Aller au contenu

Patoune77

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    7

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Patoune77

  1. Patoune77

    Ecran bleu

    Patoune77 a répondu à un(e) sujet de Patoune77 dans Hardware

    Est ce que l'alimentation peut être en cause ? Merci @ + Patoune
  2. Patoune77

    Ecran bleu

    Patoune77 a posté un sujet dans Hardware

    J'ai un écran bleu qui s'affiche au bout d'un certain temps. avec les indications suivantes: Désactivez les options de mémoire BIOS telles mise en cache de l'ombrage. 0X0000008E (0XC0000005, 0X8A47B2B6, 0XB4EC59F8, 0X00000000) Systhème XP Pack 2 Carte Mère Asus P5KPL-AM Carte graphique Zotac 9500 GT Merci @ + Patoune
  3. Patoune77
    Et bien j'ai formaté et tout repris à zéro. Mais il a fallu quand même utilisé Kapersky et cela n'est pas fini. Merci pour les conseils. @ + Patoune
  4. Patoune77
    Je suppose qu'il faut du temps donc je remets cela à demain merci des conseils. @ + Patoune
  5. Patoune77
    Près utilisation de mbam voici le rapport : Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2180 Windows 5.1.2600 Service Pack 3 26/05/2009 13:43:53 mbam-log-2009-05-26 (13-43-53).txt Type de recherche: Examen rapide Eléments examinés: 84679 Temps écoulé: 5 minute(s), 15 second(s) Processus mémoire infecté(s): 8 Module(s) mémoire infecté(s): 3 Clé(s) du Registre infectée(s): 24 Valeur(s) du Registre infectée(s): 11 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 6 Fichier(s) infecté(s): 39 Processus mémoire infecté(s): C:\WINDOWS\dhcp\svchost.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\bEvtService.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully. C:\Documents and Settings\Administrateur\reader_s.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Unloaded process successfully. C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\SYSDLL.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Agent) -> Unloaded process successfully. Module(s) mémoire infecté(s): c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot. c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot. C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31c2a4cc-289d-442a-950c-b33b1b06522b} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\web-mediaplayer (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dhcpsrv (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\dhcpsrv (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhcpsrv (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Protect (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.Webmediaplayer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast!Antivirus (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdll (Worm.Autorun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\services\del (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.OnlineGamer) -> Data: c:\progra~1\thunmail\testabd.dll -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\WINDOWS\system32\121973 (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\ThunMail (Spyware.OnlineGamer) -> Quarantined and deleted successfully. Fichier(s) infecté(s): c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\121973\121973.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Refpron) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wr28656.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\40.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\8A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7DD5607D\w[1].bin (Backdoor.Refpron) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VTK335YT\w[2].bin (Backdoor.Refpron) -> Quarantined and deleted successfully. C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\WebMediaPlayer\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\WebMediaPlayer\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\WebMediaPlayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\ThunMail\testabd.dll (Spyware.OnlineGamer) -> Quarantined and deleted successfully. C:\Program Files\ThunMail\testabd.exe (Spyware.OnlineGamer) -> Quarantined and deleted successfully. C:\WINDOWS\dhcp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bEvtService.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dncyool64.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dpcxool64.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\glaide32.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tpsaxyd.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wtukd32.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Delete on reboot. C:\Documents and Settings\All Users\Bureau\WebMediaPlayer.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\916653139.exe (Rogue.MalwareDoc) -> Quarantined and deleted successfully. C:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SYSDLL.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\services.ex_ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kungsfmkwxodlq.dll (Trojan.Agent) -> Quarantined and deleted successfully. Merci @ + Patoune
  6. Patoune77
    J'ai procéder à un scanne avec Malwarebytes Voici le rapport : Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2180 Windows 5.1.2600 Service Pack 3 26/05/2009 13:38:28 mbam-log-2009-05-26 (13-38-11).txt Type de recherche: Examen rapide Eléments examinés: 84679 Temps écoulé: 5 minute(s), 15 second(s) Processus mémoire infecté(s): 8 Module(s) mémoire infecté(s): 3 Clé(s) du Registre infectée(s): 24 Valeur(s) du Registre infectée(s): 11 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 6 Fichier(s) infecté(s): 39 Processus mémoire infecté(s): C:\WINDOWS\dhcp\svchost.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\bEvtService.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\Administrateur\reader_s.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\SYSDLL.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Agent) -> No action taken. Module(s) mémoire infecté(s): c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> No action taken. c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> No action taken. C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> No action taken. