Sujet Précédent Sujet Suivant

Virus et Spam

alcaponne13 Messages postés 163 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
le PC de mes parents qui contients toutes leurs donnée personnels et pour le travail qui sont en 1 seul exemplaire est infecter de Virus et Spam en tout genre mais malheureusement je n'arrive pas à les supprimer malgré Avast, Ad-Watch, Lavasoft ect ....

Donc j'ai pensé a ré-installer windows et tout formater en recuperant toutes les données importante dans une clé USB mais je voudrais savoir comment aprés la ré-installation pouvoir empecher le Virus qui ce seras mis dans la clé USB de ré-infecter le PC. (Quel anti-virus utilisé ect ... )

Je vous remercie d'avances.
A voir également:

7 réponses

Réponse 1 / 7
Utilisateur anonyme
 
Bonjour Al, je ne penses pas que formater soit la solution idéale ( plutot une perte de temps )... je te propose de nous poster un rapport hijackthis en le téléchargeant ici : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis *Enregistre le sur le bureau *fermes tous les programmes en cours, y compris internet. *Executes le, et cliques sur " Do a scan and log file" *Un rapport sera généré, postes le sur le forum. *Un tuto ici : http://www.malekal.com/tutorial_HijackThis
0
Réponse 2 / 7
alcaponne13 Messages postés 163 Statut Membre 9
 
Voila ce que ça m'as données aprés l'avoir executer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:27, on 25/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QXK Olive - {8E1F2BC9-E92D-4D2E-B268-74FB9F908DD8} - C:\WINDOWS\kgqfweltedw.dll (file missing)
O3 - Toolbar: nqgpedlr - {AB802BE5-5918-4875-954F-C878E08FC60E} - C:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [lphc73aj0e32n] C:\WINDOWS\system32\lphc73aj0e32n.exe
O4 - HKLM\..\Run: [SMshc13aj0e32n] C:\Program Files\shc13aj0e32n\shc13aj0e32n.exe
O4 - HKLM\..\Run: [SMrhc33aj0e32n] C:\Program Files\rhc33aj0e32n\rhc33aj0e32n.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
0
Utilisateur anonyme
  
cliques sur ce lien et enregistres le sur ton bureau : http://www.softbkk.com/hacked_by_godzilla_remove_tools_,3,downloading/                                                         *Redemarre en mode sans echec ( tapotes sur la touche F8 au demarrage du pc, un ecran apparait avec plusieurs options, choisis mode sans echec et Entrée)
                                                                               Executes ce programme en MSE
    




    
      

    
    
    0

            
    


    

            



    

        
        

            
        

    



    

    
            

        

        

    

        

            
        

    

    

    

        

        
        
        

                        Réponse 3 / 7
        


                

                

        

                    

        


     
             

            

    

            


    
    


        
        

                

        


     
             

                    alcaponne13
    
        
    
                    Messages postés
            
                


     
             

            163
        
            
                                    Statut
            Membre
                    



    
            
                


     
             

                        9
        
        

                        

                             

    


    

                        

                    Ok merci mais quand je clique sur le liens de telechargement il me dise this page not found
                
                

    
        

    
            
        0
                                
                
    

            



    

        
        

            
        

    


        

        

                    

    

        

                    

                    


            
    
    

        



    

                    

    
        

    

            


    
    


    
    

                

    Utilisateur anonyme




 

    






    Ok, essaies avec celui-ci : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe                           Postes moi un nouvau log hijackthis à la fin!
    




    
      

    
    
    0

            
    


    

            



    

        
        

            
        

    



    

    
                    


            
    
    

        



    

                    

    
        

    

            


    
    


    
    
        

    

            


    
    


    
    

                

    Utilisateur anonyme

        >
                    

    Utilisateur anonyme

    


 

    






    
Ensuite telecharges mbam :http://www.malwarebytes.org/mbam/program/mbam-setup.exe                                     Installes le, à la fin la mise à jour devrait se faire automatiquement                                                                          Redemarre en mode sans echec et lances un examen complet                                                                              *A la fin de l'analyse, en cas d'infection, cliques sur " supprimer la selection "... Pour finir la suppression, il se peut qu' MBAM ait besoin de redemarrer, cliques sur oui... postes le rapport.
    




    
      

    
    
    0

            
    


    

            



    

        
        

            
        

    



    

    
            

        

        

    

        

            
        

    

    

    

        

        
        
        

                        Réponse 4 / 7
        


                

                

        

                    

        


     
             

            

    

            


    
    


        
        

                

        


     
             

                    alcaponne13
    
        
    
                    Messages postés
            
                


     
             

            163
        
            
                                    Statut
            Membre
                    



    
            
                


     
             

                        9
        
        

                        

                             

    


    

                        

                    Ton flash desinfector me demande juste d'appuiyé sur OK et aprés encore un message comme quoi c'est fini mais pas de rapport.
                
