Sujet Précédent Sujet Suivant

Windowos security alerte

Fermé
relax2000 Messages postés 265 Date d'inscription lundi 7 janvier 2008 Statut Membre Dernière intervention 6 novembre 2016 - 18 sept. 2008 à 12:33
 relax2000 - 19 sept. 2008 à 17:11
Bonjour,
En bas de la barre de tache est rouge et ce message s'affiche

windowos security alert
trojan-clicker
enable protection est en brillance
dois je cliquer dessus
merci
A voir également:

11 réponses

Réponse 1 / 11
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
18 sept. 2008 à 12:35
Ne clique surtout pas dessus.
Sinon, l'infection va se développer.

Télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Choisir « Download Hijackthis Installer »
Après l'installation, un raccourci sera crée sur le bureau. Double-clique dessus pour le lancer.

Choisir l'option Do a system scan and save a logfile.
Le rapport va s'ouvrir. Tu copies/colles le contenu de ce rapport dans ton prochain message

A+
-1
relax2000 Messages postés 265 Date d'inscription lundi 7 janvier 2008 Statut Membre Dernière intervention 6 novembre 2016
18 sept. 2008 à 13:55
Bonjour verni 29

voilà voilà

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:32, on 18/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\jupapmbm\lefgraji.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\video1152.cfg.exe
C:\WINDOWS\system32\vgbybmpu.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\OLIFAXVX\TOOLBAR.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\c.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection

Server\WinNT\spnsrvnt.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =

http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =

http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers

communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware

Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition

Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Somefox]

C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\video1152.cfg.exe
O4 - HKCU\..\Run: [msgcmdsrv] C:\WINDOWS\system32\vgbybmpu.exe
O4 - HKLM\..\Policies\Explorer\Run: [2xQicTF8hg] C:\Documents and

Settings\All Users\Application Data\jupapmbm\lefgraji.exe
O4 - Startup: Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE
O4 - Startup: Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program

Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard

5\ScannerFinder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb

_site.cab?1220115068484
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler

(AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir

PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService)

- Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition

Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software -

C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) -

SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel

Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) -

Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
-1
Réponse 2 / 11
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
18 sept. 2008 à 14:08
Télécharge LopS&D.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Installe le logiciel.
Une icône va apparaitre sur le bureau. Double clique dessus pour lancer le logiciel
Tu choisis la langue et l'option 1 pour effectuer la recherche.
A la fin de la recherche, un rapport LopR.txt apparait. Il se trouve en C:\LopR.txt.
Tu posteras ce rapport dans le prochain message.

A+
-1
Réponse 3 / 11
relax2000 Messages postés 265 Date d'inscription lundi 7 janvier 2008 Statut Membre Dernière intervention 6 novembre 2016
18 sept. 2008 à 15:47
c'est fait


--------------------\\ Lop S&D 4.2.4-3 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 2800+ )
BIOS : Default System BIOS
USER : proprietaire ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 115 Go Free : 78 Go
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 14-09-2008|22:40 )
Option : [1] ( 18/09/2008|15:42 )

--------------------\\ Listing des dossiers dans APPLIC~1

[04/03/2008|00:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Grisoft
[08/06/2008|15:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[03/03/2008|23:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[03/03/2008|23:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback

[04/02/2008|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[16/01/2007|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[19/08/2008|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[13/01/2008|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[19/01/2007|23:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[18/09/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[26/02/2008|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[18/09/2008|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\jupapmbm
[16/01/2007|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Anti-Virus Personal
[24/02/2008|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[09/06/2008|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[15/01/2007|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[03/11/2007|18:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[16/01/2007|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[01/09/2007|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
[16/01/2007|22:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[14/06/2007|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[08/06/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[18/09/2008|13:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
[14/06/2007|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[15/01/2007|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[18/02/2008|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip

