Comment supprimer Antispyware 2009 ?

Résolu
passpartt Messages postés 12 Statut Membre -  
 hemve17 -
Bonjour.
Mon ordinateur est infecté par un rogue : XP Antispyware 2009. Il me bloque des pages internet, m'en ouvre sans demande, m'indique que mon ordinateur est infecté, me propose une 'analyse' du système...etc.
J'ai essayé de la supprimer avec SpyHunter mais je n'y suis pas arrivée. Je ne trouve pas XP Antispyware 2009 dans C:/Programme Files ni dans Processus ; pourtant il est toujours bien là...

Quelqu'un pourrait-il m'indiquer la démarche à faire ?

Je n'en peux plus de ce faux antispyware...

Merci d'avance.
Configuration: Windows XP
Internet Explorer 7.0

47 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Un logiciel rogue nommé XP Antispyware 2009 bloque les pages Internet, affiche des alertes fausses et empêche la suppression standard, obligeant à chercher des solutions de nettoyage plus poussées. Des réponses conseillent d'exécuter un examen complet avec Malwarebytes' Anti-Malware et SpyHunter, puis de supprimer les éléments détectés et de nettoyer les clés et valeurs du registre associées à XP Antispyware 2009. Des rapports détaillent des éléments infectés dans le registre et des fichiers système, et indiquent des suppressions réussies, notamment dans C:\Program Files\XP_AntiSpyware et les entrées Run associées. Une nuance utile indique que la sécurité doit être renforcée après nettoyage par la réactivation des protections et un balayage répété avec plusieurs outils pour prévenir toute résurgence.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Lyha ---> Ce serait mieux que tu crées ton propre sujet ;)
    3
  2. memey Messages postés 2 Statut Membre 1
     
    Merci beaucoup le virus n'est plus la !!!!
    trop trop trop bien !!

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1325
    Windows 5.1.2600 Service Pack 2

    27/10/2008 13:18:32
    mbam-log-2008-10-27 (13-18-32).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 64196
    Temps écoulé: 1 hour(s), 18 minute(s), 19 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 25

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xp_antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp antispyware 2009 (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (C:\WINDOWS\pchealth\Global.exe) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\data (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\AVEngn.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\htmlayout.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\pthreadVC2.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\Uninstall.exe (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\XP_Antispyware.cfg (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\data\daily.cvd (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcm80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcp80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcr80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\memey\Application Data\Microsoft\Internet Explorer\Quick Launch\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Pass2.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wini10331.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\memey\Bureau\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    1
  3. totobetourne Messages postés 5677 Statut Membre 65
     
    se serait mieux de chacun creer son propre topic en demandant de l aide avec pour chacun les 2 rapports malwarebyte avant et un hijack apres.vous auriez vite une reponse.
    1
    1. ballcity
       
      Bonjour,

      je suis entièrement d'accord avec vous. Je lancerai Hijack ce soir et je reviendrai vers vous avec le rapport.

      Cordialement
      0
    2. ballcity
       
      Bonjour,

      Comme prévu, ci-joint le rapport de mon Hijackthis

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 00:35:10, on 29/10/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      c:\windows\system32\omoyayu.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
      O4 - HKCU\..\Run: [omoyayu] "c:\windows\system32\omoyayu.exe" omoyayu
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB3BBA1-F7EC-4E37-8F16-770E0C6C2221}: NameServer = 212.27.40.240,212.27.40.241
      O20 - AppInit_DLLs: karna.dat
      O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Documents and Settings\Hery.HERY-RANDRIA\Bureau\Ares\chatServer.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
      O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
      0
  4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Refais ton propre sujet.
    1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. fxttt
     