                

    
        

    
            
        0
                                
                
    

            



    

        
        

            
        

    


        

                

                    

        

    

        

            
        

    

    

    

    
    

    
Vous n’avez pas trouvé la réponse que vous recherchez ?

    

    Posez votre question


    

        
        
        

                        Réponse 5 / 7
        


                

                

        

                    

        


     
             

            

    

            


    
    


        
        

                

        


     
             

                    alcaponne13
    
        
    
                    Messages postés
            
                


     
             

            163
        
            
                                    Statut
            Membre
                    



    
            
                


     
             

                        9
        
        

                        

                             

    


    

                        

                    Voici le rapports



Malwarebytes' Anti-Malware 1.30

Version de la base de données: 1422

Windows 5.1.2600 Service Pack 3



25/11/2008 15:15:40

mbam-log-2008-11-25 (15-15-40).txt



Type de recherche: Examen complet (C:\|)

Eléments examinés: 105942

Temps écoulé: 39 minute(s), 45 second(s)



Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 8

Valeur(s) du Registre infectée(s): 6

Elément(s) de données du Registre infecté(s): 3

Dossier(s) infecté(s): 66

Fichier(s) infecté(s): 4



Processus mémoire infecté(s):

(Aucun élément nuisible détecté)



Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)



Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\rhc33aj0e32n (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\shc13aj0e32n (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\nqgpedlr.btre (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\nqgpedlr.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e1f2bc9-e92d-4d2e-b268-74fb9f908dd8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8e1f2bc9-e92d-4d2e-b268-74fb9f908dd8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc33aj0e32n (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc73aj0e32n (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smshc13aj0e32n (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.



Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.



Dossier(s) infecté(s):

C:\Documents and Settings\nicole\Application Data\rhc33aj0e32n (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\rhc33aj0e32n\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\rhc33aj0e32n\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\rhc33aj0e32n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\rhc33aj0e32n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\rhc33aj0e32n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\rhc33aj0e32n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\rhc33aj0e32n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\rhc33aj0e32n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\rhc33aj0e32n\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\rhc33aj0e32n\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\shc13aj0e32n (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\shc13aj0e32n\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\shc13aj0e32n\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\shc13aj0e32n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\shc13aj0e32n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\shc13aj0e32n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\shc13aj0e32n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\shc13aj0e32n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\shc13aj0e32n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\shc13aj0e32n\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\nicole\Application Data\shc13aj0e32n\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\rhc33aj0e32n (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\rhc33aj0e32n\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\rhc33aj0e32n\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\rhc33aj0e32n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\rhc33aj0e32n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\rhc33aj0e32n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\rhc33aj0e32n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\rhc33aj0e32n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\rhc33aj0e32n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\rhc33aj0e32n\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\rhc33aj0e32n\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\shc13aj0e32n (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\shc13aj0e32n\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\shc13aj0e32n\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\shc13aj0e32n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\shc13aj0e32n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\shc13aj0e32n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\shc13aj0e32n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\shc13aj0e32n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\shc13aj0e32n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\shc13aj0e32n\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\jean-michel\Application Data\shc13aj0e32n\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\rhc33aj0e32n (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\rhc33aj0e32n\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\rhc33aj0e32n\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\rhc33aj0e32n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\rhc33aj0e32n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\rhc33aj0e32n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\rhc33aj0e32n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\rhc33aj0e32n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\rhc33aj0e32n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\rhc33aj0e32n\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\rhc33aj0e32n\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\shc13aj0e32n (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\shc13aj0e32n\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\shc13aj0e32n\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\shc13aj0e32n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\shc13aj0e32n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\shc13aj0e32n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\shc13aj0e32n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\shc13aj0e32n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\shc13aj0e32n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\shc13aj0e32n\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\frederic\Application Data\shc13aj0e32n\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.



Fichier(s) infecté(s):

C:\WINDOWS\axrfgvek.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\blphc73aj0e32n.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\phc73aj0e32n.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
                
                

    
        

    
            
        0
                                
                
    

            



    

        
        

            
        

    


        

                

                    

        

    

        

            
        

    

    

    

        

        
        
        

                        Réponse 6 / 7
        


                

                

        

                    

        


     
             

            

    

            


    
    


        
        

                

        


     
             

                    alcaponne13
    
        
    
                    Messages postés
            
                


     
             

            163
        
            
                                    Statut
            Membre
                    



    
            
                


     
             

                        9
        
        

                        

                             

    


    

                        

                    alors ça donne quoi?
                
                

    
        

    
            
        0
                                
                
    

            



    

        
        

            
        

    


        

                

                    

                    


            
    
    

        



    

                    

    
        

    

            


    
    


    
    

                

    Utilisateur anonyme




 

    






    Re, de retour ! ouah! un vrai nid de M****, peux tu envoyer stp, un nouveau log hijackthis ? et supprimes tous ce qu'il y a dans la quarantaine de Mbam!
    




