Sujet Précédent Sujet Suivant

Victime de Antivirus xp 2008 de l'aide svp

Résolu/Fermé
DeeAmo - 12 juil. 2008 à 22:44
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 14 juil. 2008 à 22:32
Bonjour, j'ai lus quelques post donc voilà mon rapport hijackthis merci de m'aider
ps:(je n'y connais pas grand chose en informatique)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:42, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\All Users\Application Data\nanidcla\vilclizi.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\tsdcdsfe.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
C:\WINDOWS\system32\pphcngtj0eedt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {36274467-48E2-4E14-8BC7-A65C486D6589} - C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\J52EEOZ8\3077ahntdksr[1].dll
O2 - BHO: (no name) - {66CD0D50-5FB0-46B1-917C-C4CA375DD94a} - C:\WINDOWS\system32\cqelarhn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {BC728C13-5691-4529-A1C2-E662A9AD1C87} - C:\WINDOWS\system32\qoMcawxw.dll
O2 - BHO: {2a0d661f-1798-f8b8-0014-6abb42abb01e} - {e10bba24-bba6-4100-8b8f-8971f166d0a2} - C:\WINDOWS\system32\jmmypa.dll
O2 - BHO: (no name) - {FAC1FD87-D9B0-4947-9C8B-3C9E081885DB} - C:\WINDOWS\system32\jkkJAQjK.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mswinlogon] C:\Winnt\mswinlogon.exe
O4 - HKLM\..\Run: [SMrhcjgtj0eedt] C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
O4 - HKLM\..\Run: [BM7be44a39] Rundll32.exe "C:\WINDOWS\system32\bkknhkqx.dll",s
O4 - HKLM\..\Run: [78d779a5] rundll32.exe "C:\WINDOWS\system32\mbkfbbio.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [77oQHDZ5lf] C:\Documents and Settings\All Users\Application Data\nanidcla\vilclizi.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] gpedits.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: qoMcawxw - C:\WINDOWS\SYSTEM32\qoMcawxw.dll
O21 - SSODL: setcom - {752BCA1B-42D5-8288-E6FD-050FFE506C88} - C:\Program Files\qbfhvwc\setcom.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
14 juil. 2008 à 12:00
Option 2 - Nettoyage :


Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage).

Double cliquer sur smitfraudfix

Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.


Redémarrer en mode normal et poster le rapport.

ensuite refais une analyse complete avec malwarebytes stp et poste son rapport
1
Réponse 2 / 21
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
12 juil. 2008 à 22:45
Salut !!

pour commencer :

Option 1 - Recherche :


télécharger smitfraudfix : http://telechargement.zebulon.fr/smitfraudfix.html

Dézipper la totalité de l'archive smitfraudfix.zip.

Double cliquer sur smitfraudfix.cmd
Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

copier/coller le rapport dans la réponse.
0
Réponse 3 / 21
DeeAmo
13 juil. 2008 à 12:41
Je te remercie pou ta réponse rapide voilà le rapport :

SmitFraudFix v2.329

Rapport fait à 12:34:50,13, 13/07/2008
Executé à partir de C:\Documents and Settings\Julien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\nanidcla\vilclizi.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\pphcngtj0eedt.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\yvevqxgl.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Julien\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 4 / 21
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 juil. 2008 à 12:44
ok maintenant fais tout ce qui suit :

Option 2 - Nettoyage :


Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage).

Double cliquer sur smitfraudfix.cmd

Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.


Redémarrer en mode normal et poster le rapport.

ensuite :

Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread


= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection

un rapport s'ouvre le copier et le coller dans la réponse

Puis redémarrer le pc !!

ensuite :

Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

déconnecte internet et désactive ton antivirus le temps de la manipulation



=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau

Et refais un nouveau rapport hijackthis stp
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
DeeAmo
13 juil. 2008 à 13:34
j'ai terminé la première étape voilà le rapport par contre le fix na pas déterminer si le fichier wininet.dll est infecté je recommence ou passe a la suite?

