Windowos security alerte

relax2000 Messages postés 273 Statut Membre -  
 relax2000 -
Bonjour,
En bas de la barre de tache est rouge et ce message s'affiche

windowos security alert
trojan-clicker
enable protection est en brillance
dois je cliquer dessus
merci
Configuration: Windows XP
Firefox 3.0.1

11 réponses

  1. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Ne clique surtout pas dessus.
    Sinon, l'infection va se développer.

    Télécharge et installe HijackThis .
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    Choisir « Download Hijackthis Installer »
    Après l'installation, un raccourci sera crée sur le bureau. Double-clique dessus pour le lancer.

    Choisir l'option Do a system scan and save a logfile.
    Le rapport va s'ouvrir. Tu copies/colles le contenu de ce rapport dans ton prochain message

    A+
    -1
    1. relax2000 Messages postés 273 Statut Membre
       
      Bonjour verni 29

      voilà voilà

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:51:32, on 18/09/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16705)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\Explorer.EXE
      C:\Documents and Settings\All Users\Application Data\jupapmbm\lefgraji.exe
      C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\video1152.cfg.exe
      C:\WINDOWS\system32\vgbybmpu.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\ScanWizard 5\ScannerFinder.exe
      C:\OLIFAXVX\TOOLBAR.EXE
      C:\WINDOWS\system32\ntvdm.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\c.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection

      Server\WinNT\spnsrvnt.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\UPHClean\uphclean.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Outlook Express\msimn.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

      http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

      https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

      https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

      https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =

      http://www.crawler.com/search/ie.aspx?tb_id=60327
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =

      http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

      https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

      https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

      http://www.crawler.com/search/ie.aspx?tb_id=60327
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

      http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader -

      {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers

      communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

      {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

      Files\AVG\AVG8\avgssie.dll (file missing)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

      C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

      C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} -

      C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
      O2 - BHO: Google Toolbar Notifier BHO -

      {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

      Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} -

      C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

      C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware

      Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition

      Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKCU\..\Run: [swg] C:\Program

      Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Somefox]

      C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\video1152.cfg.exe
      O4 - HKCU\..\Run: [msgcmdsrv] C:\WINDOWS\system32\vgbybmpu.exe
      O4 - HKLM\..\Policies\Explorer\Run: [2xQicTF8hg] C:\Documents and

      Settings\All Users\Application Data\jupapmbm\lefgraji.exe
      O4 - Startup: Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE
      O4 - Startup: Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

      Office\Office\OSA9.EXE
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program

      Files\Google\Google Updater\GoogleUpdater.exe
      O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard

      5\ScannerFinder.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

      C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) -

      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

      Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

      C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

      {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

      C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

      {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

      Diagnostic\xpnetdiag.exe
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

      http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb

      _site.cab?1220115068484
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

      C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
      O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler

      (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir

      PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService)

      - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition

      Classic\avguard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

      Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software -

      C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

      C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Sentinel Protection Server (SentinelProtectionServer) -

      SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel

      Protection Server\WinNT\spnsrvnt.exe
      O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) -

      Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
      -1
  2. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Télécharge LopS&D.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    Installe le logiciel.
    Une icône va apparaitre sur le bureau. Double clique dessus pour lancer le logiciel
    Tu choisis la langue et l'option 1 pour effectuer la recherche.
    A la fin de la recherche, un rapport LopR.txt apparait. Il se trouve en C:\LopR.txt.
    Tu posteras ce rapport dans le prochain message.

    A+
    -1
  3. relax2000 Messages postés 273 Statut Membre
     
    c'est fait

    --------------------\\ Lop S&D 4.2.4-3 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 2800+ )
    BIOS : Default System BIOS
    USER : proprietaire ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total : 115 Go Free : 78 Go
    D:\ (CD or DVD)
    E:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 14-09-2008|22:40 )
    Option : [1] ( 18/09/2008|15:42 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [04/03/2008|00:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Grisoft
    [08/06/2008|15:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [03/03/2008|23:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
    [03/03/2008|23:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback