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msncache (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Backdoor.Bot) -> No action taken. HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31c2a4cc-289d-442a-950c-b33b1b06522b} (Trojan.Downloader) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\web-mediaplayer (Adware.EGDAccess) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dhcpsrv (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\dhcpsrv (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhcpsrv (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\6to4 (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sopidkc (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Protect (Rootkit.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.Webmediaplayer) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast!Antivirus (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\svchost.exe (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdll (Worm.Autorun) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\services\del (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.OnlineGamer) -> Data: c:\progra~1\thunmail\testabd.dll -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Dossier(s) infecté(s): C:\WINDOWS\system32\121973 (Trojan.BHO) -> No action taken. C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> No action taken. C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> No action taken. C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> No action taken. C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> No action taken. C:\Program Files\ThunMail (Spyware.OnlineGamer) -> No action taken. Fichier(s) infecté(s): c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\121973\121973.dll (Trojan.BHO) -> No action taken. C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Refpron) -> No action taken. C:\WINDOWS\system32\wr28656.dll (Trojan.BHO) -> No action taken. C:\WINDOWS\system32\40.tmp (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\8A.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7DD5607D\w[1].bin (Backdoor.Refpron) -> No action taken. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VTK335YT\w[2].bin (Backdoor.Refpron) -> No action taken. C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> No action taken. C:\Program Files\WebMediaPlayer\uninst.exe (Adware.EGDAccess) -> No action taken. C:\Program Files\WebMediaPlayer\WebMediaPlayer.exe (Adware.EGDAccess) -> No action taken. C:\Program Files\WebMediaPlayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> No action taken. C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> No action taken. C:\Program Files\ThunMail\testabd.dll (Spyware.OnlineGamer) -> No action taken. C:\Program Files\ThunMail\testabd.exe (Spyware.OnlineGamer) -> No action taken. C:\WINDOWS\dhcp\svchost.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\bEvtService.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\dncyool64.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\dpcxool64.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\drivers\glaide32.sys (Trojan.Agent) -> No action taken. C:\Documents and Settings\Administrateur\reader_s.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tpsaxyd.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\wtukd32.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\sft.res (Malware.Trace) -> No action taken. C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> No action taken. C:\Documents and Settings\All Users\Bureau\WebMediaPlayer.lnk (Adware.EGDAccess) -> No action taken. C:\Documents and Settings\LocalService\Application Data\916653139.exe (Rogue.MalwareDoc) -> No action taken. C:\WINDOWS\f23567.dat (Worm.KoobFace) -> No action taken. C:\WINDOWS\system32\SYSDLL.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\services.ex_ (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\kungsfmkwxodlq.dll (Trojan.Agent) -> No action taken. @ + Patone 77
  7. Patoune77
    Je suis infecté par le logiciel ? Malware Docteur. Plus accès au Gestionnaire des taches et outils Options Internet. J'ai fait un scan avec Voici le résultat : HIJACK Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:55:14, on 26/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\3361\SVCHOST.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\avast!Antivirus.exe C:\WINDOWS\System32\bEvtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\dhcp\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\styler\Styler.exe C:\WINDOWS\system32\topdesk.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\sopidkc.exe C:\WINDOWS\System32\reader_s.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\LocalService\Application Data\916653139.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Documents and Settings\Administrateur\reader_s.exe C:\WINDOWS\system32\SYSDLL.exe C:\Program Files\GigaTribe\gigatribe.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrateur\Local Settings\Application Data\eiuom.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\IncrediMail\bin\ImNotfy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Microsoft copyright - {f30b5e7e-cfbb-44fb-a947-226e5a7a4290} - lklf32.dll (file missing) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s O4 - HKLM\..\Run: [styler] C:\Program Files\styler\Styler.exe O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe O4 - HKLM\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\916653139.exe O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Administrateur\reader_s.exe O4 - HKCU\..\Run: [sYSDLL] SYSDLL O4 - HKCU\..\Run: [eiuom] "c:\documents and settings\administrateur\local settings\application data\eiuom.exe" eiuom O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\916653139.exe O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [java_sun] Java (Sun) O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll O20 - Winlogon Notify: clldvy - clldvy.dll (file missing) O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe O23 - Service: bevtservice - Unknown owner - C:\WINDOWS\System32\bEvtService.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 11176 bytes Maintenant que dois je faire pour revenir à la normale. Merci Patoune
×
×
  • Créer...