Grosse galère, je n'arrive pas à supprimer le trojan win32/rbot.ge

kintaro37 · le 22 novembre 2009

Bonjour à tous,

Je galère à mort pour éradiquer une saloperie de trojan.

A chaque demarrage de Windows, Windows Defender détecte et alerte sur : Backdoor:Win32/Rbot.gen

Depuis ce matin, j'ai passé des heures et des heures à installer différents antimalwares, et scanner mon disque. A chaque fois, rien n'est détecté. Et pourtant, à chaque démarrage, la même alerte windows.

J'ai regardé sur internet, ce trojan a l'air assez méchant.

Je ne sais pas du tout comment faire pour le supprimer.

Ca serait vraiment super sympa de jeter un coup d'oeil à mon log hijackthis :

MERCI!!!!!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:13:16, on 22/11/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16916)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\sttray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&cli...amp;ibd=1080312

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&cli...amp;ibd=1080312

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing)

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing)

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bird For] "C:\ProgramData\corn nurb nurb.jqzamui"

O4 - HKLM\..\Run: [Remote File] C:\Users\A\AppData\Local\Temp\rashost.exe

O4 - HKLM\..\Run: [EnableDCOM] N

O4 - HKLM\..\Run: [restrictanonymous]

O4 - HKLM\..\Run: [restrictanonymoussam]

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunServices: [Remote File] C:\Users\A\AppData\Local\Temp\rashost.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Remote File] C:\Users\A\AppData\Local\Temp\rashost.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O13 - Gopher Prefix:

O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/s...te/certdgi1.cab

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...r/wlscctrl2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8361 bytes

chrifleur · le 22 novembre 2009

bonjour et bienvenue

Désactive tes protections résidentes (Antivirus, ...) tu les réactivera après le scan

Télécharge Lop S&D < ici

Double-clique sur Lop S&D.exe présent sur ton bureau

Séléctionne la langue souhaitée, puis choisis l'Option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (%SystemDrive%\lopR.txt)

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

kintaro37 · le 22 novembre 2009

Salut Chrifleur,

Merci de m'avoir répondu c'est sympa d'essayer de me tirer de mon mauvais pas !!

Voici le log que tu as demandé :

Il y a juste Malwarebytes qui a tourné pendant ce temps (un scan super long qui a demarré depuis très longtemps et que je voulais finir) et Windows Defender (le truc par defaut dans Vista)

Si c'est problématique dis moi et je referai un nouveau scan en désactivant ces trucs.

Et merci encore !

____________________________

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T7200 @ 2.00GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A06

USER : A ( Administrator )

BOOT : Normal boot

Firewall : McAfee Personal Firewall (Activated)

C:\ (Local Disk) - NTFS - Total:136 Go (Free:29 Go)

D:\ (Local Disk) - NTFS - Total:9 Go (Free:5 Go)

E:\ (CD or DVD)

G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 22/11/2009|15:14 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[07/03/2009|11:27] C:\Users\A\AppData\Local\2DBoy

[19/04/2008|17:42] C:\Users\A\AppData\Local\Adobe

[06/08/2008|19:08] C:\Users\A\AppData\Local\Ahead

[17/10/2009|10:10] C:\Users\A\AppData\Local\Apple

[14/03/2008|19:23] C:\Users\A\AppData\Local\Application Data

[25/07/2009|12:42] C:\Users\A\AppData\Local\CAPCOM

[26/08/2008|07:24] C:\Users\A\AppData\Local\d3d9caps.dat

[18/11/2009|00:12] C:\Users\A\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[22/11/2009|11:44] C:\Users\A\AppData\Local\Downloaded Installations