SmitFraudFix v2.329

Rapport fait à 13:19:12,17, 13/07/2008
Executé à partir de C:\Documents and Settings\Julien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 6 / 21
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 juil. 2008 à 13:36
non c est bon, tu peux faire la suite
0
Réponse 7 / 21
DeeAmo
13 juil. 2008 à 14:32
Voilà les 3 rapports dans l'ordre

Malware :

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 942
Windows 5.1.2600 Service Pack 2

14:05:34 13/07/2008
mbam-log-7-13-2008 (14-05-34).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 108720
Temps écoulé: 27 minute(s), 6 second(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 9
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 42

Processus mémoire infecté(s):
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\system32\lphcngtj0eedt.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\pphcngtj0eedt.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mlJASJyA.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\jkkJAQjK.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mbkfbbio.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mlJATMgf.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\qoMcawxw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\rhcjgtj0eedt\MFC71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhcjgtj0eedt\msvcp71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhcjgtj0eedt\msvcr71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\WINDOWS\system32\blphcngtj0eedt.scr (Trojan.FakeAlert) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3033e73-7fd3-4afc-bed9-e11d30ea7571} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3033e73-7fd3-4afc-bed9-e11d30ea7571} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccb0e4c2-2dd5-4a5b-86a8-b8a3c8d8b05c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ccb0e4c2-2dd5-4a5b-86a8-b8a3c8d8b05c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fac1fd87-d9b0-4947-9c8b-3c9e081885db} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fac1fd87-d9b0-4947-9c8b-3c9e081885db} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bc728c13-5691-4529-a1c2-e662a9ad1c87} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc728c13-5691-4529-a1c2-e662a9ad1c87} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomcawxw (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\78d779a5 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bc728c13-5691-4529-a1c2-e662a9ad1c87} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm7be44a39 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcngtj0eedt (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\rhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\mlJATMgf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fgMTAJlm.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fgMTAJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJASJyA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\AyJSAJlm.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\AyJSAJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkJAQjK.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\KjQAJkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KjQAJkkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mbkfbbio.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\oibbfkbm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMcawxw.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\ZZJWO97V\3077ahntdksr[1].dll (Trojan.Pakes) -> Delete on reboot.
C:\Program Files\rhcjgtj0eedt\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014212.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014213.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014214.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014215.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014216.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014217.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014218.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP37\A0014374.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oydbkgcv.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\BM7be44a39.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM7be44a39.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcngtj0eedt.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcngtj0eedt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcngtj0eedt.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcngtj0eedt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.


Le 2nd VBG:


[07/13/2008, 14:18:42] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Julien\Bureau\VirtumundoBeGone.exe" )
[07/13/2008, 14:18:45] - Detected System Information:
[07/13/2008, 14:18:45] - Windows Version: 5.1.2600, Service Pack 2
[07/13/2008, 14:18:46] - Current Username: Julien (Admin)
[07/13/2008, 14:18:46] - Windows is in NORMAL mode.
[07/13/2008, 14:18:46] - Searching for Browser Helper Objects:
[07/13/2008, 14:18:46] - BHO 1: {1aa87772-d4b9-4df0-bbb2-a7587d8ef94c} ()
[07/13/2008, 14:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2008, 14:18:46] - Checking for HKLM\...\Winlogon\Notify\hcsion
[07/13/2008, 14:18:46] - Key not found: HKLM\...\Winlogon\Notify\hcsion, continuing.
[07/13/2008, 14:18:46] - BHO 2: {43B0961D-98C8-48AE-BC2F-77D38DDC66C4} ()
[07/13/2008, 14:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2008, 14:18:46] - Checking for HKLM\...\Winlogon\Notify\3077ahntdksr[1]
[07/13/2008, 14:18:46] - Key not found: HKLM\...\Winlogon\Notify\3077ahntdksr[1], continuing.
[07/13/2008, 14:18:46] - BHO 3: {66CD0D50-5FB0-46B1-917C-C4CA375DD94a} ()
[07/13/2008, 14:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2008, 14:18:46] - Checking for HKLM\...\Winlogon\Notify\cqelarhn
[07/13/2008, 14:18:46] - Key not found: HKLM\...\Winlogon\Notify\cqelarhn, continuing.
[07/13/2008, 14:18:46] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/13/2008, 14:18:46] - BHO 5: {CD7BA859-DB5E-4DEB-9833-8A0FC18FF7CF} ()
[07/13/2008, 14:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2008, 14:18:46] - Checking for HKLM\...\Winlogon\Notify\mlJASJyA
[07/13/2008, 14:18:46] - Key not found: HKLM\...\Winlogon\Notify\mlJASJyA, continuing.
[07/13/2008, 14:18:46] - Finished Searching Browser Helper Objects
[07/13/2008, 14:18:46] - Finishing up...
[07/13/2008, 14:18:46] - Nothing found! Exiting...