    [04/02/2008|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [16/01/2007|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [19/08/2008|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [13/01/2008|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [19/01/2007|23:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [18/09/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
    [26/02/2008|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [18/09/2008|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\jupapmbm
    [16/01/2007|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Anti-Virus Personal
    [24/02/2008|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
    [09/06/2008|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [15/01/2007|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [03/11/2007|18:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
    [16/01/2007|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
    [01/09/2007|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
    [16/01/2007|22:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
    [14/06/2007|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    [08/06/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [18/09/2008|13:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
    [14/06/2007|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    [15/01/2007|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [18/02/2008|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip

    [01/08/2008|14:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
    [15/01/2007|17:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [08/06/2008|15:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [08/06/2008|15:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [29/03/2007|17:40] C:\DOCUME~1\PROPRI~1\APPLIC~1\ABBYY
    [25/01/2007|14:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\ACD Systems
    [25/01/2007|14:15] C:\DOCUME~1\PROPRI~1\APPLIC~1\ACDInTouch
    [25/02/2008|14:42] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
    [08/06/2008|15:15] C:\DOCUME~1\PROPRI~1\APPLIC~1\AVGTOOLBAR
    [16/07/2008|21:40] C:\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo
    [26/05/2008|17:40] C:\DOCUME~1\PROPRI~1\APPLIC~1\ESTsoft
    [24/01/2007|12:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
    [06/04/2007|08:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\Help
    [16/01/2007|15:49] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
    [15/07/2008|17:43] C:\DOCUME~1\PROPRI~1\APPLIC~1\ItsLabel
    [01/05/2008|15:02] C:\DOCUME~1\PROPRI~1\APPLIC~1\ma-config.com
    [25/01/2007|16:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
    [09/06/2008|21:36] C:\DOCUME~1\PROPRI~1\APPLIC~1\Malwarebytes
    [18/09/2008|12:26] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
    [16/01/2007|22:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft Web Folders
    [27/08/2008|21:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\Mozilla
    [27/07/2008|08:43] C:\DOCUME~1\PROPRI~1\APPLIC~1\Notepad++
    [01/02/2008|16:24] C:\DOCUME~1\PROPRI~1\APPLIC~1\Nvu
    [26/01/2007|14:08] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real
    [03/02/2007|14:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\Simple Star
    [24/10/2007|11:35] C:\DOCUME~1\PROPRI~1\APPLIC~1\SPAMfighter
    [18/09/2008|13:09] C:\DOCUME~1\PROPRI~1\APPLIC~1\Spyware Terminator
    [28/05/2007|15:47] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
    [25/02/2008|09:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\Talkback
    [14/06/2007|22:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\Teleca
    [16/06/2007|09:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\XnView