[30/07/2009|19:37] C:\Users\A\AppData\Local\eMule

[09/06/2008|08:38] C:\Users\A\AppData\Local\Flickr

[08/03/2009|09:44] C:\Users\A\AppData\Local\GDIPFONTCACHEV1.DAT

[25/07/2009|11:01] C:\Users\A\AppData\Local\Google

[14/03/2008|19:23] C:\Users\A\AppData\Local\History

[22/11/2009|14:29] C:\Users\A\AppData\Local\IconCache.db

[30/03/2008|09:53] C:\Users\A\AppData\Local\MediaDirect

[22/11/2009|11:52] C:\Users\A\AppData\Local\Microsoft

[30/07/2008|16:14] C:\Users\A\AppData\Local\Microsoft Games

[14/03/2008|19:32] C:\Users\A\AppData\Local\MigWiz

[14/03/2008|20:31] C:\Users\A\AppData\Local\Mozilla

[06/08/2008|19:05] C:\Users\A\AppData\Local\Nero

[01/04/2008|20:13] C:\Users\A\AppData\Local\Oblivion

[21/11/2009|12:22] C:\Users\A\AppData\Local\PackageAware

[29/03/2008|22:41] C:\Users\A\AppData\Local\Powercinema

[14/03/2008|22:04] C:\Users\A\AppData\Local\Real

[14/03/2008|22:10] C:\Users\A\AppData\Local\SupportSoft

[22/11/2009|15:12] C:\Users\A\AppData\Local\Temp

[14/03/2008|19:23] C:\Users\A\AppData\Local\Temporary Internet Files

[16/03/2008|13:34] C:\Users\A\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[22/11/2009 13:24][--a------] C:\Windows\tasks\ParetoLogic Registration.job

[16/08/2009 03:31][--a------] C:\Windows\tasks\Driver Robot.job

[22/11/2009 14:51][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964503660-626179915-801367091-1000UA.job

[21/11/2009 22:51][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964503660-626179915-801367091-1000Core.job

[22/11/2009 14:30][--ah-----] C:\Windows\tasks\SA.DAT

[22/11/2009 14:29][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[05/10/2009|22:00] C:\ProgramData\_Temp

