Virus alert!

Résolu
clemesis Messages postés 37 Statut Membre -  
 wajdi -
Bonjour,

Voilà j'ai attrapé un "bon" virus je pense, vu l'état dans lequel se trouvait mon PC...bref j'ai réussi à supprimer les trojans mais maintenant je me retrouve avec un menu "démarrer" sans "tous les programmes", il n'y a plus de panneau de configuration et lorsque je presse"ctrl+alt+suppr", windows me dit que cette fonction a été désactivé par l'administrateur.
De plus, depuis cette "attaque", j'ai plusieurs fenêtre Internet Explorer qui apparaissent en me proposant de télécharger "VIRUS SCAN 2008" ou quelque chose comme ça...C'est très ennuyant et ca énerve très vite surtout lorsque l'on ne sait pas comment s'en débarasser...Si quelqu'un a une idée sur la question...

Merci à tous.

Clément

p.s: je suis sous Windows XP Pro
Configuration: Windows XP
Firefox 3.0.3

24 réponses

  • 1
  • 2
  1. I'm_Here Messages postés 156 Statut Membre 26
     
    Bonsoir,

    essaye avant tout le tuyau que t'as donné X-Roncamma,

    tu peux faire une petite analyse manuelle si ca t'interesse alors :

    sauvegarde la clef du registre au cas ou :)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies


    puis mets ce code dans un fichier d'extension reg double clique dessus et confirme :

    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    


    ce fichier va vous permettre de supprimer toutes les restrictions - s'il y en a- que le virus vous a faites.
    Si le problème, persiste reinstalle FF

    ...
    0
  2. clemesis Messages postés 37 Statut Membre
     
    Bonsoir, voici le rapport de malmwarebytes
    Le logiciel me propose de supprimer tous ces éléments mais je ne suis pas trop calé alors je me demande si je dois le faire ou pas, j'ai peur de virer des fichiers importants et nécessaires.

    Malwarebytes' Anti-Malware 1.29
    Database version: 1276
    Windows 5.1.2600 Service Pack 2

    10/18/2008 11:37:18 PM
    mbam-log-2008-10-18 (23-37-11).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 80869
    Time elapsed: 1 hour(s), 22 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 22
    Registry Values Infected: 3
    Registry Data Items Infected: 15
    Folders Infected: 0
    Files Infected: 16

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\qrbgltos.dll (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\ngwstxfd.dll (Trojan.FakeAlert) -> No action taken.

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\TypeLib\{d47e05ee-7a24-453d-ac6a-401001315c21} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{a59b69e2-43de-4308-9097-ca6d83bd71ad} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{dd75ab82-cbe3-4096-825e-c24bfa82b5ff} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{2482d138-9ea9-4049-8e51-a6d21f2694c5} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{469792e3-064c-458c-af90-7234f935353e} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{4705199e-8ad5-4ccd-83bf-8304af2a31ce} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{885f9b10-acfc-45ed-bc57-8d1d2fa9d810} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{04d74391-e69c-43ea-9dce-42432e6ae0da} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{36147831-8fb7-42ff-879c-ac53d9cbd265} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{418aff45-c708-4d10-aedd-f8b3557e2188} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{e9289aa8-560a-41a2-b5b1-59c20cc32bac} (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\rosqxvmn.btsx (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\rosqxvmn.toolbar.1 (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{dd75ab82-cbe3-4096-825e-c24bfa82b5ff} (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qrbgltos (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ngwstxfd (Trojan.FakeAlert) -> No action taken.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-OEM-0014333-45135) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\BM472b55ec.xml (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\BM472b55ec.txt (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\rosqxvmn.dll (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\qrbgltos.dll (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\ngwstxfd.dll (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\lomxeqsn.exe (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\Clement\Local Settings\Temp\windfr.exe (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\Clement\Local Settings\Temp\smchk.exe (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\Clement\Local Settings\Temp\pwrmgr.exe (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\Clement\Desktop\Protect Your Privacy.url (Rogue.Link) -> No action taken.
    C:\Documents and Settings\Clement\Desktop\Malware Defender.url (Rogue.Link) -> No action taken.
    C:\Documents and Settings\Clement\Desktop\System Error Fixer.url (Rogue.Link) -> No action taken.
    C:\Documents and Settings\Clement\Favorites\Malware Defender.url (Rogue.Link) -> No action taken.
    C:\Documents and Settings\Clement\Favorites\Protect Your Privacy.url (Rogue.Link) -> No action taken.
    C:\Documents and Settings\Clement\Favorites\System Error Fixer.url (Rogue.Link) -> No action taken.
    0
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    Arretez de proposer malwarebytes directement svp !! Ca ne supprime pas l infection entierrement !!

