Sujet Précédent Sujet Suivant

Trojan corriace

guillaume___ -  
 guillaume___ -
Bonjour,

j'ai malencontreusement ouvert et extrait un fichier .rar que j'aurais du envoyer direct à la poubelle... et résultat me voila à mon tour infecté...
J'ai lancé Malwarebytes' Anti-Malware, ainsi que Ccleaner pour réparer le registre en mode sans échec et il m'a supprimé de nombreux fichiers mais à chaque fois que je redémarre, Avast détecte un fichier f:/temp/40_1.exe, qu'il n'arrive pas à supprimer... et après c'est le bal des fenêtres et des pseudos logiciels de sécurité qui se lance.

J'ai également essayé de lancer ComboFix, mais à chaque fois il plante ("l'interpréteur de commande a cessé de fonctionné..."). Je précise que je suis sur un ordi portable asus avec vista.

je vous mets le résultat de Hijackthis, en espérant que quelqu'un pourra me répondre :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46, on 2008-08-02
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Guillaume\AppData\Roaming\Adobe\Manager.exe
C:\ProgramData\ehavifwh\yrstmxqz.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\moi\Avast4\ashDisp.exe
C:\Program Files\moi\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\moi\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\nqtylyds.exe
C:\Program Files\moi\jeux\Warcraft III\adon\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\mobsync.exe
F:\temp\HDVideodll_ver1.5913.0.exe
C:\Windows\system32\cmd.exe
F:\temp\sfsrv.exe
C:\Windows\system32\conime.exe
C:\Windows\VFind.exe
C:\Program Files\moi\Firefox\firefox.exe
C:\Program Files\moi\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myescrouen.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
F3 - REG:win.ini: run=C:\Users\Guillaume\AppData\Roaming\Adobe\Manager.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {54EF0797-AF80-4CF5-AB0C-7E87CCEC3E0B} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\moi\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\moi\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\moi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\moi\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\moi\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [braviax] C:\Windows\system32\braviax.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdmWeb] C:\Windows\system32\kbyxorkl.exe
O4 - HKCU\..\Run: [setact] C:\Windows\system32\nqtylyds.exe
O4 - HKCU\..\Run: [smartsrv] C:\Windows\system32\lalcvoli.exe
O4 - HKCU\..\Run: [strmsg] C:\Windows\system32\tuputmhw.exe
O4 - HKCU\..\Run: [braviax] C:\Windows\system32\braviax.exe
O4 - HKLM\..\Policies\Explorer\Run: [1v5Ym3a0PE] C:\ProgramData\ehavifwh\yrstmxqz.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\moi\jeux\Warcraft III\adon\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\moi\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\moi\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\moi\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\moi\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\moi\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\moi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
A voir également:

6 réponses

Réponse 1 / 6
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
Bonjour ;fait ceci pendant qu'on regarde ton hijackthis

telecharge malwarbyte http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware a l'intallation verifie que mise a jour et lançer program et scan complet sont bien cocher

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

A la fin du scan clique sur Afficher les résultats

Suppression des éléments détectés >>>> clique sur Supprimer la sélection ou supprimer tout
S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le raport generer
et on attendant une reponse tu peut refaire un scan malwarbyte mais on mode sans echec car beaucoup plus efficace

comment demarer on mode sans echec içi tuto http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec

tu enregistre le raport generer de facon a le retrouver et tu poste le nouveau rapport raport
0
Réponse 2 / 6
guillaume___
 
merci pour ta réponse rapide.

Je vais refaire un scan via malwarebyte s anti malware, pour doner un rapport à jour.

Pour info je vous mets 2 log qui ont été générés lors de mes précédentes analyses:

le premier:
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1013
Windows 6.0.6001 Service Pack 1

08:13:00 01/08/2008
mbam-log-8-1-2008 (08-13-00).txt

Type de recherche: Examen complet (C:\|D:\|F:\|G:\|M:\|)
Eléments examinés: 162763
Temps écoulé: 2 hour(s), 8 minute(s), 4 second(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 19
Fichier(s) infecté(s): 26