[01/08/2008|14:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[15/01/2007|17:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[08/06/2008|15:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[08/06/2008|15:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[29/03/2007|17:40] C:\DOCUME~1\PROPRI~1\APPLIC~1\ABBYY
[25/01/2007|14:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\ACD Systems
[25/01/2007|14:15] C:\DOCUME~1\PROPRI~1\APPLIC~1\ACDInTouch
[25/02/2008|14:42] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[08/06/2008|15:15] C:\DOCUME~1\PROPRI~1\APPLIC~1\AVGTOOLBAR
[16/07/2008|21:40] C:\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo
[26/05/2008|17:40] C:\DOCUME~1\PROPRI~1\APPLIC~1\ESTsoft
[24/01/2007|12:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[06/04/2007|08:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\Help
[16/01/2007|15:49] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[15/07/2008|17:43] C:\DOCUME~1\PROPRI~1\APPLIC~1\ItsLabel
[01/05/2008|15:02] C:\DOCUME~1\PROPRI~1\APPLIC~1\ma-config.com
[25/01/2007|16:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[09/06/2008|21:36] C:\DOCUME~1\PROPRI~1\APPLIC~1\Malwarebytes
[18/09/2008|12:26] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[16/01/2007|22:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft Web Folders
[27/08/2008|21:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\Mozilla
[27/07/2008|08:43] C:\DOCUME~1\PROPRI~1\APPLIC~1\Notepad++
[01/02/2008|16:24] C:\DOCUME~1\PROPRI~1\APPLIC~1\Nvu
[26/01/2007|14:08] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real
[03/02/2007|14:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\Simple Star
[24/10/2007|11:35] C:\DOCUME~1\PROPRI~1\APPLIC~1\SPAMfighter
[18/09/2008|13:09] C:\DOCUME~1\PROPRI~1\APPLIC~1\Spyware Terminator
[28/05/2007|15:47] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[25/02/2008|09:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\Talkback
[14/06/2007|22:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\Teleca
[16/06/2007|09:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\XnView

