Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

commandes Options des dossiers, rechercher, executer disparu

Rekin

Par Rekin
dans Analyses et éradication malwares

 Partager

Messages recommandés

Rekin Member

Rekin

Posté(e)
  • Auteur
Posté(e) (modifié)

Bonjour! voila les deux autres rapports :

 

Malwarebytes' Anti-Malware 1.33

Version de la base de données: 1658

Windows 5.1.2600 Service Pack 2

 

17/01/2009 09:04:56

mbam-log-2009-01-17 (09-04-56).txt

 

Type de recherche: Examen complet (C:\|E:\|F:\|G:\|)

Eléments examinés: 273816

Temps écoulé: 3 hour(s), 53 minute(s), 25 second(s)

 

Processus mémoire infecté(s): 1

Module(s) mémoire infecté(s): 5

Clé(s) du Registre infectée(s): 26

Valeur(s) du Registre infectée(s): 3

Elément(s) de données du Registre infecté(s): 5

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 142

 

Processus mémoire infecté(s):

C:\Documents and Settings\Marc\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

C:\WIN2\system32\ljJCuVpp.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WIN2\system32\pjmdbayt.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WIN2\system32\fecaffebbcf.dll (Worm.AutoRun) -> Delete on reboot.

C:\WIN2\system32\geBuTLFW.dll (Trojan.Vundo) -> Delete on reboot.

C:\WIN2\system32\yrxcux.dll (Trojan.Vundo) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72e1ce89-5b79-4eac-9332-f822714d6597} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{72e1ce89-5b79-4eac-9332-f822714d6597} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0aee132-d497-4136-beea-acd6e58daf84} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{d0aee132-d497-4136-beea-acd6e58daf84} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fecaffebbcf (Worm.AutoRun) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebutlfw (Trojan.Vundo) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d0aee132-d497-4136-beea-acd6e58daf84} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72e1ce89-5b79-4eac-9332-f822714d6597} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\orb.ta (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{1b7f9329-aaf9-4e34-8ecf-c363fd3c60cf} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{21eeb010-57f3-11dd-b116-dad055d89593} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ada8c222-95d2-47b5-950b-aebc0a508839} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ada8c222-95d2-47b5-950b-aebc0a508839} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ada8c222-95d2-47b5-950b-aebc0a508839} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\orb.ta.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7402b206-67d6-4750-824f-1aa47afb07fc} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7402b206-67d6-4750-824f-1aa47afb07fc} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bc20276b (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nt_authority (Trojan.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\win2\system32\ljjcuvpp -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\win2\system32\ljjcuvpp -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind (Hijack.Find) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WIN2\system32\yrxcux.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WIN2\system32\ljJCuVpp.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WIN2\system32\ppVuCJjl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WIN2\system32\ppVuCJjl.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WIN2\system32\pcmlfjhn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WIN2\system32\nhjflmcp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WIN2\system32\pjmdbayt.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WIN2\system32\tyabdmjp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WIN2\system32\fecaffebbcf.dll (Worm.AutoRun) -> Delete on reboot.

C:\WIN2\system32\geBuTLFW.dll (Trojan.Vundo) -> Delete on reboot.

C:\WIN2\system32\spria.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WIN2\system32\TDSScbqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WIN2\system32\TDSSnrse.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WIN2\system32\TDSSoiqh.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WIN2\system32\TDSSosvn.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Documents and Settings\Propriétaire\Bureau\asx-pop3.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\WIN2\system32\597c487e1202ca525ed5132fef57e6e0.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WIN2\system32\_597c487e1202ca525ed5132fef57e6e0.sys_.vir (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WIN2\system32\dbfcqvlq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WIN2\system32\obxewulu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WIN2\system32\qszfpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WIN2\system32\drivers\59e4147a.sys (Rootkit.Agent) -> Delete on reboot.