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [18/09/2008 13:08][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [25/01/2007|14:19] C:\Program Files\ACD Systems
    [06/07/2008|13:05] C:\Program Files\Adobe
    [16/01/2007|17:01] C:\Program Files\Ahead
    [18/09/2008|10:20] C:\Program Files\akl
    [30/10/2007|12:38] C:\Program Files\Alwil Software
    [22/02/2008|23:50] C:\Program Files\AVAST
    [19/08/2008|21:55] C:\Program Files\Avira
    [03/03/2008|20:32] C:\Program Files\CCleaner
    [15/01/2007|17:23] C:\Program Files\ComPlus Applications
    [02/03/2007|02:08] C:\Program Files\DIFX
    [14/06/2007|22:32] C:\Program Files\Disc2Phone
    [07/09/2008|15:58] C:\Program Files\eMule
    [16/07/2008|21:40] C:\Program Files\EoRezo
    [26/05/2008|17:40] C:\Program Files\ESTsoft
    [25/03/2008|08:41] C:\Program Files\Fichiers communs
    [01/08/2008|14:46] C:\Program Files\Google
    [26/02/2008|23:42] C:\Program Files\Grisoft
    [16/01/2007|22:27] C:\Program Files\Hewlett-Packard
    [15/01/2007|18:52] C:\Program Files\HighMAT CD Writing Wizard
    [01/05/2008|16:00] C:\Program Files\Hp
    [01/05/2008|16:11] C:\Program Files\hp deskjet 970c series
    [21/03/2008|16:09] C:\Program Files\IKEA HomePlanner
    [18/09/2008|10:20] C:\Program Files\Inet Delivery
    [16/07/2008|20:33] C:\Program Files\INFORAD
    [16/07/2008|20:33] C:\Program Files\INFORAD_DRIVERS
    [07/09/2008|14:17] C:\Program Files\InstallShield Installation Information
    [13/08/2008|03:01] C:\Program Files\Internet Explorer
    [16/01/2007|16:52] C:\Program Files\Inventel
    [13/08/2008|03:10] C:\Program Files\ItsLabel
    [28/02/2007|14:28] C:\Program Files\IZArc
    [15/07/2008|07:21] C:\Program Files\Java
    [16/01/2007|22:24] C:\Program Files\Kaspersky Lab
    [16/01/2007|10:15] C:\Program Files\K-Lite Codec Pack
    [01/05/2008|15:01] C:\Program Files\ma-config.com
    [19/08/2008|21:06] C:\Program Files\Malwarebytes' Anti-Malware
    [11/09/2008|21:41] C:\Program Files\Messenger
    [15/01/2007|18:52] C:\Program Files\Microsoft Baseline Security Analyzer 2
    [15/01/2007|18:52] C:\Program Files\Microsoft BootVis
    [15/01/2007|18:52] C:\Program Files\Microsoft Calculatrice Plus
    [16/01/2007|22:22] C:\Program Files\microsoft frontpage
    [03/11/2007|18:41] C:\Program Files\Microsoft Office
    [18/09/2008|12:25] C:\Program Files\Microsoft Visual Studio
    [23/12/2007|12:34] C:\Program Files\MioTransfer
    [11/09/2008|21:40] C:\Program Files\Movie Maker
    [18/09/2008|13:15] C:\Program Files\Mozilla Firefox
    [03/11/2007|18:41] C:\Program Files\MSECache
    [15/01/2007|17:21] C:\Program Files\MSN
    [15/01/2007|17:22] C:\Program Files\MSN Gaming Zone
    [15/01/2007|18:57] C:\Program Files\MSXML 4.0
    [16/08/2007|03:06] C:\Program Files\MSXML 6.0
    [11/09/2008|21:38] C:\Program Files\NetMeeting
    [27/07/2008|08:43] C:\Program Files\Notepad++
    [15/01/2007|18:46] C:\Program Files\NVIDIA Corporation
    [16/06/2007|09:08] C:\Program Files\Nvu
    [15/01/2007|17:23] C:\Program Files\Online Services
    [10/04/2008|20:35] C:\Program Files\OpenOffice.org 2.0
    [12/09/2008|06:57] C:\Program Files\Outlook Express
    [25/01/2007|14:14] C:\Program Files\PENTAX
    [16/06/2007|10:17] C:\Program Files\PhotoFiltre
    [12/01/2008|21:17] C:\Program Files\PowerPoint Viewer
    [15/01/2007|18:56] C:\Program Files\Pro Imaging Powertoys
    [16/01/2007|10:16] C:\Program Files\QuickTime Alternative
    [13/03/2007|22:31] C:\Program Files\Real
    [09/09/2008|14:59] C:\Program Files\Real Alternative
    [02/03/2007|02:05] C:\Program Files\Realtek
    [16/08/2007|13:45] C:\Program Files\SafeNet Sentinel
    [17/09/2008|11:54] C:\Program Files\ScanWizard 5
    [15/01/2007|17:26] C:\Program Files\Services en ligne
    [01/09/2007|19:02] C:\Program Files\Siber Systems
    [03/02/2007|13:59] C:\Program Files\Simple Star
    [16/01/2007|22:23] C:\Program Files\Snapshot Viewer
    [14/06/2007|22:26] C:\Program Files\Sony Ericsson
    [08/06/2008|17:17] C:\Program Files\Spybot - Search & Destroy
    [18/09/2008|13:15] C:\Program Files\Spyware Terminator
    [16/01/2007|10:26] C:\Program Files\SuperCopier2
    [18/09/2008|13:51] C:\Program Files\Trend Micro
    [15/01/2007|17:54] C:\Program Files\Uninstall Information
    [15/01/2007|18:56] C:\Program Files\UPHClean
    [11/09/2008|21:51] C:\Program Files\WinClamAVShield
    [15/01/2007|18:52] C:\Program Files\Windows Journal Viewer
    [16/01/2007|10:12] C:\Program Files\Windows Media Connect 2
    [11/09/2008|21:38] C:\Program Files\Windows Media Player
    [11/09/2008|21:38] C:\Program Files\Windows NT
    [15/01/2007|17:26] C:\Program Files\WindowsUpdate
    [18/02/2008|08:25] C:\Program Files\WinZip
    [15/01/2007|17:28] C:\Program Files\xerox
    [16/06/2007|09:56] C:\Program Files\XnView

