Sujet Précédent Sujet Suivant

Infection Win32:Rootkit-gen [Rtk]

Résolu
jerry84 Messages postés 101 Statut Membre -  
benurrr Messages postés 9766 Statut Contributeur sécurité -
Bonjour,

j'ai malencontresement instalé antivirusxp 2008 et je ne peu plus le desinstalé de plus avast me dis que j'ai un logiciel malveillant " winn32:Rootik-gen[Rtk] et chaque fois que je le remet en quarantene il me resort un avertissement
que dois je faire ??

je vous poste mon scan navilog

merci pour votre aide

Search Navipromo version 3.6.1 commencé le 31/07/2008 à 10:24:35,78

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "mon ordi"

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\mon ordi\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\micro\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\mon ordi\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\micro\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\mon ordi\menud+~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier Navipromo trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\mon ordi\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\micro\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\mon ordi\locals~1\applic~1" :

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\micro\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\mTEKkUvw.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 31/07/2008 à 10:26:26,54 ***

12 réponses

Réponse 1 / 12
jerry84 Messages postés 101 Statut Membre 8
 
voila le scan hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:05, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\lphcl67j0e7cl.exe
C:\Program Files\rhcg67j0e7cl\rhcg67j0e7cl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\mon ordi\Application Data\Simply Super Software\Trojan Remover\mjr1F.exe
C:\Documents and Settings\mon ordi\Application Data\Simply Super Software\Trojan Remover\mjr1F.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {28030FA8-2428-4DE6-B0F3-CE9494E1A412} - C:\WINDOWS\system32\urqRLcyV.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {e8ed77f1-7f23-8fdb-45a4-b994f3c07de8} - {8ed70c3f-499b-4a54-bdf8-32f71f77de8e} - C:\WINDOWS\system32\hdbiix.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B2A3C22-4678-41F6-A2D9-A64A3F4C2D11} - C:\WINDOWS\system32\wvUkKETm.dll (file missing)
O3 - Toolbar: fdkowvbp - {C8C4F892-BDDA-4619-A6AB-A9A08E9BF3E1} - C:\WINDOWS\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lphcl67j0e7cl] C:\WINDOWS\system32\lphcl67j0e7cl.exe
O4 - HKLM\..\Run: [SMrhcg67j0e7cl] C:\Program Files\rhcg67j0e7cl\rhcg67j0e7cl.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7241] command /c del "C:\WINDOWS\system32\blphcl67j0e7cl.scr"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O20 - Winlogon Notify: urqRLcyV - C:\WINDOWS\SYSTEM32\urqRLcyV.dll
O21 - SSODL: eqvwamkl - {2794C6AB-B8B5-4187-A181-59AA2D15C6AE} - C:\WINDOWS\eqvwamkl.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 2 / 12
jerry84 Messages postés 101 Statut Membre 8
 
voila le scan hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:05, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\lphcl67j0e7cl.exe
C:\Program Files\rhcg67j0e7cl\rhcg67j0e7cl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\mon ordi\Application Data\Simply Super Software\Trojan Remover\mjr1F.exe
C:\Documents and Settings\mon ordi\Application Data\Simply Super Software\Trojan Remover\mjr1F.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {28030FA8-2428-4DE6-B0F3-CE9494E1A412} - C:\WINDOWS\system32\urqRLcyV.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {e8ed77f1-7f23-8fdb-45a4-b994f3c07de8} - {8ed70c3f-499b-4a54-bdf8-32f71f77de8e} - C:\WINDOWS\system32\hdbiix.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B2A3C22-4678-41F6-A2D9-A64A3F4C2D11} - C:\WINDOWS\system32\wvUkKETm.dll (file missing)
O3 - Toolbar: fdkowvbp - {C8C4F892-BDDA-4619-A6AB-A9A08E9BF3E1} - C:\WINDOWS\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lphcl67j0e7cl] C:\WINDOWS\system32\lphcl67j0e7cl.exe
O4 - HKLM\..\Run: [SMrhcg67j0e7cl] C:\Program Files\rhcg67j0e7cl\rhcg67j0e7cl.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7241] command /c del "C:\WINDOWS\system32\blphcl67j0e7cl.scr"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O20 - Winlogon Notify: urqRLcyV - C:\WINDOWS\SYSTEM32\urqRLcyV.dll
O21 - SSODL: eqvwamkl - {2794C6AB-B8B5-4187-A181-59AA2D15C6AE} - C:\WINDOWS\eqvwamkl.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
Bonjour ;

telecharge malwarbyte http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware a l'intallation verifie que mise a jour et lançer program et scan complet sont bien cocher