[21/11/2009|12:23] C:\ProgramData\{CCF7B54F-09A1-41ED-BA1B-471D81BFFC09}

[07/03/2009|11:27] C:\ProgramData\2DBoy

[10/11/2009|14:54] C:\ProgramData\Adobe

[17/10/2009|10:10] C:\ProgramData\Apple

[17/10/2009|10:11] C:\ProgramData\Apple Computer

[14/03/2008|19:23] C:\ProgramData\Application Data

[15/11/2009|12:17] C:\ProgramData\corn nurb nurb.h9e1qb1

[15/11/2009|12:17] C:\ProgramData\corn nurb nurb.jqzamui

[12/03/2008|03:11] C:\ProgramData\CyberLink

[20/11/2009|20:31] C:\ProgramData\DAEMON Tools Lite

[14/03/2008|22:20] C:\ProgramData\Dell

[14/03/2008|19:23] C:\ProgramData\Desktop

[14/03/2008|19:23] C:\ProgramData\Documents

[15/03/2008|00:18] C:\ProgramData\eMule

[14/03/2008|19:23] C:\ProgramData\Favorites

[10/02/2009|19:46] C:\ProgramData\Google

[12/03/2008|02:59] C:\ProgramData\InstallShield

[22/11/2009|11:06] C:\ProgramData\Malwarebytes

[15/08/2009|15:05] C:\ProgramData\McAfee

[15/11/2009|12:17] C:\ProgramData\mfcdlist

[17/01/2009|11:02] C:\ProgramData\Microsoft

[06/08/2008|19:28] C:\ProgramData\Nero

[20/11/2009|20:34] C:\ProgramData\ntuser.pol

[15/08/2009|21:56] C:\ProgramData\NVIDIA

[22/11/2009|14:31] C:\ProgramData\nvModes.001

[22/11/2009|14:31] C:\ProgramData\nvModes.dat

[22/11/2009|13:38] C:\ProgramData\ParetoLogic

[14/03/2008|22:04] C:\ProgramData\Real

[01/04/2008|18:31] C:\ProgramData\Roxio

[12/03/2008|03:01] C:\ProgramData\Sonic

[22/11/2009|12:57] C:\ProgramData\Spybot - Search & Destroy

[21/11/2009|12:23] C:\ProgramData\Stardock

[14/03/2008|19:23] C:\ProgramData\Start Menu

[22/11/2009|11:14] C:\ProgramData\SUPERAntiSpyware.com

[12/03/2008|03:08] C:\ProgramData\SupportSoft

[22/11/2009|14:38] C:\ProgramData\TEMP

[14/03/2008|19:23] C:\ProgramData\Templates

[05/05/2008|21:55] C:\ProgramData\ZoomBrowser

--------------------\\ Listing des dossiers dans C:\Program Files

[20/11/2009|23:18] C:\Program Files\1C Company

[02/05/2009|17:00] C:\Program Files\AC3Filter

[16/03/2009|16:48] C:\Program Files\Adobe

[15/08/2009|21:50] C:\Program Files\AGEIA Technologies

[15/08/2009|22:27] C:\Program Files\Alcohol 120

[17/10/2009|10:10] C:\Program Files\Apple Software Update

[22/11/2009|14:08] C:\Program Files\a-squared Free

[25/08/2009|18:14] C:\Program Files\AviSynth 2.5

[12/03/2008|02:55] C:\Program Files\Broadcom

[17/03/2008|22:13] C:\Program Files\Canon

[22/11/2009|11:45] C:\Program Files\Common Files

[12/03/2008|02:39] C:\Program Files\CONEXANT

[11/08/2008|18:58] C:\Program Files\coolsitemapper

[12/03/2008|03:11] C:\Program Files\CyberLink

[20/11/2009|20:32] C:\Program Files\DAEMON Tools Lite

[12/03/2008|03:11] C:\Program Files\Dell

[12/03/2008|03:08] C:\Program Files\Dell Support Center

[17/10/2009|14:18] C:\Program Files\Diablo II

[12/03/2008|02:58] C:\Program Files\Digital Line Detect

[28/02/2004|11:06] C:\Program Files\directx

[11/01/2009|10:44] C:\Program Files\Driver NVIDIA

[23/07/2009|05:41] C:\Program Files\Dropbox

[25/08/2009|18:13] C:\Program Files\Easy DVD Creator

[15/08/2009|20:59] C:\Program Files\EasyCleaner

[10/05/2008|13:34] C:\Program Files\EasyPHP 2.0b1

[16/03/2008|11:02] C:\Program Files\eMule

[31/08/2008|16:50] C:\Program Files\ExplorerView

[14/03/2008|21:59] C:\Program Files\FastStone Image Viewer

[14/03/2008|22:05] C:\Program Files\FastStone Photo Resizer

[31/08/2008|08:12] C:\Program Files\FileZilla FTP Client

[12/06/2009|21:29] C:\Program Files\Flickr Uploadr

[24/08/2008|14:24] C:\Program Files\foobar2000

[08/04/2008|19:05] C:\Program Files\FreeMind

[25/08/2009|18:14] C:\Program Files\Haali

[22/11/2009|14:41] C:\Program Files\HijackThis

[21/11/2009|12:23] C:\Program Files\Impulse

[21/11/2009|13:29] C:\Program Files\Indie Games

[20/11/2009|22:42] C:\Program Files\InfraRecorder

[15/08/2009|14:57] C:\Program Files\InstallShield Installation Information

[17/10/2009|10:12] C:\Program Files\Internet Explorer

[14/03/2008|22:02] C:\Program Files\IZArc

[30/08/2009|21:15] C:\Program Files\Java

[14/03/2008|22:04] C:\Program Files\K-Lite Codec Pack

[09/04/2008|19:00] C:\Program Files\Maguma Open Studio

[22/11/2009|14:39] C:\Program Files\Malwarebytes' Anti-Malware

[02/05/2009|16:55] C:\Program Files\Media Player Classic

[15/11/2009|12:17] C:\Program Files\mfcdlist

[02/11/2006|12:37] C:\Program Files\Microsoft Games

[19/02/2009|18:29] C:\Program Files\Microsoft Games for Windows - LIVE

[07/04/2008|19:35] C:\Program Files\Microsoft Office

[25/09/2009|00:04] C:\Program Files\Microsoft Silverlight