    
      

    
    
    0

            
    


    

            



    

        
        

            
        

    



    

    
                    


            
    
    

        



    

                    

    
        

    

            


    
    


    
    
        

    

            


    
    


    
    

                

    Utilisateur anonyme

        >
                    

    Utilisateur anonyme

    


 

    






    Pour avancer, telecharges smitfraudfix :http://siri.urz.free.fr/Fix/SmitfraudFix.exe (de chiquitine29)                             *Executes le, double cliques sur smitfraudfix.exe sur ton bureau                                                                            *Choisis l'option1 ( recherche), comme ceci : http://siri.urz.free.fr/Fix/SmitfraudFix.php                                                                                                            *Un rapport sera généré,postes le ici !
 Note: ( ne fais pas d'autre option que celle demandé pour le moment), je n'ai pas encore eu ton nouveau log hjt...
    




    
      

    
    
    0

            
    


    

            



    

        
        

            
        

    



    

    
            

        

        

    

        

            
        

    

    

    

        

        
        
        

                        Réponse 7 / 7
        


                

                

        

                    

        


     
             

            

    

            


    
    


        
        

                

        


     
             

                    alcaponne13
    
        
    
                    Messages postés
            
                


     
             

            163
        
            
                                    Statut
            Membre
                    



    
            
                


     
             

                        9
        
        

                        

                             

    


    

                        

                    Voici le rapport



SmitFraudFix v2.378



Rapport fait à  9:00:44,59, 26/11/2008

Executé à partir de C:\Documents and Settings\jean-michel\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal



»»»»»»»»»»»»»»»»»»»»»»»» Process



C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\jean-michel\Bureau\SmitfraudFix\Policies.exe

C:\WINDOWS\system32\cmd.exe



»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\



C:\autorun.inf PRESENT !



»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jean-michel


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jean-michel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-M~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



o4Patch

Credits: Malware Analysis & Diagnostic

Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS



Description: Connexion réseau Intel(R) PRO/100 - Miniport d'ordonnancement de paquets

DNS Server Search Order: 192.168.0.1



HKLM\SYSTEM\CCS\Services\Tcpip\..\{17B253E0-18D0-4F3A-8988-BB3D151B1897}: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{17B253E0-18D0-4F3A-8988-BB3D151B1897}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123

HKLM\SYSTEM\CS2\Services\Tcpip\..\{17B253E0-18D0-4F3A-8988-BB3D151B1897}: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
                
                

    
        

    
            
        0
                                
                
    

            



    

        
        

            
        

    


        

                

                    

                    


                
        
    
    

        



    

                    

    
        

    

            


    
    


    
    

                

    Utilisateur anonyme




 

    






    Salut Al, passons au nettoyage :
                                                                                                *Redemarre ton pc en mode sans echec
                                                                                    *Double-cliques sur smitfraudfix.exe
                                                                                           *Choisis l'option2 ( nettoyage) et valide par Entrée
                                                                      *Réponds " oui" à >>>voulez vous nettoyer le registre
                                                                *reponds " oui " à >>>corriger le fichier infecté
                                                                          *Laisses l'outils travailler, un redemarrage sera peut-etre necessaire pour finir le nettoyage
                 Note : l(e rapport se trouve à la racine du disque), postes le ici, accompagné d'un nouveau log hijacthis...

    




    
      

    
    
    0

            
    


    

            



    

        
        

            
        

    



    

    
            

        

        

    

        

            
        

    

    

    

        

    


    

    
    





    
Discussions similaires

                                        
            

                
                    Softonic,est-ce un virus ?
                    

                        

    

                
            


    
    


                        

                                                                                    techmel1 - 

                            
                                                                                    techmel1 - 
                        

                    

                    

                    

                        6 réponses
                    

                
            

                                            
            

                
                    Mail  bloqué spam et demande paiement pour débloquer....
                    

                        

    

            


    
    


                        

                                                                                    iles-97112 - 

                            
                                                                                    David - 
                        

                    

                    

                    

                        5 réponses
                    

                
            

                                            
            

                
                    Compte WhatsApp bloqué pour cause de spam que faire ?
                    

                        

    

            


    
    


                        

                                                                                    John - 

                            
                                                                                    bazfile - 
                        

                    

                    

                    

                        11 réponses
                    

                
            

                                            
            

                
                    Appelle et coupe direct !
                    

                        

    

            


    
    


                        

                                                                                    NiklasNils01 - 

                            
                                                                                    NiklasNils01 - 
                        

                    

                    

                    

                        6 réponses
                    

                
            

                                            
            

                
                    Boîte mail piratée ?
                    

                        

    

            


    
    


                        

                                                                                    mike the llama - 

                            
                                                                                    mike the llama - 
                        

                    

                    

                    

                        4 réponses