Qui a déjà utilisé malwarebytes ???????
Résolu/Fermé
cool83
-
7 août 2008 à 12:39
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 - 14 août 2008 à 15:09
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 - 14 août 2008 à 15:09
A voir également:
- Qui a déjà utilisé malwarebytes ???????
- Télécharger malwarebytes - Télécharger - Antivirus & Antimalwares
- Qui utilise mon wifi - Guide
- Adwcleaner malwarebytes - Télécharger - Antivirus & Antimalwares
- Coupon pcs déjà utilisé - Forum Consommation & Internet
- Ma carte graphique n'utilise pas toute sa puissance - Forum Processeur
20 réponses
bonjour94
Messages postés
10
Date d'inscription
jeudi 24 juillet 2008
Statut
Membre
Dernière intervention
7 août 2008
13
7 août 2008 à 12:40
7 août 2008 à 12:40
supprime les tete d'oeuf
zorinho
Messages postés
821
Date d'inscription
mercredi 28 novembre 2007
Statut
Membre
Dernière intervention
29 novembre 2020
51
7 août 2008 à 12:45
7 août 2008 à 12:45
Salut, tu vas dans le menu "quarantaine" et tu les supprimes.
L'idéal est de faire le scan en mode sans échec, "examen complet" et, à la fin du scan cocher la fonction "supprimer la sélection"
Copie un nouveau rapport du scan ici (vas dans l'onglet Log/rapport, fais édition sélectionner tout, copier et colle le rapport ici)
Vu le nombre d'infections, il serait souhaitable que tu fasses un rapport Hijackthis
https://www.malekal.com/tutoriel-hijackthis/
A bientôt
Zor
L'idéal est de faire le scan en mode sans échec, "examen complet" et, à la fin du scan cocher la fonction "supprimer la sélection"
Copie un nouveau rapport du scan ici (vas dans l'onglet Log/rapport, fais édition sélectionner tout, copier et colle le rapport ici)
Vu le nombre d'infections, il serait souhaitable que tu fasses un rapport Hijackthis
https://www.malekal.com/tutoriel-hijackthis/
A bientôt
Zor
ça y est, la saléction a été supprimée. mais là j'ai un message de malwarebytes qui me dit qu'il lui est impossible de supprimer certains éléments. il me dit de redémarrer l'ordi afin que le processus se termine. est-ce que je dois le faire??? est-ce que je vais perdre des dossiers ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
7 août 2008 à 14:54
7 août 2008 à 14:54
bonjour
cela ressemble a du trojan vundo
poste le rapport ensuite pour que l'on puisse verifier
cela ressemble a du trojan vundo
poste le rapport ensuite pour que l'on puisse verifier
merci de me répondre voilà le rapport
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1030
Windows 5.1.2600 Service Pack 2
14:46:06 07/08/2008
mbam-log-8-7-2008 (14-46-06).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 205560
Temps écoulé: 1 hour(s), 10 minute(s), 5 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 28
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 60
Processus mémoire infecté(s):
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.Installer) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\pmnoPGWm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\woikklqe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ysmwlapg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXRHabA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mcdwzj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eiswqbqy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\evgratsm.dll (Trojan.FakeAlert) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e54688b-a91b-48a2-a7ee-3ae8b90cd669} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e54688b-a91b-48a2-a7ee-3ae8b90cd669} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8751e4c3-270b-4172-9624-651e044f3689} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8751e4c3-270b-4172-9624-651e044f3689} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxrhaba (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{20380abb-8d1e-4bd2-926e-a0cd8180fcd4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20380abb-8d1e-4bd2-926e-a0cd8180fcd4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{88a6bf68-b9b6-429b-a8b0-3cc5c6db948c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8adabfcc-2174-46c8-8dc8-161780adeac5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3fcaeb7d-f8ae-4a67-ae6c-57ee1416bb6d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d58660f7-617d-4f87-83c8-d1906529cdad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\04df2f09 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm07ec1c95 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\s9201 (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3fcaeb7d-f8ae-4a67-ae6c-57ee1416bb6d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\evgratsm (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kvxqmtre (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnopgwm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnopgwm -> Delete on reboot.