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [04/02/2008|11:41] C:\Program Files\Fichiers communs\Adobe
    [16/01/2007|17:01] C:\Program Files\Fichiers communs\Ahead
    [16/01/2007|22:13] C:\Program Files\Fichiers communs\Designer
    [16/01/2007|16:58] C:\Program Files\Fichiers communs\InstallShield
    [25/03/2008|08:41] C:\Program Files\Fichiers communs\Java
    [18/09/2008|12:25] C:\Program Files\Fichiers communs\Microsoft Shared
    [15/01/2007|17:25] C:\Program Files\Fichiers communs\MSSoap
    [15/01/2007|18:56] C:\Program Files\Fichiers communs\Nikon
    [15/01/2007|18:46] C:\Program Files\Fichiers communs\NVIDIA Shared
    [15/01/2007|18:03] C:\Program Files\Fichiers communs\ODBC
    [16/08/2007|13:45] C:\Program Files\Fichiers communs\SafeNet Sentinel
    [15/01/2007|17:25] C:\Program Files\Fichiers communs\Services
    [15/01/2007|18:03] C:\Program Files\Fichiers communs\SpeechEngines
    [12/09/2008|06:57] C:\Program Files\Fichiers communs\System
    [14/06/2007|22:27] C:\Program Files\Fichiers communs\Teleca Shared
    [21/03/2008|16:09] C:\Program Files\Fichiers communs\Wise Installation Wizard

    --------------------\\ Process

    ( 42 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-18 15:43:56
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 1

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:43][D:0]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
    [F:8][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
    [F:43][D:4]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 18/09/2008|15:45 - Option : [1]

    --------------------\\ Fin du rapport a 15:45:42

    @+
    -1
  4. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    1) Désinstalle le programme EoRezo : panneau de configuration --> Ajout/Supp de programmes.

    2)
    Pour cette manipulation, je te conseille de noter ou d'imprimer ce texte car la désinfection va se faire en mode sans échec et tu n'auras pas accès à Internet pour visualiser les consignes.
    Autre astuce : Copie/colle le texte dans un fichier .txt que tu enregistres sur ton bureau. Tu le retrouveras alors sur ton bureau et en mode sans échec.

    Tu télécharges MalwareBytes.
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    Tu l'installes. Choisis les options par défaut.
    A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’exécuter .
    Ne choisis que la mise à jour. Le logiciel sera lancé en mode sans échec.

    Tu relances l'ordinateur en mode sans échec ( tapote la touche F8 après redémarrage ).
    Tu choisis ton compte utilisateur.

    Pour lancer MalwareBytes, double-clique sur le raccourci du bureau.

    Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
    Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
    Clique sur lancer l’examen.

    A la fin de la recherche, Comme il est demandé, clique sur afficher les résultats de la recherche.
    Choisis alors Supprimer la selection pour nettoyer les infections.
    Tu postes le rapport dans ton prochain message.

    Si tu ne le retrouves pas, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est.
    Clique dessus et choisir ouvrir.

    A+
    -1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. relax2000 Messages postés 273 Statut Membre
     
    pas de eorezo dans mes programmes
    -1
  7. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Le dossier est présent dans C:\Program Files\
    On le supprimera plus tard.

    Passe MalwareBytes.

    Le scan dure environ 50 mn.

    A+
    -1
    1. relax2000 Messages postés 273 Statut Membre
       
      ok j'ai tout fait mais j'ai zappé le rapprt je ne trouvais plus le raccourci j'en ai donc refait un sans passer en sans
      echec

      il y a plein de trjan en quarantaine ,faut-il les supprimé
      comme j'ai spywaer terminator il y a aussi web security guard qui veut s'installer aparement ça fait partie de la même maison je l'installe ou je laisse?
      pour eoreso j'attends de tes nouvelles

      en tous cas pour l'instant je ne peux que te remercier çà và mieux
      a+



      Malwarebytes' Anti-Malware 1.28
      Version de la base de données: 1169
      Windows 5.1.2600 Service Pack 3

      18/09/2008 20:51:36
      mbam-log-2008-09-18 (20-51-36).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 139469
      Temps écoulé: 1 hour(s), 2 minute(s), 0 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      -1
  8. relax2000 Messages postés 273 Statut Membre
     
    ok je vais faire le scann je vais aussi m'asbsenter a+ ou à demain matin
    -1
  9. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    relax2000,

    Si tu as passé deux fois malwarebytes, il doit y avoir une trace d'un premier passage de l'outil.
    Ouvre malwarebytes --> Onglet rapport/Logs
    regarde si tu as deux rapports. Ils se nomment nbam-log-xx-xx-xxxx.txt.
    J'aimerais bien savoir ce que malwarebytes a supprimé.

