Aller au contenu

k2r

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    28

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par k2r

  1. k2r
    Falkra, j'ai eu la réponse, voici le .txt : Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1494 Windows 5.1.2600 Service Pack 3 12/12/2008 21:54:58 mbam-log-2008-12-12 (21-54-58).txt Type de recherche: Examen rapide Eléments examinés: 51865 Temps écoulé: 10 minute(s), 23 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 10 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 9 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): c:\WINDOWS\system32\telopezo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jumidani.dll (Trojan.Vundo.H) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b7396da-5cd7-4062-acca-037d34f209b5} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4b7396da-5cd7-4062-acca-037d34f209b5} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b7396da-5cd7-4062-acca-037d34f209b5} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{773b1aad-a8dd-4010-a903-cdb32938f595} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\divocodec (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmf3f8872b (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fivekinuri (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\telopezo.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\telopezo.dll -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\DivoCodec (Trojan.Downloader) -> Delete on reboot. Fichier(s) infecté(s): C:\WINDOWS\system32\nosadepu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\upedason.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. c:\WINDOWS\system32\telopezo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jumidani.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Program Files\DivoCodec\WakeSplitter.ax (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\yofivowi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wopebulu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Program Files\DivoCodec\uninstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot. Qu'en penses tu ? K2r
  2. k2r
    Merci de m'aider, c'est sympa Je l'ai mis à la corbeille et dans le nettoyage en mode sans echec je l'ai vidé oups ... Si tu sais comment le récupérer, je peux vous le faire parvenir Pour la procédure que tu m'indiques, je le fais de suite et vous tiens au courant Merci K2r
  3. k2r
    Bonsoir à tous, Même si on le sait, j'ai clické sur un .exe dont je ne connaissais pas la provenance exacte .... patatra des saloperies se sont installées partout J'ai donc suivi la procédure décrite sur le forum : mode sans echec + instal et scan avec Antivir maintenant j'obtiens le .txt suivant avec HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:30:07, on 12/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\hijackth\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {4b7396da-5cd7-4062-acca-037d34f209b5} - C:\WINDOWS\system32\jumidani.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [CPMf3f8872b] Rundll32.exe "c:\windows\system32\telopezo.dll",a O4 - HKLM\..\Run: [fivekinuri] Rundll32.exe "C:\WINDOWS\system32\jajulaze.dll",s O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [peak close] C:\DOCUME~1\Adrien\APPLIC~1\LOGBON~1\bits memo extra.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_5.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/_plateforme/Upload/Au...eUploader35.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\wavemile.dll c:\windows\system32\vivuyayo.dll c:\windows\system32\wudumuzo.dll c:\windows\system32\telopezo.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\telopezo.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\telopezo.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7607 bytes MERCI pour votre aide
×
×
  • Créer...