    Pour le cas de XP Antispyware 2009, j'ai trouvé une méthode particulière. Sous Windows XP, il avait désactivé EndPoint, Spy&Bot ainsi que Bit Defender Free V10, détruisant toutes les defenses immunitaires. En fait, un fichier beep.sys se regénèrait automatiquement dans c:\windows\system32\drivers. Après avoir désactivé la restauration, il a suffi de supprimer ce fichier et de couper électriquement le pc dans la demi-seconde avant qu'il ne se régénère. Au redémarrage, EndPoint parvenait à redémarrer porte le coup de grâce à la pelletée de virus qui avait profité de la désactivation de tous les systèmes de défense pour s'installer.
    Pour finaliser le nettoyage, l'utilisation de Spy&Bot et Bitdefender en complément de EndPoint peut s'avérer utile.
    0
  7. bigtotof
     
    bonjour,

    j'ai également eu le droit a ce virus et jai reussi a lesupprimer uniquement grace a malwarebytes. un petit nettoyage en plus avec ccleaner et toolcleaner. ca pas été facile car le virus faisait eteindre mon pc toute les 10 minutes environs...
    0
  8. totobetourne Messages postés 5677 Statut Membre 65
     
    probleme resolu cela m etonnerait bcp car vu le nomdre d adware , de trojan et tout le reste tu dois cliquer sur tout ce qui bouge, donc tu te fais avoir assez souvent.le but est de ne pas revenir pour un moment.

    reflechis avant et clique apres.fait attention au p2p.

    d ailleurs vu ce que t a enleve malwarebyte et combo fix il te reste peut etre un peu d infection navipromo mais la c est a voir.

    pas de pare feu reel , pare feu windows c est une merde .

    java pas a jour et infection possible en utilisant les failles de ce programme

    tu vas sur internet avec internet explorer(mine a virus , ver, trojan,....) passe plutot a mozilla bcp plus sur.

    si pour destrio c est bon et bien cela m etonne a mes yeux.vu le nombre d infection que tu avais , il aurait du te dire qu il y a quelquechose qui ne tourne pas rond.
    0
  9. Lyha
     
    Salut !!

    Moi aussi j'ai récupéré cette merde, je viens de lire les conseils plus haut, donc je vais commencer par faire ce qui n'est pas spécifique à chaque utilisateur. Par contre, est-ce que je peux poster mon rapport ici ? En gros, qqn veut-il bien m'aider ? ^_^

    Voilà je vais faire tout ça, à tte
    0
  10. J-D-M
     
    J'ai réussi le supprimer avec Malwarebytes' Anti-Malware. Ça m'a pris quelques heures, mais tout est parfait maintenant, merci pour vos instructions :D
    0
  11. K-FRINE 974
     
    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1313
    Windows 5.1.2600 Service Pack 2

    24/10/2008 22:38:59
    mbam-log-2008-10-24 (22-38-59).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 137099
    Temps écoulé: 3 hour(s), 18 minute(s), 41 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 68

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywarexp 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\shell (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\data (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temporary Internet Files\Content.IE5\YWLRFV6C\._file[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\av.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\0x01xx8p.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\TDSSafc4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.cfg (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\AVEngn.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\htmlayout.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\wscui.cpl (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\data\daily.cvd (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcm80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcp80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcr80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\SysFile.brk (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\3.ext (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Bureau\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\E.l.o.d.i.e\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\E.l.o.d.i.e\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temporary Internet Files\zilileru.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temp\TDSS560c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temp\TDSS563a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temp\TDSS6454.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\TDSS78f5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\TDSS7af9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\TDSS8a79.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\TDSS8ff8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temp\TDSS2670.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temp\TDSSe6c7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\florent\Local Settings\Temp\TDSSe967.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSbubx.log (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSScfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSfxmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSfxwp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSjllx.log (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSkpjp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSnmxh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSnrsr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSofxh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSosvd.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSrhym.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSsbhc.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSStkdv.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\TDSSofxh.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\TDSSpaxt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    0
  12. luc
     
    fxttt, ta solution est rapide et efficace! un peut brut...
    merci
    0
  13. ballcity
     
    Bonjour,

    J'ai le même problème depuis avant hier et j'ai lancé Malwarebyte en mode échec. Le virus semble être supprimé (plus de message ni antispyware2009...) et ci-apès le rapport :

    Malwarebytes' Anti-Malware 1.30
    Database version: 1306
    Windows 5.1.2600 Service Pack 3