    Poste moi aussi un rapport Hijackthis.

    A+
    -1
  10. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Pour les trojans en quarantaine, oui supprime les tous.

    Ouvre malwareBytes --> onglet quarantaine --> Tout supprimer.

    A+
    -1
  11. relax2000 Messages postés 273 Statut Membre
     
    Bonjour verni29
    je te poste ce que j'ai trouvé

    en fouillant un peu j'ai réussi à trouver les fichiers. Il me semblait les avoirs effacé

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1071
    Windows 5.1.2600 Service Pack 2

    21:35:04 19/08/2008
    mbam-log-08-19-2008 (21-35-04).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 121120
    Temps écoulé: 26 minute(s), 15 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 9

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP1\A0000012.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP2\A0000248.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP55\A0008544.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP55\A0008545.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\12F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\16E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\171.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\222.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\63.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1071
    Windows 5.1.2600 Service Pack 2

    10:24:57 07/09/2008
    mbam-log-09-07-2008 (10-24-57).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 123326
    Temps écoulé: 40 minute(s), 9 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1168
    Windows 5.1.2600 Service Pack 3

    18/09/2008 19:38:33
    mbam-log-2008-09-18 (19-38-33).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 139497
    Temps écoulé: 23 minute(s), 38 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 18
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 54

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msgcmdsrv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\2xqictf8hg (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\vgbybmpu.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\jupapmbm\lefgraji.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Local Settings\Temp\c.exe (Rogue.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Local Settings\Temp\video1152.cfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Local Settings\Temp\video1152.cfg (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1169
    Windows 5.1.2600 Service Pack 3

    18/09/2008 20:51:36
    mbam-log-2008-09-18 (20-51-36).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 139469
    Temps écoulé: 1 hour(s), 2 minute(s), 0 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Malwarebytes' Anti-Malware 1.15
    Version de la base de données: 843

    05:14:50 10/06/2008
    mbam-log-6-10-2008 (05-14-49).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 117100
    Temps écoulé: 32 minute(s), 57 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 6
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 12
    Fichier(s) infecté(s): 16

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\xxyayxyw.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyayxyw (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SMSERIALWORKERSTARTXXX (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\xxyayxyw.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Documents and Settings\proprietaire\Local Settings\Temp\rbnpsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP1\A0000008.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP1\A0000059.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP2\A0000310.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP2\A0001124.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP3\A0001164.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\3C9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\87.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphcthnj0er27.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\sysobjwertb.dll (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\wmstrbum.exe (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\tromomwin32.exe (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\cracrwinz.exe (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

    Malwarebytes' Anti-Malware 1.15
    Version de la base de données: 843

    05:14:50 10/06/2008
    mbam-log-6-10-2008 (05-14-49).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 117100
    Temps écoulé: 32 minute(s), 57 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 6
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 12
    Fichier(s) infecté(s): 16

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\xxyayxyw.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyayxyw (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SMSERIALWORKERSTARTXXX (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\xxyayxyw.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Documents and Settings\proprietaire\Local Settings\Temp\rbnpsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP1\A0000008.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP1\A0000059.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP2\A0000310.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP2\A0001124.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP3\A0001164.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\3C9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\87.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphcthnj0er27.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\sysobjwertb.dll (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\wmstrbum.exe (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\tromomwin32.exe (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\cracrwinz.exe (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\proprietaire\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    bon ben bon courrage
    a+
    -1
  12. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Merci relax2000
    Tu m'as posté tous les rapports mais j'ai trouvé celui que tu as passé hier soir avant le deuxième passage :

    Poste moi un rapport Hijackthis.
    -1
    1. relax2000
       
      Bonjour Verni29

      Il faudra que tu patientes un peu je suis en déplacement
      tu auras le rapport lundi
      Bon WE
      0