et le rapport hijackthis je precise au passage que jai tjrs le le fond decran bleu du "virus"


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:52, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\All Users\Application Data\nanidcla\vilclizi.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\pphcngtj0eedt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\faditkne.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\test.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: {c49fe8d7-857a-2bbb-0fd4-9b4d27778aa1} - {1aa87772-d4b9-4df0-bbb2-a7587d8ef94c} - C:\WINDOWS\system32\hcsion.dll
O2 - BHO: (no name) - {43B0961D-98C8-48AE-BC2F-77D38DDC66C4} - C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\ZZJWO97V\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {66CD0D50-5FB0-46B1-917C-C4CA375DD94a} - C:\WINDOWS\system32\cqelarhn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {CD7BA859-DB5E-4DEB-9833-8A0FC18FF7CF} - C:\WINDOWS\system32\mlJASJyA.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mswinlogon] C:\Winnt\mswinlogon.exe
O4 - HKLM\..\Run: [SMrhcjgtj0eedt] C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
O4 - HKLM\..\Run: [lphcngtj0eedt] C:\WINDOWS\system32\lphcngtj0eedt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [77oQHDZ5lf] C:\Documents and Settings\All Users\Application Data\nanidcla\vilclizi.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] gpedits.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: setcom - {752BCA1B-42D5-8288-E6FD-050FFE506C88} - C:\Program Files\qbfhvwc\setcom.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
0
Réponse 8 / 21
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 juil. 2008 à 14:35
as tu bien redémarrer apres malwarebytes ??
0
Réponse 9 / 21
DeeAmo
13 juil. 2008 à 14:42
oui j'ai suivis toutes les étapes à la lettre
0
Réponse 10 / 21
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 juil. 2008 à 14:45
ok...fais ceci :

télécharge OtMoveIt

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.


c:\windows\system32\hcsion.dll
c:\documents and settings\all users\application data\nanidcla\vilclizi.exe



clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

ensuite :

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisi nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en gras dans la citation ci-dessous (copie tout d'un trait sans les barres(x)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aa87772-d4b9-4df0-bbb2-a7587d8ef94c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1aa87772-d4b9-4df0-bbb2-a7587d8ef94c}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"77oQHDZ5lf"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"WinUpdating"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Printing Driver"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler à ca une fois enregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"


ensuite refais un nouveau rapport hijackthis stp
0
Réponse 11 / 21
DeeAmo
13 juil. 2008 à 14:54
voilà le rapport