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[18/09/2008 13:08][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[25/01/2007|14:19] C:\Program Files\ACD Systems
[06/07/2008|13:05] C:\Program Files\Adobe
[16/01/2007|17:01] C:\Program Files\Ahead
[18/09/2008|10:20] C:\Program Files\akl
[30/10/2007|12:38] C:\Program Files\Alwil Software
[22/02/2008|23:50] C:\Program Files\AVAST
[19/08/2008|21:55] C:\Program Files\Avira
[03/03/2008|20:32] C:\Program Files\CCleaner
[15/01/2007|17:23] C:\Program Files\ComPlus Applications
[02/03/2007|02:08] C:\Program Files\DIFX
[14/06/2007|22:32] C:\Program Files\Disc2Phone
[07/09/2008|15:58] C:\Program Files\eMule
[16/07/2008|21:40] C:\Program Files\EoRezo
[26/05/2008|17:40] C:\Program Files\ESTsoft
[25/03/2008|08:41] C:\Program Files\Fichiers communs
[01/08/2008|14:46] C:\Program Files\Google
[26/02/2008|23:42] C:\Program Files\Grisoft
[16/01/2007|22:27] C:\Program Files\Hewlett-Packard
[15/01/2007|18:52] C:\Program Files\HighMAT CD Writing Wizard
[01/05/2008|16:00] C:\Program Files\Hp
[01/05/2008|16:11] C:\Program Files\hp deskjet 970c series
[21/03/2008|16:09] C:\Program Files\IKEA HomePlanner
[18/09/2008|10:20] C:\Program Files\Inet Delivery
[16/07/2008|20:33] C:\Program Files\INFORAD
[16/07/2008|20:33] C:\Program Files\INFORAD_DRIVERS
[07/09/2008|14:17] C:\Program Files\InstallShield Installation Information
[13/08/2008|03:01] C:\Program Files\Internet Explorer
[16/01/2007|16:52] C:\Program Files\Inventel
[13/08/2008|03:10] C:\Program Files\ItsLabel
[28/02/2007|14:28] C:\Program Files\IZArc
[15/07/2008|07:21] C:\Program Files\Java
[16/01/2007|22:24] C:\Program Files\Kaspersky Lab
[16/01/2007|10:15] C:\Program Files\K-Lite Codec Pack
[01/05/2008|15:01] C:\Program Files\ma-config.com
[19/08/2008|21:06] C:\Program Files\Malwarebytes' Anti-Malware
[11/09/2008|21:41] C:\Program Files\Messenger
[15/01/2007|18:52] C:\Program Files\Microsoft Baseline Security Analyzer 2
[15/01/2007|18:52] C:\Program Files\Microsoft BootVis
[15/01/2007|18:52] C:\Program Files\Microsoft Calculatrice Plus
[16/01/2007|22:22] C:\Program Files\microsoft frontpage
[03/11/2007|18:41] C:\Program Files\Microsoft Office
[18/09/2008|12:25] C:\Program Files\Microsoft Visual Studio
[23/12/2007|12:34] C:\Program Files\MioTransfer
[11/09/2008|21:40] C:\Program Files\Movie Maker
[18/09/2008|13:15] C:\Program Files\Mozilla Firefox
[03/11/2007|18:41] C:\Program Files\MSECache
[15/01/2007|17:21] C:\Program Files\MSN
[15/01/2007|17:22] C:\Program Files\MSN Gaming Zone
[15/01/2007|18:57] C:\Program Files\MSXML 4.0
[16/08/2007|03:06] C:\Program Files\MSXML 6.0
[11/09/2008|21:38] C:\Program Files\NetMeeting
[27/07/2008|08:43] C:\Program Files\Notepad++
[15/01/2007|18:46] C:\Program Files\NVIDIA Corporation
[16/06/2007|09:08] C:\Program Files\Nvu
[15/01/2007|17:23] C:\Program Files\Online Services
[10/04/2008|20:35] C:\Program Files\OpenOffice.org 2.0
[12/09/2008|06:57] C:\Program Files\Outlook Express
[25/01/2007|14:14] C:\Program Files\PENTAX
[16/06/2007|10:17] C:\Program Files\PhotoFiltre
[12/01/2008|21:17] C:\Program Files\PowerPoint Viewer
[15/01/2007|18:56] C:\Program Files\Pro Imaging Powertoys
[16/01/2007|10:16] C:\Program Files\QuickTime Alternative
[13/03/2007|22:31] C:\Program Files\Real
[09/09/2008|14:59] C:\Program Files\Real Alternative
[02/03/2007|02:05] C:\Program Files\Realtek
[16/08/2007|13:45] C:\Program Files\SafeNet Sentinel
[17/09/2008|11:54] C:\Program Files\ScanWizard 5
[15/01/2007|17:26] C:\Program Files\Services en ligne
[01/09/2007|19:02] C:\Program Files\Siber Systems
[03/02/2007|13:59] C:\Program Files\Simple Star
[16/01/2007|22:23] C:\Program Files\Snapshot Viewer
[14/06/2007|22:26] C:\Program Files\Sony Ericsson
[08/06/2008|17:17] C:\Program Files\Spybot - Search & Destroy
[18/09/2008|13:15] C:\Program Files\Spyware Terminator
[16/01/2007|10:26] C:\Program Files\SuperCopier2
[18/09/2008|13:51] C:\Program Files\Trend Micro
[15/01/2007|17:54] C:\Program Files\Uninstall Information
[15/01/2007|18:56] C:\Program Files\UPHClean
[11/09/2008|21:51] C:\Program Files\WinClamAVShield
[15/01/2007|18:52] C:\Program Files\Windows Journal Viewer
[16/01/2007|10:12] C:\Program Files\Windows Media Connect 2
[11/09/2008|21:38] C:\Program Files\Windows Media Player
[11/09/2008|21:38] C:\Program Files\Windows NT
[15/01/2007|17:26] C:\Program Files\WindowsUpdate
[18/02/2008|08:25] C:\Program Files\WinZip
[15/01/2007|17:28] C:\Program Files\xerox
[16/06/2007|09:56] C:\Program Files\XnView

