16 18:40 13,736 --a------ C:\WINDOWS\system32\wpa.bak
    2008-04-16 18:39 . 2008-04-16 18:39 0 -ra------ C:\WINDOWS\system32\TFTP3304
    2008-04-16 18:24 . 2008-04-16 18:24 <REP> d-------- C:\Program Files\Rockstar Games
    2008-04-08 19:32 . 2008-04-08 19:32 <REP> d-------- C:\WINDOWS\system32\URTTemp
    2008-04-08 19:28 . 2008-04-08 19:28 0 --a------ C:\WINDOWS\frontpg.ini
    2008-04-08 19:27 . 2008-04-08 19:27 <REP> d-------- C:\WINDOWS\IIS Temporary Compressed Files
    2008-04-08 19:25 . 2008-04-08 19:26 <REP> d-------- C:\WINDOWS\system32\msmq
    2008-04-07 05:12 . 2008-04-19 19:20 <REP> d-------- C:\Documents and Settings\Nico\Application Data\MSN6
    2008-04-07 05:12 . 2008-04-07 05:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
    2008-04-07 05:05 . 2008-04-07 05:05 <REP> d---s---- C:\WINDOWS\system32\Microsoft
    2008-04-07 05:05 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-05 05:54 --------- d-----w C:\Program Files\Services en ligne
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1bd9becd-055a-4dba-9041-1c0a24c4026d}]
    C:\WINDOWS\System32\npaoxjra.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10 1667584]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-19 18:41 171448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
    "MsmqIntCert"="regsvr32 /s mqrt.dll" []
    "Microsoft Anivirus Monitor Process"="antiv.exe" []
    "Microsft Security Monitor Process"="mssmpp.exe" []
    "cookw"="C:\PROGRA~1\FICHIE~1\LIBRES~1\cookw.exe" [ ]
    "SBI"="C:\Documents and Settings\Nico\Bureau\install_sbd_fr.exe" [ ]
    "SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\SOUNDMAN.EXE]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Microsoft Anivirus Monitor Process"="antiv.exe" []
    "Microsft Security Monitor Process"="mssmpp.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\mqsvc.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R2 Machnm32;Machnm32 Driver;C:\WINDOWS\System32\Machnm32.sys [2003-08-13 00:27]
    R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-19 16:09]
    S2 Distributed Allocated Memory Unit;Distributed Allocated Memory Unit;"C:\WINDOWS\system32\dllcache\mravsc32.exe" []

    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-20 18:43:46
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\snmp.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-20 18:46:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-20 16:46:49

    Pre-Run: 32,560,791,552 octets libres
    Post-Run: 32,595,222,528 octets libres

    219
    0
  14. cedric241 Messages postés 3380 Statut Membre 119
     
    refais un scan hijackthis et poste le rapport stp
    0
  15. gorgutz Messages postés 260 Statut Membre 12
     
    --Le voici:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:08:11, on 20/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\mqsvc.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Nico\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: {d6204c42-a0c1-1409-abd4-a550dceb9db1} - {1bd9becd-055a-4dba-9041-1c0a24c4026d} - C:\WINDOWS\System32\npaoxjra.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [Microsoft Anivirus Monitor Process] antiv.exe
    O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
    O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\FICHIE~1\LIBRES~1\cookw.exe" -start
    O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Nico\Bureau\install_sbd_fr.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
    O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    0
  16. cedric241 Messages postés 3380 Statut Membre 119
     
    supprime ces lignes:

    O2 - BHO: {d6204c42-a0c1-1409-abd4-a550dceb9db1} - {1bd9becd-055a-4dba-9041-1c0a24c4026d} - C:\WINDOWS\System32\npaoxjra.dll (file missing)

    O4 - HKLM\..\Run: [Microsoft Anivirus Monitor Process] antiv.exe
    O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
    O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\FICHIE~1\LIBRES~1\cookw.exe" -start

    O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
    O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe

    pour les supprimer tu les coches ensuite tu clic sur fix checked

    apres fais ça :

    Démarrer > executer > ' services.msc ' ,

    - Clic droit sur le service cité - Distributed Allocated Memory Unit
    - propriétés
    - et dans "type de démarrage" et mets le sur « désactivé ».
    - Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

    Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html

    2) Supprime le dossier :

    Va dans "C:\WINDOWS\system32\trouve et supprime le dossier dllcache
    0
    1. gorgutz Messages postés 260 Statut Membre 12
       
      ok...

      -
      Pas de pain, pas de gain!
      0
  17. cedric241 Messages postés 3380 Statut Membre 119
     
    ok refais un scan hijackthis et poste le nouveau rapport stp
    0
  18. gorgutz Messages postés 260 Statut Membre 12
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:46:33, on 20/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\mqsvc.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Nico\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Nico\Bureau\install_sbd_fr.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    0
  19. cedric241 Messages postés 3380 Statut Membre 119
     
    ton rapport est propre mis a part cette ligne:

    O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)

    pour l enlever

    il faut faire ceci :

    Démarrer > executer > ' services.msc ' ,

    - Clic droit sur le service cité - Distributed Allocated Memory Unit
    - propriétés
    - et dans "type de démarrage" et mets le sur « désactivé ».
    - Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

    Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html

    2) Supprime le dossier :

    Va dans cherche et supprime ce fichier :
    C:\WINDOWS\system32\dllcache\mravsc32.exe
    0
  20. gorgutz Messages postés 260 Statut Membre 12
     
    je ne trouve pas le fichier C:\WINDOWS\system32\dllcache\mravsc32.exe,malgré une recherche poussée...
    0
  21. cedric241 Messages postés 3380 Statut Membre 119
     
    ok si tu le trouve supprme le

    _Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
    En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
    De plus ils sont mis régulièrement à jours.

    ? Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

    http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

    ? Double clique sur ToolsCleaner2.exe >
    ? Clique sur .Recherche
    ? puis sur Suppression quand la liste est trouvée.
    ? Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

    CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
    Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

    Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

    Tuto : https://www.commentcamarche.net/list 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )
    0
    1. gorgutz Messages postés 260 Statut Membre 12
       
      un message d erreur apparait: impossible d importer C:\Sauv.reg.Voici le seul rapport dont je dispose:
      ---->- Recherche:

      C:\Qoobox: trouvé !
      C:\Documents and Settings\Nico\Bureau\ComboFix.exe: trouvé !
      C:\Documents and Settings\Nico\Bureau\HijackThis.exe: trouvé !
      C:\Documents and Settings\Nico\Bureau\Clean: trouvé !
      C:\Documents and Settings\Nico\Bureau\Clean\Clean: trouvé !

      ---------------------------------
      -->- Suppression:

      C:\Documents and Settings\Nico\Bureau\ComboFix.exe: supprimé !
      C:\Documents and Settings\Nico\Bureau\HijackThis.exe: supprimé !
      C:\Qoobox: supprimé !
      C:\Documents and Settings\Nico\Bureau\Clean: supprimé !

      Fichiers temporaires nettoyés !
      Sauvegarde du registre crée!
      Pas de pain, pas de gain!
      0
  • 1
  • 2