    clemesis : tu n as pas appliqué d action avec malwarebytes : No action taken

    vas supprimer tout ce qu il y a dans sa quarantaine stp

    ensuite fais ceci :

    Option 1 - Recherche :

    ▶ télécharge smitfraudfix et enregistre le sur le bureau

    (c est le numéro 2 en bas de la page) :

    ▶ Ensuite double clique sur smitfraudfix puis exécuter

    ▶ Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

    (attention : N utilises pas l option 2 si je ne te l ai pas demandé !!)

    ▶ copier/coller le rapport dans la réponse.

    Un tutoriel sonore et animé est à ta disposition sur le site.

    (Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool".
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains,
    cet utilitaire pourrait arrêter des logiciels de sécurité.)
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. clemesis Messages postés 37 Statut Membre
     
    smitfraudfix= SDfix?
    C'est ce qui est affiché sur la page que tu m'as donné...désolé, ca peut te paraître évident mais pour moi c'est tout nouveau
    0
  6. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    non ce n est pas la meme chose...

    Smitfraudfix est au numéro 2 tout en bas de la page ;-)
    0
  7. clemesis Messages postés 37 Statut Membre
     
    Désolé, je suis fatigué...je poste le rapport dès que c'est fini ;)
    0
  8. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok ;-)
    0
  9. clemesis Messages postés 37 Statut Membre
     
    Et voilà:

    SmitFraudFix v2.364

    Scan done at 0:06:55.75, Sun 10/19/2008
    Run from C:\Documents and Settings\Clement\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\WINDOWS\system32\cmd.exe
    c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\ngwstxfd.dll FOUND !
    C:\WINDOWS\lomxeqsn.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Clement

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Clement\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Clement\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    [!] Suspicious: rosqxvmn.dll
    Toolbar: rosqxvmn - {DD75AB82-CBE3-4096-825E-C24BFA82B5FF}
    TypeLib: {D47E05EE-7A24-453D-AC6A-401001315C21}
    Interface: {A59B69E2-43DE-4308-9097-CA6D83BD71AD}
    Classe: rosqxvmn.btsx
    Classe: rosqxvmn.ToolBar.1

    [!] Suspicious: qrbgltos.dll
    SSODL: qrbgltos - {469792E3-064C-458C-AF90-7234F935353E}

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, following keys are not inevitably infected!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Broadcom 802.11g Network Adapter - Packet Scheduler Miniport
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F059188B-D8F9-45EA-A78C-D710A0470CE6}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{F059188B-D8F9-45EA-A78C-D710A0470CE6}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{F059188B-D8F9-45EA-A78C-D710A0470CE6}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

    »»»»»»»»»»»»»»»»»»»»»»»» End
    0
  10. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    très bien...Maintenant fais ceci stp :

    Option 2 - Nettoyage :

    redémarre le PC mode sans échec

    ▶ Double cliquer sur smitfraudfix

    ▶ Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

    ▶ A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

    Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

    ▶ Enregistre le rapport sur ton bureau

    ▶ Redémarrer en mode normal et poster le rapport.

    ensuite refais un nouveau rapport hijackthis stp

    est ce que tu as été vider la quarantaine de malwarebytes ??
    0
  11. clemesis Messages postés 37 Statut Membre
     
    Ok je fais tt ça

    Je te post le rapport hijackthis

    Il n'y avait rien dans la quarantaine de malmwarebytes (???)

    a tout de suite
    0
  12. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    il faut que tu fasses d abord la suppression en mode sans échec avant de refaire un nouveau rapport hijackthis...

