Aller au contenu

scwal69

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    27

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par scwal69

  1. scwal69
    Tout d'abord merci de ta réponse rapide Falkra. Apres installation et controle avec Malwarebytes je n'avais que 42 Malware, au secours !!! En fait ça en était deux installé à plusieurs endroits. Je te fais passer le rapport ci dessous. J'ai redémarré comme demandé, fait un autre controle et il n'a rien trouvé. Est ce que tu pense que antivir et spybot suffisent question sécurité ou tu me conseille d'autres outil comme malwarebytes ? Et de pas surfer n'importe comment bien sur !!! Merci encore Pascal Malwarebytes' Anti-Malware 1.29 Version de la base de données: 1288 Windows 5.1.2600 Service Pack 2 19/10/2008 14:55:29 mbam-log-2008-10-19 (14-55-29).txt Type de recherche: Examen rapide Eléments examinés: 54177 Temps écoulé: 3 minute(s), 20 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 6 Clé(s) du Registre infectée(s): 14 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 25 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\rqRHaywW.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\qrrjrz.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\yhefwj.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\rrsuki.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\jgsuir.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\ecjffm.dll (Trojan.Vundo) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0fd131ef-fd46-4972-8684-3568c6a3bcf3} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{0fd131ef-fd46-4972-8684-3568c6a3bcf3} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d39f8128-92c6-42ae-b725-3a3958dab68e} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d39f8128-92c6-42ae-b725-3a3958dab68e} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{90ff5b05-65e4-408d-85d8-683ea7bb0de9} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{becb8f13-40cb-437e-b0f1-24c5b4f4c6be} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c7f8f674-28b9-4c35-9133-4e7f1e07281d} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{dd5fbcdc-9b94-4d2f-83e7-6e1adc2d6850} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6588b41b-d14a-4b61-ba0b-b6f70f054292} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6588b41b-d14a-4b61-ba0b-b6f70f054292} (Trojan.Vundo) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\rqrhayww -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrhayww -> Delete on reboot. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\rqRHaywW.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\WwyaHRqr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WwyaHRqr.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ecjffm.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\aekhpapo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\opaphkea.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\baqyjuga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\agujyqab.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mwiytkrq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qrktyiwm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rniftyrj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jrytfinr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yimscyfy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yfycsmiy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qrrjrz.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\yhefwj.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\rrsuki.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\jgsuir.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\kdnvttyq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tttyxdwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qnussc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\simgvftu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcnbsmkn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eqtanmjt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yugmytav.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  2. scwal69
    Bonjour Je me suis fait infecté par ce malware récemment, qui ouvre des fenetres disant que l'on a des virus sur l'ordi et qu'il faut télécharger leur antivirus . Je me suis aperçu donc sur ce forum entre autres, que mon antivirus avast n'était plus efficace (paix a son âme). J'ai donc installé antivir a la place qui a fait le ménage en deux fois. Je voudrais savoir si ce petit monde a bien été éradiqué. Voila le rélutat d'hijacthis ci dessous, merci de jeter un oeil. (ce qu'il y a en face du numero 20 me parait suspect) Pascal Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:57:37, on 18/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Digidesign\Drivers\MMERefresh.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211652020554 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211733433062 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15035/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: qrrjrz.dll yhefwj.dll rrsuki.dll jgsuir.dll ecjffm.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: BestSync Service (BestSyncSvc) - RiseFly Software - C:\Program Files\RiseFly\BestSync\BestSyncSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe -- End of file - 5017 bytes
×
×
  • Créer...