J'ai un trojan dowloader win32 agent

demonking574 -  
 demonking574 -
Bonjour,
j'ai un trojan dowloader win32 angent depuis 5jour. j'ai vue tout les poste sur ca mais j'ai fait hijack et je ne sais pas quel cases cocher donc je vous demande en aide svp c'est urgent. j'ai kaspersky antivirus qui évite sont téléchargement donc la journée avec le pc allumer je peut pas en avoir plus mais la nuit je peut car je l'éteint. j'ai fait plein d'analyse et ta chaque foi kaspersky il en a que 1le dernier il me demande de redémarer le PC pour le supprimer et ça fait rien donc voila j'ai toujours que 1 trojan dowloader qui me reste mais ca suffit poru casser mon système.
svp aidez moi.
merci d'avance.
Configuration: Windows XP
Firefox 3.0.1

19 réponses

  1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    fixer les ligne ne suprime pas l'infection poste ton rapport hijackthis pour analyse stp
    0
  2. demonking574
     
    j'ai fait une analyse avec hijackthis et il ma trouver ca
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:12:06, on 02/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    C:\Program Files\Mypops\ypops.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] "C:\WINDOWS\System32\xRaidSetup.exe" boot
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [CTCheck] "C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe"
    O4 - HKLM\..\Run: [ypops] "C:\Program Files\Mypops\ypops.exe"
    O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" /FU "C:\DOCUME~1\Meuwah\LOCALS~1\Temp\E_S3B.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      Bonjour ;

      telecharge malwarbyte http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware a l'intallation verifie que mise a jour et lançer program et scan complet sont bien cocher

      Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

      A la fin du scan clique sur Afficher les résultats

      Suppression des éléments détectés >>>> clique sur Supprimer la sélection ou supprimer tout
      S'il t'es demandé de redémarrer >>> clique sur "Yes"

      Et tu poste le raport generer
      et on attendant une reponse tu peut refaire un scan malwarbyte mais on mode sans echec car beaucoup plus efficace

      comment demarer on mode sans echec içi tuto http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec

      tu enregistre le raport generer de facon a le retrouver et tu poste le nouveau rapport raport
      0
  3. demonking574
     
    voici le rapport
    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1015
    Windows 5.1.2600 Service Pack 2

    11:06:00 02/08/2008
    mbam-log-8-2-2008 (11-05-55).txt

    Type de recherche: Examen complet (C:\|D:\|G:\|)
    Eléments examinés: 78603
    Temps écoulé: 23 minute(s), 26 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 15
    Valeur(s) du Registre infectée(s): 8
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 11
    Fichier(s) infecté(s): 32

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\geBsqqOi.dll (Trojan.Vundo) -> No action taken.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53b8187a-1724-436c-b6d6-25d4fd8cbe7d} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{53b8187a-1724-436c-b6d6-25d4fd8cbe7d} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{007c0568-5eeb-45a1-be86-10aa7beab6bb} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{007c0568-5eeb-45a1-be86-10aa7beab6bb} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhctb1j0e78e (Rogue.Multiple) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{007c0568-5eeb-45a1-be86-10aa7beab6bb} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebsqqoi -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebsqqoi -> No action taken.

    Dossier(s) infecté(s):
    C:\Documents and Settings\Meuwah\Application Data\rhctb1j0e78e (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Meuwah\Application Data\rhctb1j0e78e\Quarantine (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Meuwah\Application Data\rhctb1j0e78e\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Meuwah\Application Data\rhctb1j0e78e\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Meuwah\Application Data\rhctb1j0e78e\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Meuwah\Application Data\rhctb1j0e78e\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Meuwah\Application Data\rhctb1j0e78e\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Meuwah\Application Data\rhctb1j0e78e\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Meuwah\Application Data\rhctb1j0e78e\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Meuwah\Application Data\rhctb1j0e78e\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Meuwah\Application Data\rhctb1j0e78e\Quarantine\Packages (Rogue.Multiple) -> No action taken.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\geBsqqOi.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\iOqqsBeg.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\iOqqsBeg.ini2 (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ebrhqogf.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\fgoqhrbe.ini (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\critical_setup.exe (Backdoor.Bot) -> No action taken.
    C:\System Volume Information\_restore{53FFF245-F2AF-497B-98AA-73FDA3A3165C}\RP13\A0008379.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{53FFF245-F2AF-497B-98AA-73FDA3A3165C}\RP16\A0011013.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{53FFF245-F2AF-497B-98AA-73FDA3A3165C}\RP16\A0011016.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{53FFF245-F2AF-497B-98AA-73FDA3A3165C}\RP16\A0011019.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\crlteoiw.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\BMdf40f38e.xml (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\BMdf40f38e.txt (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\blphcpb1j0e78e.scr (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\phcpb1j0e78e.bmp (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Meuwah\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.