    Est ce que tu avais supprimé la sélection avec malwarebytes... Si oui, poste moi tous les rapports qui sont dans la rubrique "rapport/log" de malwarebytes stp
    0
  13. clemesis Messages postés 37 Statut Membre
     
    je n'avais rien supprimé avec malmware...

    voici le rapport numéro 2 de smitfraudfix:

    SmitFraudFix v2.364

    Scan done at 0:31:39.96, Sun 10/19/2008
    Run from C:\Documents and Settings\Clement\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    C:\WINDOWS\rosqxvmn.dll deleted.
    C:\WINDOWS\qrbgltos.dll deleted.

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\ngwstxfd.dll Deleted
    Deleting [HKEY_CLASSES_ROOT\CLSID\{36147831-8FB7-42FF-879C-AC53D9CBD265}]
    C:\WINDOWS\lomxeqsn.exe Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F059188B-D8F9-45EA-A78C-D710A0470CE6}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{F059188B-D8F9-45EA-A78C-D710A0470CE6}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{F059188B-D8F9-45EA-A78C-D710A0470CE6}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» End

    Et là le rapport de Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:37:21, on 10/19/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\cleanmgr.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Clement\Desktop\Hijackthis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: qoMGAQGA - qoMGAQGA.dll (file missing)
    O23 - Service: McAfee Application Installer Cleanup (0180861224348054) (0180861224348054mcinstcleanup) - Unknown owner - C:\DOCUME~1\Clement\LOCALS~1\Temp\018086~1.EXE (file missing)
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    0
  14. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    oui je sais, SmitfraudFix a corrigé ce problème ;-)

    Si tu n avais pas supprimé la sélection avec malwarebytes et que tu n as rien dans la quarantaine, il va falloir que tu refasses une analyse complete et supprimer tout..

    ▶ Voici mon tuto pour bien l utiliser :

    https://www.androidworld.fr/

    ensuite refais un nouveau rapport hijackthis stp

    @+
    0
  15. clemesis Messages postés 37 Statut Membre
     
    Voila...après une longue attente voici le rapport de malwarebytes:

    Malwarebytes' Anti-Malware 1.29
    Database version: 1286
    Windows 5.1.2600 Service Pack 2

    10/19/2008 2:17:32 AM
    mbam-log-2008-10-19 (02-17-32).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 81461
    Time elapsed: 1 hour(s), 17 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM472b55ec.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM472b55ec.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Clement\Favorites\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Clement\Favorites\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Clement\Favorites\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.

    et celui de hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:20:34, on 10/19/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Documents and Settings\Clement\Desktop\Hijackthis\HiJackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: qoMGAQGA - qoMGAQGA.dll (file missing)
    O23 - Service: McAfee Application Installer Cleanup (0180861224348054) (0180861224348054mcinstcleanup) - Unknown owner - C:\DOCUME~1\Clement\LOCALS~1\Temp\018086~1.EXE (file missing)
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    0
  16. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    C est ok ;-)

    est ce que tu as encore des problèmes ??
    0
  17. wajdi
     
    salut geoffrey5,

    mon pc a été attaqué par ce virus, le message apparait partout, mm dans kaspersky et msn messenger. mais mtnt, il est 5/5..

    juste suivre les instructions du liens, tu comprendras pleines d choz...

    mais il est trè important k tu effaces les trojans et les malwares tt dabord,

    g utilisé superANTIspyware pour les éliminer, les antivirus ne serven a rien ds notre cas.

    puis executes le SmitfraudFix en mode sans echec et enfin retablir la configuration initial de votre pc a partir du lien

    au dessus..

    si ca n'a pas marché.. poster le rapport de SmitfraudFix ... on va trouver une solutions...
    0
  18. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut wajdi !!

    C est pour moi que tu dis tout ça ??
    0
  19. clemesis Messages postés 37 Statut Membre
     
    Merci geoffrey5! Je n'ai plus aucun problème, "virus alert" a disparu et les fenêtres intempestives Internet Explorer ne se manifestent plus et j'ai repris le contrôle des tâches, enfin "tous les programmes" est revenu dans la barre de démarrage^^

    Merci encore!

    clément
    0
  • 1
  • 2