Dossier(s) infecté(s):
C:\Documents and Settings\Administrateur\Local Settings\Temp\NI.UGA6PV_0001_N122M1202 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\mcdwzj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnoPGWm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mWGPonmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mWGPonmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\woikklqe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eqlkkiow.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ysmwlapg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXRHabA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eiswqbqy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\nino thamon\Local Settings\Temp\smchk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nino thamon\Local Settings\Temporary Internet Files\Content.IE5\0FDA380M\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\nino thamon\Local Settings\Temporary Internet Files\Content.IE5\ARIY3MSL\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016288.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016289.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP154\A0017346.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP157\A0018530.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP157\A0018597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\erms.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rhkbpr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCRLEt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eutfjg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ickirmhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jwuajncy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwkyhthh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qvyicmvx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttpcoohm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yythaein.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\midsjsfe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wqasfqcv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfvkprvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723005009859.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723085304171.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723090431390.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723091225515.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723161535312.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080724171717640.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080804164644421.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080806112029015.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080806141125500.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080806203329328.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080806214423734.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080807064306906.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080807101632250.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080807132257234.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM07ec1c95.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM07ec1c95.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\qndsfmao.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\evgratsm.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1030
Windows 5.1.2600 Service Pack 2
14:46:06 07/08/2008
mbam-log-8-7-2008 (14-46-06).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 205560
Temps écoulé: 1 hour(s), 10 minute(s), 5 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 28
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 60
Processus mémoire infecté(s):
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.Installer) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\pmnoPGWm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\woikklqe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ysmwlapg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXRHabA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mcdwzj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eiswqbqy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\evgratsm.dll (Trojan.FakeAlert) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e54688b-a91b-48a2-a7ee-3ae8b90cd669} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e54688b-a91b-48a2-a7ee-3ae8b90cd669} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8751e4c3-270b-4172-9624-651e044f3689} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8751e4c3-270b-4172-9624-651e044f3689} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxrhaba (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{20380abb-8d1e-4bd2-926e-a0cd8180fcd4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20380abb-8d1e-4bd2-926e-a0cd8180fcd4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{88a6bf68-b9b6-429b-a8b0-3cc5c6db948c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8adabfcc-2174-46c8-8dc8-161780adeac5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3fcaeb7d-f8ae-4a67-ae6c-57ee1416bb6d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d58660f7-617d-4f87-83c8-d1906529cdad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\04df2f09 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm07ec1c95 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\s9201 (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3fcaeb7d-f8ae-4a67-ae6c-57ee1416bb6d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\evgratsm (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kvxqmtre (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnopgwm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnopgwm -> Delete on reboot.
Dossier(s) infecté(s):
C:\Documents and Settings\Administrateur\Local Settings\Temp\NI.UGA6PV_0001_N122M1202 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\mcdwzj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnoPGWm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mWGPonmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mWGPonmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\woikklqe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eqlkkiow.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ysmwlapg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXRHabA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eiswqbqy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\nino thamon\Local Settings\Temp\smchk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nino thamon\Local Settings\Temporary Internet Files\Content.IE5\0FDA380M\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\nino thamon\Local Settings\Temporary Internet Files\Content.IE5\ARIY3MSL\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016288.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016289.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP154\A0017346.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP157\A0018530.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP157\A0018597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\erms.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rhkbpr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCRLEt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eutfjg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ickirmhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jwuajncy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwkyhthh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qvyicmvx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttpcoohm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yythaein.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\midsjsfe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wqasfqcv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfvkprvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723005009859.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723085304171.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723090431390.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723091225515.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723161535312.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080724171717640.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080804164644421.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080806112029015.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080806141125500.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080806203329328.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080806214423734.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080807064306906.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080807101632250.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080807132257234.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM07ec1c95.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM07ec1c95.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\qndsfmao.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\evgratsm.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
7 août 2008 à 15:44
7 août 2008 à 15:44
sache que malwarebyte reconnait tres bien et meme mieux en mode sans echec, c est ce mode qu il faut pour analyser ou verifier.
Utilisateur anonyme
7 août 2008 à 15:11
7 août 2008 à 15:11
et bien pas mal
à lire jusqu'en bas
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier
et choisis "renommer" : tapes eden et valide .
Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm
à lire jusqu'en bas
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier
et choisis "renommer" : tapes eden et valide .
Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:59, on 07/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\Sysocmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\nino thamon\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\nino thamon\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\nino thamon\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Scan saved at 15:15:59, on 07/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\Sysocmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\nino thamon\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\nino thamon\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\nino thamon\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
zorinho
Messages postés
821
Date d'inscription
mercredi 28 novembre 2007
Statut
Membre
Dernière intervention
29 novembre 2020
51
7 août 2008 à 19:08
7 août 2008 à 19:08
Salut,
lance hijackthis, scan only, coche les lignes suivantes:
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
Fais fix checked
A plus
Zor
PS: relance hijackthis pour voir s'il reste une ligne infectieuse
lance hijackthis, scan only, coche les lignes suivantes:
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
Fais fix checked
A plus
Zor
PS: relance hijackthis pour voir s'il reste une ligne infectieuse
BoTkilla
Messages postés
4612
Date d'inscription
jeudi 5 juillet 2007
Statut
Contributeur
Dernière intervention
1 juillet 2011
264
7 août 2008 à 15:28
7 août 2008 à 15:28
redémarre quand malwarebytes te le dit et tout sera beaucoup plus clean
c'est donc terminé???
qu'est ce que je fais avec ce qui est en quarantaine dans malwarebytes? il y a 108 éléments
qu'est ce que je fais avec ce qui est en quarantaine dans malwarebytes? il y a 108 éléments
ok c'est fait pour la quarantaine. est-ce que je dois faire d'autres manip? est-ce que je dois garder malwarebytes et hijackthis sur le pc??
Utilisateur anonyme
7 août 2008 à 16:23
7 août 2008 à 16:23
garde MBAM il très bon comme anti-malware hijackthis tu peux le désinstallé
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
14 août 2008 à 15:09
14 août 2008 à 15:09
ce qui serait encore mieux seait de mieux proteger ton pc .il y a tellement de choses que l on doit pouvoir ameliorer.