    dsl mais le rapport en mode sans echec il sera fait cette apreme je doit partir la cette apreme vers 14h je le met
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      a tu suprimer ? car je voit no action taken va dans quarantaine et suprime car là tu est charger
      0
  4. demonking574
     
    oui j'ai supprimer après que j'ai copier le rapport la mais 3 objet on pas pu être supprimer donc cette apreme je fait celui du mode sans échec et il sera plus la.
    merci je t'afficherai comme même le rapport car la kaspersky ne détecte plus rien du tout alors que avant il détecté tout merci beaucoup .
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. demonking574
     
    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1015
    Windows 5.1.2600 Service Pack 2

    13:30:24 02/08/2008
    mbam-log-8-2-2008 (13-30-24).txt

    Type de recherche: Examen complet (C:\|D:\|G:\|)
    Eléments examinés: 78499
    Temps écoulé: 12 minute(s), 48 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53b8187a-1724-436c-b6d6-25d4fd8cbe7d} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{53b8187a-1724-436c-b6d6-25d4fd8cbe7d} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebsqqoi -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebsqqoi -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\geBsqqOi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iOqqsBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iOqqsBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    c'est celui du mode sans echec
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

      http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

      Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié dans C:\. Redémarre ton ordinateur en mode sans échec

      • Choisis ton compte.

      • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour le lancer

      • Appuie sur Y pour commencer le processus de nettoyage.

      • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

      • Appuie sur une touche pour redémarrer le PC.

      • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

      • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

      • Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.

      • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

      • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
      0
  7. demonking574
     
    [b]SDFix: Version 1.211 [/b]
    Run by Meuwah on 02/08/2008 at 13:44

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt10.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt102.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt105.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt106.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt10E.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt11.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt110.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt111.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt112.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt114.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt116.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt117.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt119.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt11F.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt12.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt122.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt123.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt124.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt127.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt12E.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt13.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt130.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt131.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt132.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt134.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt135.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt136.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt138.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt13D.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt14.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt140.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt142.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt148.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt16.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt160.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt165.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt16A.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt16D.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt17.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt176.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt178.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt17A.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt17C.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt17F.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt18.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt181.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt183.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt185.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt187.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt19.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt1A.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt1B.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt1C.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt1D.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt1E.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt1F.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt20.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt207.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt21.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt22.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt23.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt24.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt25.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt26.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt27.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt28.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt29.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt2A.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt2B.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt2C.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt2D.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt2E.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt2F.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt30.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt31.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt32.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt33.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt34.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt35.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt36.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt37.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt38.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt39.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt3A.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt3B.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt3C.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt3D.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt3E.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt3F.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt40.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt41.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt42.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt43.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt44.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt45.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt46.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt47.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt48.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt49.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt4A.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt4B.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt4C.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt4D.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt4E.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt4F.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt50.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt51.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt52.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt53.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt54.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt55.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt56.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt57.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt58.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt59.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt5A.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt5B.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt5C.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt5D.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt5E.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt5F.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt60.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt61.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt62.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt63.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt64.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt65.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt66.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt67.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt68.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt69.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt6A.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt6B.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt6C.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt6D.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt6E.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt6F.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt70.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt71.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt72.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt73.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt74.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt75.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt76.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt77.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt78.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt79.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt7A.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt7B.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt7C.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt7D.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt7E.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt7F.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt80.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt81.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt82.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt83.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt84.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt85.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt86.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt87.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt88.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt89.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt8A.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt8B.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt8C.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt8D.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt8E.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt8F.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt90.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt91.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt92.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt93.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt94.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt95.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt96.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt97.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt98.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt99.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt9A.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt9B.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt9C.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt9D.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt9E.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt9F.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttA0.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttA0E.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttA2.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttA20.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttA3.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttA34.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttA4.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttA5.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttA6.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttA8.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttAA.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttAE.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttB0.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttB2.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttB4.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttB5.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttB7.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttB8.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttB9.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttBA.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttBC.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttBD.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttBE.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttC0.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttC3.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttC5.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttC6.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttC8.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttCB.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttCD.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttCE.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttD0.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttD1.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttD2.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttD3.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttD4.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttD5.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttD7.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttD8.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttDB.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttDC.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttDE.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttDF.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttE0.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttE2.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttE4.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttE5.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttE6.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttE9.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttEB.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttED.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttEF.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttF8.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttFA.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttFB.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.ttFF.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt2E.tmp.vbs - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\.tt83.tmp.vbs - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\tmp5.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\tmp6.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\tmp1D.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\tmp37.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\tmp5.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\tmp6.tmp - Deleted
    C:\DOCUME~1\Meuwah\LOCALS~1\Temp\tmp83.tmp - Deleted
    C:\WINDOWS\system32\nvrsul32.dll - Deleted

