Problème Trojan
Oz-Dream
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, voilà quelque jours ou j'ai attrapé un/des trojans. Je suis pas très doué dans ce domaine mais j'ai lancé synaptec antivirus SpyWare et Ad-Aware pour un scan complet, ils trouvent des trojan.Byteverify trojan.pandex et trojan.Adclicker
je n'arrive pas à m'en débarrassé.
Quand j'essye de surfer ça ouvre automatiquement des fenêtres avec des pubs, ou alors ça me dit que mon ordi est infecté, les mise a jour window sont désactivé automatiquement et je ne peux pas les réactiver, ça desactive tout seul.
J'ai desactiver la restauration du system et lancé les SpyWare et Synaptec, le problème est toujours là.
Je ne sais plus quoi faire
Merci
je n'arrive pas à m'en débarrassé.
Quand j'essye de surfer ça ouvre automatiquement des fenêtres avec des pubs, ou alors ça me dit que mon ordi est infecté, les mise a jour window sont désactivé automatiquement et je ne peux pas les réactiver, ça desactive tout seul.
J'ai desactiver la restauration du system et lancé les SpyWare et Synaptec, le problème est toujours là.
Je ne sais plus quoi faire
Merci
A voir également:
- Problème Trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Virus trojan al11 ✓ - Forum Virus
3 réponses
slt,
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
Salut, j'ai effectué le scan avec Anti-Malware et j'ai supprimer toute les menaces, ça à l'air de bien marcher maintenant. Mais je ne comprend pas pourquoi mes autres antivirus n'ont rien pu faire ?
Je vous colle le rapport
Malwarebytes' Anti-Malware 1.15
Version de la base de données: 837
18:26:29 08/06/2008
mbam-log-6-8-2008 (18-26-29).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 107948
Temps écoulé: 29 minute(s), 32 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 22
Valeur(s) du Registre infectée(s): 20
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fccaBUOi.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ihbvpabk.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\osfeewsr.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\iifcYPIa.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\nogxfvblvrp.dll (Trojan.FakeAlert) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ccb7375-d591-4405-9501-d35761553d3c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4ccb7375-d591-4405-9501-d35761553d3c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifcypia (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99ba268b-4021-4739-9945-3c774217fe75} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99ba268b-4021-4739-9945-3c774217fe75} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c607c322-f4df-44b7-98f5-fcae55badea0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c607c322-f4df-44b7-98f5-fcae55badea0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.btqp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\54199af4 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\erpobmsw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\adgpfoxs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccabuoi -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.FakeAlert) -> Data: c:\windows\system32\fccabuoi -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\905757 (Trojan.BHO) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\fccaBUOi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iOUBaccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iOUBaccf.ini2 (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ihbvpabk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kbapvbhi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsegjcgm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mgcjgesl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\osfeewsr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rsweefso.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvpyrcjn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\njcrypvw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifcYPIa.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Benjamin\Local Settings\Temp\rbnpsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\DUQF5FRF\css4[1] (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\YG0RYHWM\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\eaps.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\mssrv32.exe (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\xbqmfsed.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\nogxfvblvrp.dll (Trojan.FakeAlert) -> Delete on reboot.
a plus
Je vous colle le rapport
Malwarebytes' Anti-Malware 1.15
Version de la base de données: 837
18:26:29 08/06/2008
mbam-log-6-8-2008 (18-26-29).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 107948
Temps écoulé: 29 minute(s), 32 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 22
Valeur(s) du Registre infectée(s): 20
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fccaBUOi.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ihbvpabk.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\osfeewsr.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\iifcYPIa.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\nogxfvblvrp.dll (Trojan.FakeAlert) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ccb7375-d591-4405-9501-d35761553d3c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4ccb7375-d591-4405-9501-d35761553d3c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifcypia (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99ba268b-4021-4739-9945-3c774217fe75} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99ba268b-4021-4739-9945-3c774217fe75} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c607c322-f4df-44b7-98f5-fcae55badea0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c607c322-f4df-44b7-98f5-fcae55badea0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.btqp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\54199af4 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\erpobmsw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\adgpfoxs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccabuoi -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.FakeAlert) -> Data: c:\windows\system32\fccabuoi -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\905757 (Trojan.BHO) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\fccaBUOi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iOUBaccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iOUBaccf.ini2 (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ihbvpabk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kbapvbhi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsegjcgm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mgcjgesl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\osfeewsr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rsweefso.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvpyrcjn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\njcrypvw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifcYPIa.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Benjamin\Local Settings\Temp\rbnpsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\DUQF5FRF\css4[1] (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\YG0RYHWM\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\eaps.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\mssrv32.exe (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\xbqmfsed.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\nogxfvblvrp.dll (Trojan.FakeAlert) -> Delete on reboot.
a plus
les antivirus n'arretent pas tout!!!
______________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
______________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
______________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
______________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