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[04/02/2008|11:41] C:\Program Files\Fichiers communs\Adobe
[16/01/2007|17:01] C:\Program Files\Fichiers communs\Ahead
[16/01/2007|22:13] C:\Program Files\Fichiers communs\Designer
[16/01/2007|16:58] C:\Program Files\Fichiers communs\InstallShield
[25/03/2008|08:41] C:\Program Files\Fichiers communs\Java
[18/09/2008|12:25] C:\Program Files\Fichiers communs\Microsoft Shared
[15/01/2007|17:25] C:\Program Files\Fichiers communs\MSSoap
[15/01/2007|18:56] C:\Program Files\Fichiers communs\Nikon
[15/01/2007|18:46] C:\Program Files\Fichiers communs\NVIDIA Shared
[15/01/2007|18:03] C:\Program Files\Fichiers communs\ODBC
[16/08/2007|13:45] C:\Program Files\Fichiers communs\SafeNet Sentinel
[15/01/2007|17:25] C:\Program Files\Fichiers communs\Services
[15/01/2007|18:03] C:\Program Files\Fichiers communs\SpeechEngines
[12/09/2008|06:57] C:\Program Files\Fichiers communs\System
[14/06/2007|22:27] C:\Program Files\Fichiers communs\Teleca Shared
[21/03/2008|16:09] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 42 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 15:43:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:43][D:0]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:8][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:43][D:4]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 18/09/2008|15:45 - Option : [1]

--------------------\\ Fin du rapport a 15:45:42

@+
-1
Réponse 4 / 11
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
18 sept. 2008 à 15:58
1) Désinstalle le programme EoRezo : panneau de configuration --> Ajout/Supp de programmes.

2)
Pour cette manipulation, je te conseille de noter ou d'imprimer ce texte car la désinfection va se faire en mode sans échec et tu n'auras pas accès à Internet pour visualiser les consignes.
Autre astuce : Copie/colle le texte dans un fichier .txt que tu enregistres sur ton bureau. Tu le retrouveras alors sur ton bureau et en mode sans échec.

Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’exécuter .
Ne choisis que la mise à jour. Le logiciel sera lancé en mode sans échec.

Tu relances l'ordinateur en mode sans échec ( tapote la touche F8 après redémarrage ).
Tu choisis ton compte utilisateur.

Pour lancer MalwareBytes, double-clique sur le raccourci du bureau.

Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.

A la fin de la recherche, Comme il est demandé, clique sur afficher les résultats de la recherche.
Choisis alors Supprimer la selection pour nettoyer les infections.
Tu postes le rapport dans ton prochain message.

Si tu ne le retrouves pas, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est.
Clique dessus et choisir ouvrir.


A+
-1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
relax2000 Messages postés 265 Date d'inscription lundi 7 janvier 2008 Statut Membre Dernière intervention 6 novembre 2016
18 sept. 2008 à 16:15
pas de eorezo dans mes programmes
-1
Réponse 6 / 11
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
18 sept. 2008 à 16:23
Le dossier est présent dans C:\Program Files\
On le supprimera plus tard.

Passe MalwareBytes.

Le scan dure environ 50 mn.

A+
-1
relax2000 Messages postés 265 Date d'inscription lundi 7 janvier 2008 Statut Membre Dernière intervention 6 novembre 2016
18 sept. 2008 à 21:03
ok j'ai tout fait mais j'ai zappé le rapprt je ne trouvais plus le raccourci j'en ai donc refait un sans passer en sans
echec

il y a plein de trjan en quarantaine ,faut-il les supprimé
comme j'ai spywaer terminator il y a aussi web security guard qui veut s'installer aparement ça fait partie de la même maison je l'installe ou je laisse?
pour eoreso j'attends de tes nouvelles

en tous cas pour l'instant je ne peux que te remercier çà và mieux
a+



Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1169
Windows 5.1.2600 Service Pack 3

18/09/2008 20:51:36
mbam-log-2008-09-18 (20-51-36).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 139469
Temps écoulé: 1 hour(s), 2 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
-1
Réponse 7 / 11
relax2000 Messages postés 265 Date d'inscription lundi 7 janvier 2008 Statut Membre Dernière intervention 6 novembre 2016
18 sept. 2008 à 16:31
ok je vais faire le scann je vais aussi m'asbsenter a+ ou à demain matin
-1
Réponse 8 / 11
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
18 sept. 2008 à 21:07
relax2000,

Si tu as passé deux fois malwarebytes, il doit y avoir une trace d'un premier passage de l'outil.
Ouvre malwarebytes --> Onglet rapport/Logs
regarde si tu as deux rapports. Ils se nomment nbam-log-xx-xx-xxxx.txt.
J'aimerais bien savoir ce que malwarebytes a supprimé.