DllUnregisterServer procedure not found in c:\windows\system32\hcsion.dll
c:\windows\system32\hcsion.dll NOT unregistered.
c:\windows\system32\hcsion.dll moved successfully.
c:\documents and settings\all users\application data\nanidcla\vilclizi.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07132008_144927

et le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:32, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\All Users\Application Data\nanidcla\vilclizi.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
C:\WINDOWS\system32\lphcngtj0eedt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\pphcngtj0eedt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\test.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {43B0961D-98C8-48AE-BC2F-77D38DDC66C4} - C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\ZZJWO97V\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {66CD0D50-5FB0-46B1-917C-C4CA375DD94a} - C:\WINDOWS\system32\cqelarhn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {CD7BA859-DB5E-4DEB-9833-8A0FC18FF7CF} - C:\WINDOWS\system32\mlJASJyA.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mswinlogon] C:\Winnt\mswinlogon.exe
O4 - HKLM\..\Run: [SMrhcjgtj0eedt] C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
O4 - HKLM\..\Run: [lphcngtj0eedt] C:\WINDOWS\system32\lphcngtj0eedt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: setcom - {752BCA1B-42D5-8288-E6FD-050FFE506C88} - C:\Program Files\qbfhvwc\setcom.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
0
Réponse 12 / 21
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 juil. 2008 à 15:09
relance hijackthis en cliquant sur scan only et coches ces lignes stp :

O2 - BHO: (no name) - {43B0961D-98C8-48AE-BC2F-77D38DDC66C4} - C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\ZZJWO97V\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {CD7BA859-DB5E-4DEB-9833-8A0FC18FF7CF} - C:\WINDOWS\system32\mlJASJyA.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - Global Startup: BTTray.lnk = ?
O2 - BHO: (no name) - {66CD0D50-5FB0-46B1-917C-C4CA375DD94a} - C:\WINDOWS\system32\cqelarhn.dll
O4 - HKLM\..\Run: [SMrhcjgtj0eedt] C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
O4 - HKLM\..\Run: [lphcngtj0eedt] C:\WINDOWS\system32\lphcngtj0eedt.exe

puis tu cliques sur fix checked.

ensuite :

je ne vois pas d antivirus...télécharge antivir à cette adresse : https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

et voici un tuto pour bien le configurer : https://www.malekal.com/avira-free-security-antivirus-gratuit/

Vas faire les mises à niveau de java et adobe reader à ces adresses :

java : https://www.java.com/fr/download/manual.jsp

adobe reader XP : http://www.clubic.com/lancer-le-telechargement-37823-0-adobe-reader-acrobat.html

et désinstalle les versions antérieures de java et adobe reader

est ce que tu as encore des problemes ??
0
Réponse 13 / 21
DeeAmo
14 juil. 2008 à 00:48
et bien j'ai tjrs entivirus xp 2008 avec un fond d'ecran bleu qui me dit "warning! spyware detected on your computer!"

merci beaucoup de t'attarder sur mon probleme...(jai fai un scan avec antivir en mode sans echec je post le rapport je ne sais pas si sa te sera utile)



Avira AntiVir Personal
Report file date: dimanche 13 juillet 2008 16:24

Scanning for 1419754 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Julien
Computer name: PINGAULT

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:24:32
ANTIVIR2.VDF : 7.0.5.86 547840 Bytes 09/07/2008 13:24:37
ANTIVIR3.VDF : 7.0.5.103 247296 Bytes 11/07/2008 13:24:40
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 13/07/2008 13:25:01
AESCN.DLL : 8.1.0.22 119157 Bytes 13/07/2008 13:24:59
AERDL.DLL : 8.1.0.20 418165 Bytes 13/07/2008 13:24:58
AEPACK.DLL : 8.1.1.6 364918 Bytes 13/07/2008 13:24:54
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 13/07/2008 13:24:52
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 13/07/2008 13:24:51
AEHELP.DLL : 8.1.0.15 115063 Bytes 13/07/2008 13:24:45
AEGEN.DLL : 8.1.0.29 307573 Bytes 13/07/2008 13:24:44
AEEMU.DLL : 8.1.0.6 430451 Bytes 13/07/2008 13:24:42
AECORE.DLL : 8.1.0.32 168311 Bytes 13/07/2008 13:24:41
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, G:, E:, F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 13 juillet 2008 16:24