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

A la fin du scan clique sur Afficher les résultats

Suppression des éléments détectés >>>> clique sur Supprimer la sélection ou supprimer tout
S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le raport generer
et on attendant une reponse tu peut refaire un scan malwarbyte mais on mode sans echec car beaucoup plus efficace

comment demarer on mode sans echec içi tuto http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec

tu enregistre le raport generer de facon a le retrouver et tu poste le nouveau rapport raport
0
Réponse 3 / 12
jerry84 Messages postés 101 Statut Membre 8
 
merci j'ai commencé le scan mais j'ai plus de parametre de fond d'ecran j'ai un message en guise de fond d'ecrand qui me dis que j'ai des malware ou spyware et que je dois telecharger un antrivirus
0
Réponse 4 / 12
jerry84 Messages postés 101 Statut Membre 8
 
AVANT SUPPRESSION

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1012
Windows 5.1.2600 Service Pack 2

13:50:01 31/07/2008
mbam-log-7-31-2008 (13-49-55).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 74897
Temps écoulé: 10 minute(s), 24 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 22
Fichier(s) infecté(s): 79

Processus mémoire infecté(s):
C:\WINDOWS\system32\lphcl67j0e7cl.exe (Trojan.FakeAlert) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ljJYPhHa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqRLcyV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\blphcl67j0e7cl.scr (Trojan.FakeAlert) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bec016c-2ca7-4f1d-a617-eed096dbdaef} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2bec016c-2ca7-4f1d-a617-eed096dbdaef} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrlcyv (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e866bb34-b5c1-4473-8577-d1f144cae02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.bpbk (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcl67j0e7cl (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyphha -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyphha -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ljJYPhHa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\aHhPYJjl.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\aHhPYJjl.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqRLcyV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\epxs.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\cjklvlnw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\40.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\41.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\opnnnNeB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yohvackm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hdbiix.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\$2.TMP (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\10.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\11.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\12.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\vdmbnepv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\$RZ30.TMP (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\wvUkKETm.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\$RZ31.TMP (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\14.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\23.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\24.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\25.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\26.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\27.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\2B.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\1D.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\2D.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\4.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\5.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\6.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\7.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\8.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\9.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\13.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\2E.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\2F.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\30.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\A.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\pphcl67j0e7cl.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\C.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\31.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\32.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\33.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\rjxfaauj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\34.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\35.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\3C.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\3D.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\3E.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\szwrps.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\UXOJYXE5\CAR6EPRV (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\WLGF4ZGR\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\EFKZP6NY\kb767887[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\EFKZP6NY\kb767887[2] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\S12BW527\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lphcl67j0e7cl.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\blphcl67j0e7cl.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcl67j0e7cl.bmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\mon ordi\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\micro\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\micro\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\micro\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.

APRES

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1012
Windows 5.1.2600 Service Pack 2

13:51:15 31/07/2008
mbam-log-7-31-2008 (13-51-15).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 74897
Temps écoulé: 10 minute(s), 24 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 22
Fichier(s) infecté(s): 79

Processus mémoire infecté(s):
C:\WINDOWS\system32\lphcl67j0e7cl.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ljJYPhHa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\urqRLcyV.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\blphcl67j0e7cl.scr (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bec016c-2ca7-4f1d-a617-eed096dbdaef} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2bec016c-2ca7-4f1d-a617-eed096dbdaef} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrlcyv (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e866bb34-b5c1-4473-8577-d1f144cae02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.bpbk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcl67j0e7cl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyphha -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyphha -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ljJYPhHa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\aHhPYJjl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aHhPYJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqRLcyV.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\epxs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cjklvlnw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\40.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnnnNeB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yohvackm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hdbiix.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\$2.TMP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\10.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\11.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\12.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vdmbnepv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\$RZ30.TMP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkKETm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\$RZ31.TMP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\14.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\23.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\24.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\25.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\26.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\27.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\13.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\30.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcl67j0e7cl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\31.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\32.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\33.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rjxfaauj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\34.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\35.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\szwrps.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\UXOJYXE5\CAR6EPRV (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\WLGF4ZGR\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\EFKZP6NY\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\EFKZP6NY\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\S12BW527\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcl67j0e7cl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcl67j0e7cl.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcl67j0e7cl.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\micro\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\micro\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\micro\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

j'ai récupéré les parametre de fond d'écran je vais vérifier si tout et revenu a la normale

