Infection Win32:Rootkit-gen [Rtk]

Résolu
jerry84 Messages postés 101 Statut Membre -  
benurrr Messages postés 9766 Statut Contributeur sécurité -
Bonjour,

j'ai malencontresement instalé antivirusxp 2008 et je ne peu plus le desinstalé de plus avast me dis que j'ai un logiciel malveillant " winn32:Rootik-gen[Rtk] et chaque fois que je le remet en quarantene il me resort un avertissement
que dois je faire ??

je vous poste mon scan navilog

merci pour votre aide

Search Navipromo version 3.6.1 commencé le 31/07/2008 à 10:24:35,78

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "mon ordi"

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\mon ordi\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\micro\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\mon ordi\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\micro\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\mon ordi\menud+~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier Navipromo trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\mon ordi\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\micro\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\mon ordi\locals~1\applic~1" :

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\micro\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\mTEKkUvw.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 31/07/2008 à 10:26:26,54 ***
Configuration: Windows XP
Internet Explorer 6.0

12 réponses

  1. jerry84 Messages postés 101 Statut Membre 16
     
    voila le scan hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:46:05, on 31/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\lphcl67j0e7cl.exe
    C:\Program Files\rhcg67j0e7cl\rhcg67j0e7cl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\mon ordi\Application Data\Simply Super Software\Trojan Remover\mjr1F.exe
    C:\Documents and Settings\mon ordi\Application Data\Simply Super Software\Trojan Remover\mjr1F.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.asus.com/fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {28030FA8-2428-4DE6-B0F3-CE9494E1A412} - C:\WINDOWS\system32\urqRLcyV.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: {e8ed77f1-7f23-8fdb-45a4-b994f3c07de8} - {8ed70c3f-499b-4a54-bdf8-32f71f77de8e} - C:\WINDOWS\system32\hdbiix.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9B2A3C22-4678-41F6-A2D9-A64A3F4C2D11} - C:\WINDOWS\system32\wvUkKETm.dll (file missing)
    O3 - Toolbar: fdkowvbp - {C8C4F892-BDDA-4619-A6AB-A9A08E9BF3E1} - C:\WINDOWS\fdkowvbp.dll (file missing)
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [lphcl67j0e7cl] C:\WINDOWS\system32\lphcl67j0e7cl.exe
    O4 - HKLM\..\Run: [SMrhcg67j0e7cl] C:\Program Files\rhcg67j0e7cl\rhcg67j0e7cl.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7241] command /c del "C:\WINDOWS\system32\blphcl67j0e7cl.scr"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
    O20 - Winlogon Notify: urqRLcyV - C:\WINDOWS\SYSTEM32\urqRLcyV.dll
    O21 - SSODL: eqvwamkl - {2794C6AB-B8B5-4187-A181-59AA2D15C6AE} - C:\WINDOWS\eqvwamkl.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
  2. jerry84 Messages postés 101 Statut Membre 16
     
    voila le scan hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:46:05, on 31/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\lphcl67j0e7cl.exe
    C:\Program Files\rhcg67j0e7cl\rhcg67j0e7cl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\mon ordi\Application Data\Simply Super Software\Trojan Remover\mjr1F.exe
    C:\Documents and Settings\mon ordi\Application Data\Simply Super Software\Trojan Remover\mjr1F.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.asus.com/fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {28030FA8-2428-4DE6-B0F3-CE9494E1A412} - C:\WINDOWS\system32\urqRLcyV.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: {e8ed77f1-7f23-8fdb-45a4-b994f3c07de8} - {8ed70c3f-499b-4a54-bdf8-32f71f77de8e} - C:\WINDOWS\system32\hdbiix.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9B2A3C22-4678-41F6-A2D9-A64A3F4C2D11} - C:\WINDOWS\system32\wvUkKETm.dll (file missing)
    O3 - Toolbar: fdkowvbp - {C8C4F892-BDDA-4619-A6AB-A9A08E9BF3E1} - C:\WINDOWS\fdkowvbp.dll (file missing)
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [lphcl67j0e7cl] C:\WINDOWS\system32\lphcl67j0e7cl.exe
    O4 - HKLM\..\Run: [SMrhcg67j0e7cl] C:\Program Files\rhcg67j0e7cl\rhcg67j0e7cl.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7241] command /c del "C:\WINDOWS\system32\blphcl67j0e7cl.scr"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
    O20 - Winlogon Notify: urqRLcyV - C:\WINDOWS\SYSTEM32\urqRLcyV.dll
    O21 - SSODL: eqvwamkl - {2794C6AB-B8B5-4187-A181-59AA2D15C6AE} - C:\WINDOWS\eqvwamkl.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      Bonjour ;

      telecharge malwarbyte http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware a l'intallation verifie que mise a jour et lançer program et scan complet sont bien cocher

      Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

      A la fin du scan clique sur Afficher les résultats

      Suppression des éléments détectés >>>> clique sur Supprimer la sélection ou supprimer tout
      S'il t'es demandé de redémarrer >>> clique sur "Yes"

      Et tu poste le raport generer
      et on attendant une reponse tu peut refaire un scan malwarbyte mais on mode sans echec car beaucoup plus efficace

      comment demarer on mode sans echec içi tuto http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec

      tu enregistre le raport generer de facon a le retrouver et tu poste le nouveau rapport raport
      0
  3. jerry84 Messages postés 101 Statut Membre 16
     
    merci j'ai commencé le scan mais j'ai plus de parametre de fond d'ecran j'ai un message en guise de fond d'ecrand qui me dis que j'ai des malware ou spyware et que je dois telecharger un antrivirus
    0
  4. jerry84 Messages postés 101 Statut Membre 16
     
    AVANT SUPPRESSION

    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1012
    Windows 5.1.2600 Service Pack 2

    13:50:01 31/07/2008
    mbam-log-7-31-2008 (13-49-55).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 74897
    Temps écoulé: 10 minute(s), 24 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 13
    Valeur(s) du Registre infectée(s): 10
    Elément(s) de données du Registre infecté(s): 4
    Dossier(s) infecté(s): 22
    Fichier(s) infecté(s): 79

    Processus mémoire infecté(s):
    C:\WINDOWS\system32\lphcl67j0e7cl.exe (Trojan.FakeAlert) -> No action taken.

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\ljJYPhHa.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\urqRLcyV.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\blphcl67j0e7cl.scr (Trojan.FakeAlert) -> No action taken.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bec016c-2ca7-4f1d-a617-eed096dbdaef} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{2bec016c-2ca7-4f1d-a617-eed096dbdaef} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrlcyv (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{e866bb34-b5c1-4473-8577-d1f144cae02c} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\fdkowvbp.bpbk (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcl67j0e7cl (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyphha -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyphha -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

    Dossier(s) infecté(s):
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Packages (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Packages (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\ljJYPhHa.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\aHhPYJjl.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\aHhPYJjl.ini2 (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\urqRLcyV.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\epxs.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\cjklvlnw.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\40.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\41.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\opnnnNeB.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\yohvackm.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\hdbiix.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\$2.TMP (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\10.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\11.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\12.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\vdmbnepv.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\$RZ30.TMP (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\wvUkKETm.dll.vir (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\$RZ31.TMP (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\14.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\23.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\24.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\25.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\26.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\27.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\2B.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\1D.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\2D.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\4.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\5.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\6.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\7.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\8.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\9.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\13.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\2E.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\2F.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\30.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\A.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\pphcl67j0e7cl.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\C.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\31.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\32.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\33.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\rjxfaauj.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\34.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\35.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\3C.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\3D.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\3E.tmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\szwrps.dll (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\UXOJYXE5\CAR6EPRV (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\WLGF4ZGR\kb456456[1] (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\EFKZP6NY\kb767887[1] (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\EFKZP6NY\kb767887[2] (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\S12BW527\kb456456[1] (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\lphcl67j0e7cl.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\blphcl67j0e7cl.scr (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\phcl67j0e7cl.bmp (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\mon ordi\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\micro\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\micro\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\micro\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.

    APRES

    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1012
    Windows 5.1.2600 Service Pack 2

    13:51:15 31/07/2008
    mbam-log-7-31-2008 (13-51-15).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 74897
    Temps écoulé: 10 minute(s), 24 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 13
    Valeur(s) du Registre infectée(s): 10
    Elément(s) de données du Registre infecté(s): 4
    Dossier(s) infecté(s): 22
    Fichier(s) infecté(s): 79

    Processus mémoire infecté(s):
    C:\WINDOWS\system32\lphcl67j0e7cl.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\ljJYPhHa.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\urqRLcyV.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\blphcl67j0e7cl.scr (Trojan.FakeAlert) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bec016c-2ca7-4f1d-a617-eed096dbdaef} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{2bec016c-2ca7-4f1d-a617-eed096dbdaef} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrlcyv (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{e866bb34-b5c1-4473-8577-d1f144cae02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\fdkowvbp.bpbk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcl67j0e7cl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyphha -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyphha -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\micro\Application Data\rhcg67j0e7cl\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\ljJYPhHa.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\aHhPYJjl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\aHhPYJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqRLcyV.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\epxs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cjklvlnw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\40.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\41.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnnnNeB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yohvackm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hdbiix.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\$2.TMP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\10.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\11.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\12.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vdmbnepv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\$RZ30.TMP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUkKETm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\$RZ31.TMP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\14.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\23.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\24.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\25.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\26.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\27.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\2B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\1D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\2D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\13.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\2E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\2F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\30.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pphcl67j0e7cl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\31.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\32.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\33.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rjxfaauj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\34.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\35.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\3C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\3D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\3E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\szwrps.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\UXOJYXE5\CAR6EPRV (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\WLGF4ZGR\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\EFKZP6NY\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\EFKZP6NY\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\S12BW527\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lphcl67j0e7cl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphcl67j0e7cl.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phcl67j0e7cl.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\mon ordi\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\micro\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\micro\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\micro\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

    j'ai récupéré les parametre de fond d'écran je vais vérifier si tout et revenu a la normale