    28/10/2008 00:05:15
    mbam-log-2008-10-28 (00-05-15).txt

    Scan type: Full Scan (C:\|D:\|E:\|)
    Objects scanned: 149472
    Time elapsed: 1 hour(s), 10 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 32

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\System Volume Information\_restore{3ECD4BEA-175D-452C-877A-B73ECF6D5EB5}\RP294\A0040913.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{3ECD4BEA-175D-452C-877A-B73ECF6D5EB5}\RP294\A0041562.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
    C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\acmig_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\acmig_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Hery.HERY-RANDRIA\Bureau\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Hery.HERY-RANDRIA\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Hery.HERY-RANDRIA\Local Settings\Temporary Internet Files\aleri.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\TDSS5e89.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\TDSS64d5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Hery.HERY-RANDRIA\Cookies\biker.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Hery.HERY-RANDRIA\Local Settings\Temp\TDSS1634.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Hery.HERY-RANDRIA\Local Settings\Temp\TDSSc870.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Hery.HERY-RANDRIA\Local Settings\Temp\TDSSca00.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSdlpb.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSkfkl.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSottp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSshbe.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSurkv.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSxnyq.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\TDSSrfdc.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

    Dois-je lancer autres choses ?

    Merci de votre aide.

    Cordialement.
    0
  14. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Je suis d'accord avec totobetourne.
    0
  15. alimemo Messages postés 4 Date d'inscription   Statut Membre Dernière intervention  
     
    voila le rapport merci

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:48:41, on 28/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20900)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\cchservice.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\cc32\webtmr.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
    C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Antivirus 2009\av2009.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\tray\wintmr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = alimemo
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: hayatipaylas_org toolbar - {0c88b087-2545-4e80-a5ee-296af772f67e} - C:\Program Files\hayatipaylas_org\tbhaya.dll
    O1 - Hosts: ;Tag&rename
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: hayatipaylas_org toolbar - {0c88b087-2545-4e80-a5ee-296af772f67e} - C:\Program Files\hayatipaylas_org\tbhaya.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: offersfortoday - {ed1892f7-c83e-8aa0-3a55-906d71260029} - C:\WINDOWS\system32\nsw9C.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: hayatipaylas_org toolbar - {0c88b087-2545-4e80-a5ee-296af772f67e} - C:\Program Files\hayatipaylas_org\tbhaya.dll
    O4 - HKLM\..\Run: [ChicoSys] C:\WINDOWS\system32\cc32\webtmr.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [CCWinTray] C:\WINDOWS\Tray\wintmr.exe
    O4 - HKCU\..\Run: [19020720429092288979588272005901] C:\Program Files\Antivirus 2009\av2009.exe
    O4 - HKCU\..\Run: [Antispyware PRO XP] "C:\Documents and Settings\All Users\Application Data\Software Licensors\Antispyware PRO XP\asproxp.exe" /autorun
    O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_1.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1223927628737&h=3afbbc155feff922b0a4f4eb96b2385d/&filename=jinstall-6u7-windows-i586-jc.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Windows-CCHook-Service - Salfeld Computer - C:\WINDOWS\system32\cchservice.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
    0
  16. alimemo Messages postés 4 Date d'inscription   Statut Membre Dernière intervention  
     
    merci c'est tres gentil de votre part
    0
  17. rolandd Messages postés 1 Statut Membre
     
    allo esseiller window live one care moi ca a marcher
    0
  18. darkfairyinsky
     
    Bonjour ! Bon moi jai le meme probleme ! antispyware 2009 et antivirus pro 2009 je sait pas comment enlever cte shit la !! je ne peu pas ouvrire une page internet avec Explorer je peu seulement avec Firefox ! et je vien dacheter mon antivirus (Norton 360 2.0) quelqun aider moi je sait pas quoi faire ! je le trouve nul part moi aussi
    0
  19. didelo
     
    bonjour,
    je viens d'effectuer la manip conseillée sur cette page et le malware semble avoir disparu!!
    un grand soulagement!
    par contre je me demandais quelle était l'utilité de poster le rapport içi?
    0
  • 1
  • 2
  • 3