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-02 13:47:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
    "C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
    "C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
    "C:\\Program Files\\Steam\\steamapps\\shinoetbullet\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\shinoetbullet\\counter-strike source\\hl2.exe:*:Enabled:hl2"
    "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\french\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\french\\setup.exe:*:Enabled:Programme d'installation de Kaspersky Anti-Virus 2009"
    "C:\\Documents and Settings\\Meuwah\\Local Settings\\Temp\\.tt82.tmp"="C:\\Documents and Settings\\Meuwah\\Local Settings\\Temp\\.tt82.tmp:*:Enabled:enable"
    "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\french\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\french\\setup.exe:*:Enabled:Programme d'installation de Kaspersky Internet Security 2009"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    [b]Remaining Files [/b]:

    File Backups: - C:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Wed 23 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

    [b]Finished![/b]
    0
  8. demonking574
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:51:41, on 02/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    C:\Program Files\Mypops\ypops.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7F3273AA-C82D-4DDD-9F1B-1DBB10E19D66} - (no file)
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] "C:\WINDOWS\System32\xRaidSetup.exe" boot
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [CTCheck] "C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe"
    O4 - HKLM\..\Run: [ypops] "C:\Program Files\Mypops\ypops.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" /FU "C:\DOCUME~1\Meuwah\LOCALS~1\Temp\E_S3B.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll,
    O20 - Winlogon Notify: mlJYSiJa - mlJYSiJa.dll (file missing)
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      fais msnfix

      Télécharge MSNFix de Laurent
      http://sosvirus.changelog.fr/MSNFix.zip

      Décompresse-le et place les fichiers dans C:\MSNFix (très important).
      - et double clic sur le fichier MSNFix.bat.
      - Exécute l'option R.
      --Si l'infection est détectée, sa te le marque en haut de la fenetre
      exécute l'option N
      - Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

      Note :
      Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
      Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
      0
  9. demonking574
     
    MSNFix 1.736

    C:\Documents and Settings\Meuwah\Bureau\MSNFix
    Fix exécuté le 02/08/2008 - 13:58:01,46 By Meuwah
    mode normal

    ************************ Recherche les fichiers présents

    ... C:\WINDOWS\system32\mcrh.tmp
    ... C:\WINDOWS\system32\mcrh.tmp

    ************************ Recherche les dossiers présents

    Aucun dossier trouvé

    ************************ Suppression des fichiers

    .. OK ... C:\WINDOWS\system32\mcrh.tmp
    .. OK ... C:\WINDOWS\system32\mcrh.tmp