C:\System Volume Information\_restore{D4C5FF86-F14E-4DE8-9045-6AF03EFE64A7}\RP67\A0019842.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{D4C5FF86-F14E-4DE8-9045-6AF03EFE64A7}\RP67\A0019843.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{D4C5FF86-F14E-4DE8-9045-6AF03EFE64A7}\RP67\A0019844.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{D4C5FF86-F14E-4DE8-9045-6AF03EFE64A7}\RP67\A0019845.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{376D3382-5BEE-4430-B02D-7271D565B820}\RP4\A0000251.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\04. Kenshiro ft. Shuko - 974 pou lo chien denis.mp3 - Media Player Classic.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\05. Konix - Dancehall guine.mp3 - Media Player Classic.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\15. Chien Denis Crew - Hip Hop de l'est.mp3 - Media Player Classic.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Achat boucles d'oreilles fantaisie, achat bijoux fantaisie - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Ad-Aware SE Personal.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Ajouter ou supprimer des programmes.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\ALBUM D'OR DE LA DISCOTHEQUE.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Alternative a MSN - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\arktos.se - MeBoy - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Avira AntiVir Personal - Free Antivirus Updater.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Avira AntiVir Personal - Free Antivirus.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Bienvenue sur votre panneau de contrôle - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\BIJOUX ET MONTRES EN GROS A PETITS PRIX.... - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\BIJOUX FANTAISIE EN LOT - - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Bijoux, collier de perles collier coeur en nacre etoiles en nacre - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Call of Duty 2.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Centre de sécurité Windows.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\CHIEN DENIS CREW - Un message pou toute band ceguess.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Colliers Fantaisie en Lot - - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\combofix - Recherche Google - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\ComboFix renommé au téléchargement - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\combofix téléchargeable [Résolu] - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\commandes Options des dossiers, rechercher, executer disparu - Forums Zebulon.fr - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\commandes Options des dossiers, rechercher, executer disparu - Forums Zebulon.fr - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Connexion - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\dailymotion - Recherche Google - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Download Pidgin, the universal chat client - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Dr.Web CureIt - Recherche Google - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Dr.WEB CureIt! Download - Softpedia - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\easy bootik - Recherche Google - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\easybootik grossiste bijoux - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\easybootik grossiste bijoux fantaisie - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Erreur de chargement de la page - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Erreur de téléchargement.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Erreur! - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Fin du programme - Télécharger le logiciel Java de Sun Microsystems - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Formulaire d'inscription - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Formulaire mot de passe perdu - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Forum CaptaiNaruto • Voir le sujet - [images & scripts] Chapitre 431 - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\forum sécurité - Recherche Google - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Forums Zebulon.fr - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Fournisseur et grossiste de bijoux fantaisie, vente bijoux fantaisies - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Google - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Google - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\grossiste bijoux - Recherche Google - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\grossiste colliers nacres et perles - Recherche Google - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Grossiste en bijoux fantaisie, bijoux pour homme femmes enfants et accessoires de mode - - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\hijackthis - Bloc-notes.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Identification Zebulon.fr - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Inscription terminée - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Installation de Java - Progression.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Installation de Java.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Instructions pour le téléchargement et l'installation manuels de l'environnement d'exécution Java (JRE) pour Windows - 6.0 - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\jeux mobile gratuit - Recherche Google - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Jeux mobile gratuit.com - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\jeux pokemon lol - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\jeux pokemon sur mobile - Recherche Google - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\just - FreeCommander.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\LaTribune.fr - Journal Quotidien boursier, économique et financier - Actualité et information bourse, finance et économie - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Lecteur Windows Media.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\LG KS360, pour rester connecté avant tout - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\malwarebyte - Recherche Google - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\MEGAUPLOAD - Le leader en stockage et livraison de fichiers - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\meilleur antivirus gratuit - Recherche Google - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Merci de patienter... - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Message des forums - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Microsoft Internet Explorer.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Mobilegame - FreeCommander.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\MSN Web Messenger - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\NOD32 France - Importateur Officiel - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\OnlyPlanet - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Options dossiers, rechercher et executer disparu , lenteur du pc - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Page blanche - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\paramétrage LG KS360 - Autres mobiles et équipements - Entraide mobiles - Forums Orange - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\paris turf - Recherche Google - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\partants et pronostic tiercé quarté quinté gratuit du jour - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Parures de bijoux fantaisie - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\pc infecté - Recherche Google - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Physique quantique - Wikipédia - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Poste de travail.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Pré-nettoyage d'un PC infecté - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Résultats de la recherche - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Sans titre - Bloc-notes.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Speed Dial - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\svschost.exe et smss.exe infectés - Forums Zebulon.fr - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Sécurité Privée FORUM - Portail - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\TB - Bloc-notes.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Transferts - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\TURFOMANIA - Pour gagner plus souvent aux courses pmu - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\TURFOMANIA - turf, courses pmu, pronostics, tiercé, quinté & résultats - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Télécharge le fichier aliensafar_lydz6akp.jar.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Téléchargement de Malwarebytes' Anti-Malware (gratuit) - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Téléchargement du programme d'installation de Java.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Téléchargement en cours....exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Télécharger le logiciel Java de Sun Microsystems - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\vente en ligne de bijoux fantaisie - Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\VIP world news - Microsoft Internet Explorer.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Windows Live Hotmail - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Windows Live Messenger.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\zebulon - Recherche Google - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\[KLF]_Stranger_Mukoh_Hadan_Movie_DVD_Vostfr.avi - Media Player Classic.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\[mythes] PC infecté dans les 5 premières minutes d'Internet - La solution - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\[Tuto]jouer à pokemon sur son portable - Blabla 15-18 ans sur JeuxVideo.com - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Écriture d'un nouveau sujet - Forums Zebulon.fr - Opera.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Application Data.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Enregistrer sous.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Exécution automatique.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\FUTUR KREW.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Malwarebytes' Anti-Malware.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Menu Démarrer.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Mozilla Firefox.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\Program Manager.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marc\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

 

 