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '39' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Julien\Bureau\SmitfraudFix.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.108
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temp\.tt1.tmp.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\GQCNEZMO\3077ahntdksr[1].dll
[DETECTION] Is the Trojan horse TR/ATRAPS.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\GQCNEZMO\CAC9KDCJ
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\GQCNEZMO\kb456456[1]
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\S1FZK65Y\kb671231[1]
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b04770.qua'!
C:\Documents and Settings\Julien\Mes documents\Azureus Downloads\Microsoft Office 2007 Keygen.EXE
[DETECTION] Contains detection pattern of the dropper DR/VB.BZ.1
[NOTE] The file was moved to '48dd4779.qua'!
C:\Documents and Settings\Julien\Mes documents\Azureus Downloads\Microsoft Office 2007-Keygen-.zip
[0] Archive type: ZIP
--> Microsoft Office 2007 Keygen.exe
[DETECTION] Contains detection pattern of the dropper DR/Buzus.kmw.4
[NOTE] The file was moved to '49a002fa.qua'!
C:\Documents and Settings\Julien\Mes documents\Azureus Downloads\RLD-dmc4\Crack\Devil_MayCry4_DX10.exe
[DETECTION] Contains detection pattern of the dropper DR/Monderc.7415296
[NOTE] The file was moved to '48f04c3d.qua'!
C:\Documents and Settings\Julien\Mes documents\Azureus Downloads\RLD-dmc4\Crack\Devil_MayCry4_DX9.EXE
[DETECTION] Contains detection pattern of the dropper DR/Monderc.7401984
[NOTE] The file was moved to '48f04c42.qua'!
C:\Documents and Settings\Julien\Mes documents\Mes fichiers reçus\ADOBE CS3 KEYGEN-CRACK.rar
[0] Archive type: RAR
--> ADOBE CS3 KEYGEN-CRACK\Keygen Photoshop CS3 Extended.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.aae.5
[NOTE] The file was moved to '48c95012.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080713-151659-711.dll
[DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
[NOTE] The file was moved to '48dd562b.qua'!
C:\WINDOWS\system32\alzyuv.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48f45837.qua'!
C:\WINDOWS\system32\bkknhkqx.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e5583c.qua'!
C:\WINDOWS\system32\boohfarm.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e95840.qua'!
C:\WINDOWS\system32\cqelarhn.dll
[DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
[NOTE] The file was moved to '48df5853.qua'!
C:\WINDOWS\system32\faditkne.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48de5856.qua'!
C:\WINDOWS\system32\hsskmbmk.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ed5873.qua'!
C:\WINDOWS\system32\iwsaycaw.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ed5880.qua'!
C:\WINDOWS\system32\kvhcyujy.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e25884.qua'!
C:\WINDOWS\system32\lphcngtj0eedt.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e25880.qua'!
C:\WINDOWS\system32\pphcngtj0eedt.exe
[DETECTION] Is the Trojan horse TR/Fakealert.AG
[NOTE] The file was moved to '48e2589b.qua'!
C:\WINDOWS\system32\qeufjv.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ef5891.qua'!
C:\WINDOWS\system32\qrrdglxo.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ec589f.qua'!
C:\WINDOWS\system32\yvevqxgl.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48df58c4.qua'!
C:\_OTMoveIt\MovedFiles\07132008_144927\documents and settings\all users\application data\nanidcla\vilclizi.exe
[DETECTION] Is the Trojan horse TR/Obfuscated.GX.322
[NOTE] The file was moved to '48e65970.qua'!
Begin scan in 'D:\' <Disque local>
D:\Video\julien\NudgeMania.rar
[0] Archive type: RAR
--> NudgeMania.exe
[DETECTION] Is the Trojan horse TR/Flood.VB.DN.1
[NOTE] The file was moved to '48de5fbb.qua'!
D:\Video\julien\Download\movies-codecs1231.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.NMO
[NOTE] The file was moved to '48f061b0.qua'!
D:\Video\julien\Ragdoll Masters v3.0\LineRider ZaDa V1.3c.exe
[DETECTION] Is the Trojan horse TR/PSW.LdPinch.wob
[NOTE] The file was moved to '48e86595.qua'!
Begin scan in 'G:\' <USB JUJU>
Begin scan in 'E:\' <Nouveau>
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: dimanche 13 juillet 2008 22:46
Used time: 6:22:14 min