    ************************ Nettoyage du registre

    Les fichiers encore présents seront supprimés au prochain redémarrage

    Aucun Fichier trouvé

    ************************ Fichiers suspects

    /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

    [C:\WindowsXP-KB835935-SP2-FRA.exe] 3D69B05E454FF7FCE91670D4E3E9F473

    [color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Meuwah\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr

    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 02082008_14004842.zip

    ************************ HKLM\...\Winlogon\Userinit

    Userinit = C:\WINDOWS\system32\userinit.exe,

    Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: https://www.ionos.fr/
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      fait un scan antivirus en ligne içi

      http://www.bitdefender.fr/scan8/ie.html

      0
  10. demonking574
     
    je ne voit pas ou faut cliquer pour en faire un des online scan dsl je ne sais pas la
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      http://www.bitdefender.fr/scan_fr/scan8/ie.html la case rouge tu clic sur accepte

      tu apres tu clic sur demarer scan

      0
  11. demonking574
     
    je ne peut pas il me demande la derrière version de internet explorer et je ne l'ai pas je la dl et quand je l'installe il me dit que un objet du win32 n'est pas une image valide
    0
  12. demonking574
     
    c'est l'aplication update/iesetup.exe
    0
  13. demonking574
     
    j'en ai profiter pour faire une analyse avec fixwareout et le rapport et celui ci
    Username "Meuwah" - 02/08/2008 22:19:07 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    Impossible de vider la cache de résolution DNS : La fonction a échoué lors de l'exécution.

    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="C:\\WINDOWS\\RaidTool\\xInsIDE.exe"
    "36X Raid Configurer"="\"C:\\WINDOWS\\System32\\xRaidSetup.exe\" boot"
    "P17Helper"="Rundll32 P17.dll,P17Helper"
    "NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="\"nwiz.exe\" /install"
    "NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "NeroFilterCheck"="\"C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NeroCheck.exe\""
    "NBKeyScan"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""
    "CTCheck"="\"C:\\Program Files\\Creative\\Creative ZEN\\ZEN Media Explorer\\CTCheck.exe\""
    "ypops"="\"C:\\Program Files\\Mypops\\ypops.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
    "AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe\""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020"
    "EPSON Stylus DX8400 Series"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATICEE.EXE\" /FU \"C:\\DOCUME~1\\Meuwah\\LOCALS~1\\Temp\\E_S3B.tmp\" /EF \"HKCU\""
    "CTSyncU.exe"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\""
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      fixwareout on s'on sert dans une infection wareout qui normalement se trouve on 017 dans hijack et il 'y'on a qui sont legitime et d'autre illegitime toi ton rapport etaitpropre de se coter là j'ai contacter un ancien et je te tient au courant

      par curiositer qui ta conseiller fixwareout ?
      0
  14. demonking574
     
    ok merci
    oui pour fixwareout je l'avais sur le bureau donc je l'ai lancer et je l'ai mi sur le forum au cas ou
    0
  15. demonking574
     
    juste pour savoir je pourrai pas récupérer juste l'applicable iesetup.exe
    0
  16. demonking574
     
    ou i je n'est plus de trojan dowloader win32 agent mais un cheval de troie heur.trojan.generic
    car hier soir j'ai fait un analyse et il ma choper 2 comme ca tu ma supprimer les autre je te remercie déjà mais si tu pouvais m'aider a supprimer ce la je serai super content car ceux la je ne sais pas comment je l'ai ai eu
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      bonjour

      repasse malwarbyte et scan complet en mode sans echec et apres continue le nettoyage
      0
  17. demonking574
     
    ok merci je vais le fait cette apreme le scan car la j'ai pas du tout le temps
    0
  18. demonking574
     
    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1015
    Windows 5.1.2600 Service Pack 2

    14:52:38 03/08/2008
    mbam-log-8-3-2008 (14-52-38).txt

    Type de recherche: Examen complet (C:\|D:\|G:\|)
    Eléments examinés: 72591
    Temps écoulé: 29 minute(s), 51 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  19. demonking574
     
    j'ai un pote qui ma conseiller spyeraser en version d'essai et il m'en a trouver 2 que j'ai suprimer
    0
  20. demonking574
     
    les virus était dans le registre des clée et un autre dans les cookies
    0