MERCI beaucoup de votre aide
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
jerry84 Messages postés 101 Statut Membre 8
 
voici le rapport hijack par contre je n'arrive plus a remettre les mise a jour automatique meme en le faisant manuellement

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:10, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: fdkowvbp - {C8C4F892-BDDA-4619-A6AB-A9A08E9BF3E1} - C:\WINDOWS\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
tu ne telecharge rien c une infection un attrape nigaut

tu a redemarer comme malwarbyte le demander si oui on continue

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié dans C:\. Redémarre ton ordinateur en mode sans échec

• Choisis ton compte.

• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour le lancer

• Appuie sur Y pour commencer le processus de nettoyage.

• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

• Appuie sur une touche pour redémarrer le PC.

• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.

• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt
0
Réponse 6 / 12
jerry84 Messages postés 101 Statut Membre 8
 
voici le rapport que doije faire ??

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1012
Windows 5.1.2600 Service Pack 2

20:03:22 11/08/2008
mbam-log-8-11-2008 (20-03-19).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 77451
Temps écoulé: 16 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 17

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ljJYPhHa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rkgtrwkh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqRLcyV.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e11059e9-1e15-4fdb-b6b1-149e1bed3dd7} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e11059e9-1e15-4fdb-b6b1-149e1bed3dd7} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrlcyv (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyphha -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyphha -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ljJYPhHa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\aHhPYJjl.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\aHhPYJjl.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rkgtrwkh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hkwrtgkr.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqRLcyV.dll (Trojan.BHO) -> No action taken.
C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\EFKZP6NY\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024065.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024066.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024067.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024068.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024069.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024070.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024071.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024072.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024073.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
salut

tu suprime car je voit no action taken
0
Réponse 7 / 12
jerry84 Messages postés 101 Statut Membre 8
 
tous les no action sont en quarantaine je dois les supprimer c'est ca ???
0
Réponse 8 / 12
jerry84 Messages postés 101 Statut Membre 8
 
avast me dis toujours que l'a memoire est infecté
0
Réponse 9 / 12
jerry84 Messages postés 101 Statut Membre 8
 
;)
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
bonjourrr

oui tu suprime tous se qu'il y'a en quarantaine et oui ta restauration systeme est infecter mais on la purge a la fin de la desinfection car on peut toujour avoir besoin d'une restauration en cas de pepin meme si elle est viruser mais t'inquiete on s'occupera a la fin
0
Réponse 10 / 12
jerry84 Messages postés 101 Statut Membre 8
 
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1012
Windows 5.1.2600 Service Pack 3

18:47:00 16/08/2008
mbam-log-8-16-2008 (18-46-52).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 82799
Temps écoulé: 10 minute(s), 42 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\urqRLcyV.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrlcyv (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\urqRLcyV.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024065.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024066.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024067.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024068.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024069.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024070.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024071.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024072.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljJYPhHa.dll (Trojan.Vundo) -> No action taken.
0
Réponse 11 / 12
buginformatik Messages postés 2210 Statut Contributeur 54
 
Pour suivre :

Toujours no action taken : http://www.zimagez.com/zimage/2008-03-182130.php

A++
0
Réponse 12 / 12
jerry84 Messages postés 101 Statut Membre 8
 
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1012
Windows 5.1.2600 Service Pack 3

19:33:59 16/08/2008
mbam-log-8-16-2008 (19-33-59).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 83223
Temps écoulé: 12 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP120\A0026531.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP120\A0026546.dll (Trojan.Vundo) -> Delete on reboot.
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
on continue avec clean

Télécharge Clean.zip de Malekal.

http://www.malekal.com/download/clean.zip

Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd

une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
Choisis l'option 1 puis patiente

Poste le rapport obtenu

pour retrouver le rapport : double clique sur => C => double clique sur " rapport_clean txt.
et copie/colle le sur ta prochaine réponse
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
Pb Windows 7, .EXE n'est pas app win32 valide
Witeric -
Lio -

15 réponses