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:15:35, on 17/01/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WIN2\System32\smss.exe

C:\WIN2\system32\winlogon.exe

C:\WIN2\system32\services.exe

C:\WIN2\system32\lsass.exe

C:\WIN2\system32\svchost.exe

C:\WIN2\System32\svchost.exe

C:\WIN2\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WIN2\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WIN2\System32\PnkBstrA.exe

C:\WIN2\system32\RUNDLL32.EXE

C:\WIN2\Inf\smss.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif

C:\WIN2\system32\wscntfy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WIN2\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [FrameWorkService] C:\WIN2\Inf\smss.exe I'm so ugly, I hate myself and I want to die

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [NT_Authority] C:\Documents and Settings\Marc\Application Data\lsass.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WIN2\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WIN2\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Dos Optimizer.pif

O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (avp) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WIN2\System32\PnkBstrA.exe

 

--

End of file - 3167 bytes

 

 

PS:c'est pas la première fois qu'on me parle de ça sur ce forum, mais ça fait un bout de temps que j'ai rien télécharger, (à cause d'internet), et puis le premier c'est pas un crack, c'est le nom d'un jeu pour tel, et le deuxieme surement que c'est un crack je sais pas trop, bon mon disque externe n'est pas saint non plus concernant ces choses....bref j'ai toujours des alertes antivir qui détecte des menaces, souvent les même, je met supprimer mais je crois que sa fait pas grand chose; executer, rechercher, options des dossiers sont revenus, mais le gestionnaire de tache se referme toujours dès que j'essaie de l'ouvrir...

Je pense que ce n'est pas fini, mais je te remercie infiniement de l'attention que tu m'accorde...

 

PS.2 : j'ai parler trop vite, options des dossiers, executer, rechercher ont redisparu...

Modifié par Rekin

Apollo Devil Member !

Apollo

Posté(e)
Posté(e) (modifié)

Bonjour,

 

 

Bah pour les cracks, je ne fais pas de morale mais juste mon job d'info.

 

Tu as une ligne marrante dans le log (I hate myself....)

 

 

 

Relance Hijackthis avec Do a system scan only et coche les cases devant les lignes suivantes: SOUS VISTA: Clic droit sur Hijackthis/exécuter en temps qu'administrateur!

 

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [FrameWorkService] C:\WIN2\Inf\smss.exe I'm so ugly, I hate myself and I want to die

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [NT_Authority] C:\Documents and Settings\Marc\Application Data\lsass.exe

 

 

Ferme toutes les applications ouvertes et les navigateurs et clique sur Fix Checked

 

Télécharger ATF Cleaner par Atribune.

  • Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)
     
    Double-clique ATF-Cleaner.exe afin de lancer le programme.
    --> Sous Vista: Clic droit/exécuter en temps qu'administrateur.
    Toujours sous VISTA: décocher la case Prefetch. (normalement grisée)
    Sous l'onglet Main, choisis : Select All
    Cliquer sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

  • Clique Firefox au haut et choisis : Select All
    Cliquer le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

  • Clique Opera au haut et choisis : Select All
    Cliquer le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

 

Assure toi que la console Java est bien la plus récente; pour le savoir rends-toi sur cette page et clique sur Vérifier la version de Java -> http://www.java.com/fr/download/installed.jsp -> Il te sera indiqué si tu dois installer la dernière version.

Si tu installes une nouvelle version Java, désinstalle toutes les plus anciennes via ajout/suppr de programmes.

 

Fais un scan en ligne avec Kaspersky.

 

TUTO: http://www.vista-xp.fr/forum/topic109.html

 

  • Fais un scan en ligne Kaspersky
  • Clique sur Accept
  • Patiente le temps d'installation du Webscanner.
  • Les bases de mises à jour vont s'installer, patiente un moment
  • Clique sur Next.
  • Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie/colle l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

 

Colle ce rapport dans ta réponse sur le forum.

 

 

EDIT: Avant de lancer le scan Kasperky, vire les outils sinon on va avoir 36000 détections :P

 

Fais Démarrer/Exécuter copie-colle la commande suivante puis OK:

 

 

"%userprofile%\Bureau\Rekin.exe" /u

 

 

Ca désinstallera ComboFix, Supprimera les points de restauration système (qui sont infectés) et remettra les options de sécurité de Windows par défaut.

 

Pour désinstaller les outils utilisés:

 

Télécharger ToolsCleaner! de A.Rothstein pour enlever les programmes utilisés pendant la procédure.

http://pc-system.fr/TC/ToolsCleaner2.exe

* Enregistrer ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant qu' Administrateur

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

* Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

 

Lorsque la recherche est terminée ToolsCleaner affiche une liste des différents outils trouvés, cliquez sur "Suppression" afin de les supprimer.

Fermez le programme en cliquant sur "Quitter ".

 

Postez le rapport qui se trouve ici >>> C:\TCleaner.txt

 

@++

Modifié par Apollo

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...