    MERCI beaucoup de votre aide
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jerry84 Messages postés 101 Statut Membre 16
     
    voici le rapport hijack par contre je n'arrive plus a remettre les mise a jour automatique meme en le faisant manuellement

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:27:10, on 31/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: fdkowvbp - {C8C4F892-BDDA-4619-A6AB-A9A08E9BF3E1} - C:\WINDOWS\fdkowvbp.dll (file missing)
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      tu ne telecharge rien c une infection un attrape nigaut

      tu a redemarer comme malwarbyte le demander si oui on continue

      Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

      http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

      Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié dans C:\. Redémarre ton ordinateur en mode sans échec

      • Choisis ton compte.

      • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour le lancer

      • Appuie sur Y pour commencer le processus de nettoyage.

      • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

      • Appuie sur une touche pour redémarrer le PC.

      • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

      • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

      • Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.

      • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt
      0
  7. jerry84 Messages postés 101 Statut Membre 16
     
    voici le rapport que doije faire ??

    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1012
    Windows 5.1.2600 Service Pack 2

    20:03:22 11/08/2008
    mbam-log-8-11-2008 (20-03-19).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 77451
    Temps écoulé: 16 minute(s), 20 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 9
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 17

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\ljJYPhHa.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\rkgtrwkh.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\urqRLcyV.dll (Trojan.Vundo) -> No action taken.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e11059e9-1e15-4fdb-b6b1-149e1bed3dd7} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{e11059e9-1e15-4fdb-b6b1-149e1bed3dd7} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrlcyv (Trojan.Vundo) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyphha -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyphha -> No action taken.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\ljJYPhHa.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\aHhPYJjl.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\aHhPYJjl.ini2 (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\rkgtrwkh.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\hkwrtgkr.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\urqRLcyV.dll (Trojan.BHO) -> No action taken.
    C:\Documents and Settings\mon ordi\Local Settings\Temporary Internet Files\Content.IE5\EFKZP6NY\kb456456[1] (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024065.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024066.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024067.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024068.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024069.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024070.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024071.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024072.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024073.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      salut

      tu suprime car je voit no action taken
      0
  8. jerry84 Messages postés 101 Statut Membre 16
     
    tous les no action sont en quarantaine je dois les supprimer c'est ca ???
    0
  9. jerry84 Messages postés 101 Statut Membre 16
     
    avast me dis toujours que l'a memoire est infecté
    0
  10. jerry84 Messages postés 101 Statut Membre 16
     
    ;)
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      bonjourrr

      oui tu suprime tous se qu'il y'a en quarantaine et oui ta restauration systeme est infecter mais on la purge a la fin de la desinfection car on peut toujour avoir besoin d'une restauration en cas de pepin meme si elle est viruser mais t'inquiete on s'occupera a la fin
      0
  11. jerry84 Messages postés 101 Statut Membre 16
     
    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1012
    Windows 5.1.2600 Service Pack 3

    18:47:00 16/08/2008
    mbam-log-8-16-2008 (18-46-52).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 82799
    Temps écoulé: 10 minute(s), 42 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 10

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\urqRLcyV.dll (Trojan.Vundo) -> No action taken.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrlcyv (Trojan.Vundo) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\urqRLcyV.dll (Trojan.BHO) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024065.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024066.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024067.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024068.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024069.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024070.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024071.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP114\A0024072.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ljJYPhHa.dll (Trojan.Vundo) -> No action taken.
    0
  12. buginformatik Messages postés 2210 Statut Contributeur 54
     
    Pour suivre :

    Toujours no action taken : http://www.zimagez.com/zimage/2008-03-182130.php

    A++
    0
  13. jerry84 Messages postés 101 Statut Membre 16
     
    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1012
    Windows 5.1.2600 Service Pack 3

    19:33:59 16/08/2008
    mbam-log-8-16-2008 (19-33-59).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 83223
    Temps écoulé: 12 minute(s), 0 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP120\A0026531.dll (Trojan.Vundo) -> Delete on reboot.
    C:\System Volume Information\_restore{DE52ED27-B825-4F71-8743-745008F416B0}\RP120\A0026546.dll (Trojan.Vundo) -> Delete on reboot.
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      on continue avec clean

      Télécharge Clean.zip de Malekal.

      http://www.malekal.com/download/clean.zip

      Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

      Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd

      une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
      Choisis l'option 1 puis patiente

      Poste le rapport obtenu

      pour retrouver le rapport : double clique sur => C => double clique sur " rapport_clean txt.
      et copie/colle le sur ta prochaine réponse
      0