Poste moi aussi un rapport Hijackthis.

A+
-1
Réponse 9 / 11
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
18 sept. 2008 à 21:18
Pour les trojans en quarantaine, oui supprime les tous.

Ouvre malwareBytes --> onglet quarantaine --> Tout supprimer.

A+
-1
Réponse 10 / 11
relax2000 Messages postés 265 Date d'inscription lundi 7 janvier 2008 Statut Membre Dernière intervention 6 novembre 2016
19 sept. 2008 à 07:46
Bonjour verni29
je te poste ce que j'ai trouvé

en fouillant un peu j'ai réussi à trouver les fichiers. Il me semblait les avoirs effacé

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1071
Windows 5.1.2600 Service Pack 2

21:35:04 19/08/2008
mbam-log-08-19-2008 (21-35-04).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 121120
Temps écoulé: 26 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP1\A0000012.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP2\A0000248.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP55\A0008544.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP55\A0008545.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\12F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\16E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\171.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\222.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\63.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1071
Windows 5.1.2600 Service Pack 2

10:24:57 07/09/2008
mbam-log-09-07-2008 (10-24-57).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 123326
Temps écoulé: 40 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1168
Windows 5.1.2600 Service Pack 3

18/09/2008 19:38:33
mbam-log-2008-09-18 (19-38-33).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 139497
Temps écoulé: 23 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 54

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msgcmdsrv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\2xqictf8hg (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\vgbybmpu.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\jupapmbm\lefgraji.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Local Settings\Temp\c.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Local Settings\Temp\video1152.cfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Local Settings\Temp\video1152.cfg (Trojan.FakeAlert) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1169
Windows 5.1.2600 Service Pack 3

18/09/2008 20:51:36
mbam-log-2008-09-18 (20-51-36).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 139469
Temps écoulé: 1 hour(s), 2 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Malwarebytes' Anti-Malware 1.15
Version de la base de données: 843

05:14:50 10/06/2008
mbam-log-6-10-2008 (05-14-49).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 117100
Temps écoulé: 32 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\xxyayxyw.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyayxyw (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SMSERIALWORKERSTARTXXX (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\proprietaire\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\xxyayxyw.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\proprietaire\Local Settings\Temp\rbnpsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP1\A0000008.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP1\A0000059.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP2\A0000310.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP2\A0001124.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP3\A0001164.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3C9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\87.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcthnj0er27.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\sysobjwertb.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wmstrbum.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\tromomwin32.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cracrwinz.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.15
Version de la base de données: 843

05:14:50 10/06/2008
mbam-log-6-10-2008 (05-14-49).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 117100
Temps écoulé: 32 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\xxyayxyw.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyayxyw (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{189a78b1-ceb8-45fd-9c12-4b9c8a965a58} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SMSERIALWORKERSTARTXXX (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\proprietaire\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\xxyayxyw.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\proprietaire\Local Settings\Temp\rbnpsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP1\A0000008.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP1\A0000059.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP2\A0000310.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP2\A0001124.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{76B765B1-FA29-42F6-A2BF-4DFEF3EFD2DA}\RP3\A0001164.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3C9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\87.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcthnj0er27.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\sysobjwertb.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wmstrbum.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\tromomwin32.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cracrwinz.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\proprietaire\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
bon ben bon courrage
a+
-1
Réponse 11 / 11
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 sept. 2008 à 09:52
Merci relax2000
Tu m'as posté tous les rapports mais j'ai trouvé celui que tu as passé hier soir avant le deuxième passage :

Poste moi un rapport Hijackthis.
-1
relax2000
19 sept. 2008 à 17:11
Bonjour Verni29

Il faudra que tu patientes un peu je suis en déplacement
tu auras le rapport lundi
Bon WE
0

Discussions similaires

Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse
Boîte mail piratée ?
mike the llama -
mike the llama -

4 réponses
Problème: sécurity task manager
gotacht -
Ysis -

5 réponses
alerte cobra en stearming
ABOU 75 -
ferrari52 -

7 réponses