The scan has been done completely.

8184 Scanning directories
400241 Files were scanned
29 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
5 files were deleted
0 files were repaired
24 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
400212 Files not concerned
2517 Archives were scanned
1 Warnings
29 Notes
0
Réponse 14 / 21
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
14 juil. 2008 à 11:30
Salut !!

vas vider la quarantaine d antivir et ensuite repasse un coup de smtfraudfix :

double clique sur smitfraudfix puis exécuter

Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

copier/coller le rapport dans la réponse.
0
Réponse 15 / 21
DeeAmo
14 juil. 2008 à 11:39
salut! vila le rapport:

SmitFraudFix v2.329

Rapport fait à 11:36:39,98, 14/07/2008
Executé à partir de C:\Documents and Settings\Julien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Julien\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 16 / 21
DeeAmo
14 juil. 2008 à 13:07
rapport smitfraudfix :

SmitFraudFix v2.329

Rapport fait à 12:21:39,71, 14/07/2008
Executé à partir de C:\Documents and Settings\Julien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

et rapport malware:


Malwarebytes' Anti-Malware 1.20
Version de la base de données: 942
Windows 5.1.2600 Service Pack 2

13:05:51 14/07/2008
mbam-log-7-14-2008 (13-05-51).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 108708
Temps écoulé: 35 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\rhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\rhcjgtj0eedt\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcngtj0eedt.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcngtj0eedt.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
0
Réponse 17 / 21
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
14 juil. 2008 à 21:28
est ce que tu as encore des soucis avec antivirus XP 2008 ??
0
Réponse 18 / 21
DeeAmo
14 juil. 2008 à 21:39
Non plus de soucis merci de ta patience et merci de m'avoir aider bonne soirée
0
Réponse 19 / 21
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
14 juil. 2008 à 21:53
ok tant mieux...une derniere chose à faire pour terminer :

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

Télécharge toolscleaner sur ton Bureau : http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
* Double-clique sur ToolsCleaner2.bat et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse


Désactive et réactive la Restauration du système :

1 Dans la barre des tâches de Windows, clique sur Démarrer.

2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.

3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

4 Clique sur Appliquer.

5 Ensuite décoche "Désactiver la restauration du systeme"

6 clique sur appliquer puis ok

7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.
0
Réponse 20 / 21
DeeAmo
14 juil. 2008 à 22:16
Merci voila


-->- Recherche:

C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Julien\Bureau\anti virus\HijackThis.lnk: trouvé !
C:\Documents and Settings\Julien\Bureau\anti virus\VirtumundoBeGone.exe: trouvé !
C:\Documents and Settings\Julien\Bureau\anti virus\HJTInstall.exe: trouvé !
C:\Documents and Settings\Julien\Bureau\anti virus\SmitFraudfix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Julien\Bureau\anti virus\HijackThis.lnk: supprimé !
C:\Documents and Settings\Julien\Bureau\anti virus\VirtumundoBeGone.exe: supprimé !
C:\Documents and Settings\Julien\Bureau\anti virus\HJTInstall.exe: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Julien\Bureau\anti virus\SmitFraudfix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
Coco71 -

15 réponses
Je veux télécharger google earth 2008
manon45 -
jomana -

18 réponses