Processus mémoire infecté(s):
C:\Program Files\rhcvobj0epew\rhcvobj0epew.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\Windows\System32\lphcrobj0epew.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Windows\System32\pphcrobj0epew.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\rhcvobj0epew\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcvobj0epew\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcvobj0epew\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Windows\System32\blphcrobj0epew.scr (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcvobj0epew (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcvobj0epew (Rogue.Multiple) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.bxwo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcvobj0epew (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\s9201 (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcrobj0epew (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\rhcvobj0epew (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Delete on reboot.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Delete on reboot.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Users\Guillaume\AppData\Roaming\rhcvobj0epew (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Guillaume\AppData\Roaming\rhcvobj0epew\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Guillaume\AppData\Roaming\rhcvobj0epew\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Guillaume\AppData\Roaming\rhcvobj0epew\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Guillaume\AppData\Roaming\rhcvobj0epew\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Guillaume\AppData\Roaming\rhcvobj0epew\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Guillaume\AppData\Roaming\rhcvobj0epew\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Guillaume\AppData\Roaming\rhcvobj0epew\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Guillaume\AppData\Roaming\rhcvobj0epew\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Guillaume\AppData\Roaming\rhcvobj0epew\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Guillaume\AppData\Roaming\rhcvobj0epew\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\elfv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\rhcvobj0epew\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcvobj0epew\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcvobj0epew\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcvobj0epew\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcvobj0epew\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcvobj0epew\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcvobj0epew\rhcvobj0epew.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcvobj0epew\rhcvobj0epew.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcvobj0epew\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.WinSpywareProtect) -> Delete on reboot.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080731222232193.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Windows\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\blphcrobj0epew.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\lphcrobj0epew.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\phcrobj0epew.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\pphcrobj0epew.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Users\Invité\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Users\Guillaume\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------------------------------------------------------------------------------------
le 2ème
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1013
Windows 6.0.6001 Service Pack 1

19:08:44 01/08/2008
mbam-log-8-1-2008 (19-08-44).txt

Type de recherche: Examen rapide
Eléments examinés: 44607
Temps écoulé: 3 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 31
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 68

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Windows\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
F:\temp\nszE4F3.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\temp\ac8zt2\edot.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\temp\ac8zt2\wnslvxtf.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Windows\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.

Merci encore
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
ok
0
Réponse 3 / 6
guillaume___
 
voila le rapport, fait en mode sans échec:

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1015
Windows 6.0.6001 Service Pack 1

14:31:07 2008-08-02
mbam-log-8-2-2008 (14-31-07).txt

Type de recherche: Examen complet (C:\|D:\|F:\|G:\|)
Eléments examinés: 152722
Temps écoulé: 31 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
maintenant essaye combofix de se lien et de cette facon

Télécharger ComboFix (par sUBs) sur le Bureau

Désactiver le contrôle des comptes utilisateurs (le réactiver à la fin de la désinfection)

: Aller dans démarrer puis panneau de configuration Double Cliquer sur l'icône Comptes d'utilisateurs Cliquer ensuite sur désactiver et valider.

Démarrer en mode sans échec Faire un clic-droit sur combofix présent sur le bureau et choisir Exécuter en tant qu'administrateur Double cliquer sur combofix.exe. Appuyer sur la touche Y (Yes) pour démarrer le scan
Le rapport sera crée dans: C:\Combofix.txt
Et poster le raport

Salut a Toute La Communautè Par Manque De Curiosité On Risque De Mourir Ignorant
j'ai un peu de connaissance mais je m'estime comme un debutant
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107 > benurrr Messages postés 9766 Statut Contributeur sécurité
 
oups le lien de combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
0
Réponse 4 / 6
guillaume___
 
Merci pour ta réponse!!

cependant j'ai toujours le même problème: le contrôle des comptes est désactivé, je suis en mode sans échec, j'ai lancé ComboFix en tant qu'administrateur, mais dès que le scan se lance j'ai une fenêtre qui s'ouvre avec message d'erreur, et quand je click cela ferme les fenêtres...

http://www.boostupload.com/img.php?i=image_979_Sanstitre.jpg

est ce kil y aurait un problème de compatibilité avec vista ou autre?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
guillaume___
 
J'ai tenté de changer le nom lors du téléchargement du logiciel comme indiqué là :
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/virus-winnt-bagle-sujet_199164_1.htm

mais toujours le même problème: le programme se lance, il crée un point de restauration, et dès qu'il entame la recherche de fichiers infectieux il plante.

rageant!
0
Réponse 6 / 6
guillaume___
 
Je précise, même si je ne sais pas si c'est important, que l'icône sur mon bureau est une espèce de tête de lion blanche sur fond rouge, alors que la plupart des icônes que je vois sur le net et une croix blanche sur fond rouge.
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
cheval de troie trojan
idnoder -
idnoder -

42 réponses