[08/07/2008|12:34] C:\Program Files\Microsoft Works

[12/03/2008|02:57] C:\Program Files\Modem Diagnostic Tool

[25/04/2009|16:12] C:\Program Files\Mount&Blade

[25/08/2009|18:14] C:\Program Files\Movie DVD Maker

[02/11/2006|12:42] C:\Program Files\Movie Maker

[22/11/2009|14:37] C:\Program Files\Mozilla Firefox

[14/03/2009|18:48] C:\Program Files\Mozilla Firefox3

[12/03/2009|15:40] C:\Program Files\MSBuild

[02/11/2006|12:37] C:\Program Files\MSN

[14/03/2008|19:54] C:\Program Files\MSXML 4.0

[12/03/2008|02:56] C:\Program Files\NetWaiting

[09/04/2008|19:07] C:\Program Files\Notepad++

[15/08/2009|22:09] C:\Program Files\Photo Story 3 for Windows

[07/03/2011|09:31] C:\Program Files\PowerISO

[27/05/2008|20:01] C:\Program Files\ProtectDisc Driver Installer

[17/10/2009|10:12] C:\Program Files\QuickTime

[12/03/2009|15:40] C:\Program Files\Reference Assemblies

[12/03/2008|02:54] C:\Program Files\SigmaTel

[22/11/2009|12:57] C:\Program Files\Spybot - Search & Destroy

[21/11/2009|12:22] C:\Program Files\Steam

[25/07/2009|12:33] C:\Program Files\StreetFighterIV

[22/11/2009|13:39] C:\Program Files\SUPERAntiSpyware

[12/03/2008|10:33] C:\Program Files\Synaptics

[15/08/2009|21:12] C:\Program Files\SystemRequirementsLab

[29/10/2009|21:33] C:\Program Files\Torchlight

[02/11/2006|13:01] C:\Program Files\Uninstall Information

[20/11/2009|22:18] C:\Program Files\VirtualCloneDrive

[08/06/2009|20:07] C:\Program Files\VLC

[15/03/2008|10:11] C:\Program Files\Winamp

[04/01/2009|10:51] C:\Program Files\Winamp5

[12/03/2008|10:27] C:\Program Files\Windows Calendar

[12/03/2008|10:23] C:\Program Files\Windows Defender

[02/11/2006|12:42] C:\Program Files\Windows Journal

[22/11/2009|11:52] C:\Program Files\Windows Live Safety Center

[14/03/2008|20:15] C:\Program Files\Windows Mail

[15/08/2009|14:49] C:\Program Files\Windows Media Player

[02/11/2006|12:37] C:\Program Files\Windows NT

[02/11/2006|12:42] C:\Program Files\Windows Photo Gallery

[14/03/2008|20:15] C:\Program Files\Windows Sidebar

[08/02/2009|19:52] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[08/07/2008|12:40] C:\Program Files\Common Files\ACD Systems

[09/11/2009|20:00] C:\Program Files\Common Files\Adobe

[17/10/2009|10:11] C:\Program Files\Common Files\Apple

[19/08/2008|20:04] C:\Program Files\Common Files\Blizzard Entertainment

[11/08/2008|18:58] C:\Program Files\Common Files\Borland Shared

[17/03/2008|22:12] C:\Program Files\Common Files\Canon

[07/04/2008|19:35] C:\Program Files\Common Files\Designer

[12/03/2008|02:59] C:\Program Files\Common Files\InstallShield

[12/03/2008|02:53] C:\Program Files\Common Files\Java

[15/08/2009|22:09] C:\Program Files\Common Files\microsoft shared

[06/08/2008|19:28] C:\Program Files\Common Files\Nero

[22/11/2009|13:38] C:\Program Files\Common Files\ParetoLogic

[01/04/2008|18:31] C:\Program Files\Common Files\Roxio Shared

[02/11/2006|11:18] C:\Program Files\Common Files\Services

[25/08/2009|18:14] C:\Program Files\Common Files\SourceTec

[02/11/2006|11:18] C:\Program Files\Common Files\SpeechEngines

[15/08/2009|22:07] C:\Program Files\Common Files\Steam

[12/03/2008|03:08] C:\Program Files\Common Files\supportsoft

[12/03/2008|10:32] C:\Program Files\Common Files\System

[22/11/2009|13:39] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 56 Processes )

iexplore.exe ~ [PID:3520]

--------------------\\ Recherche avec S_Lop

C:\ProgramData\corn nurb nurb.h9e1qb1

C:\ProgramData\corn nurb nurb.jqzamui

C:\ProgramData\mfcdlist

C:\ProgramData\mfcdlist\Hearttwo.exe

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\A\AppData\Roaming\MICROS~1\Windows\Cookies\a@install.torrentspeeder[2].txt

C:\Users\A\AppData\Roaming\MICROS~1\Windows\Cookies\a@adopt.euroclick[2].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\joy 32 inter]

"DisplayName"="CiD Help"

"UninstallString"="C:\\PROGRA~2\\mfcdlist\\Hearttwo.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bird For"="\"C:\\ProgramData\\corn nurb nurb.jqzamui\""

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-22 15:14:56

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\A\AppData\Roaming\uTorrent\Mount & Blade 1.011 Crack.torrent

C:\Users\A\AppData\Roaming\uTorrent\RISE.OF.NATIONS.RISE.OF.LEGENDS-NoCd Crack.torrent

C:\Users\A\AppData\Roaming\uTorrent\Titan Quest + Immortal Throne + Patch + Crack.torrent

[F:23][D:126]-> C:\Users\A\AppData\Local\Temp

[F:172][D:1]-> C:\Users\A\AppData\Roaming\MICROS~1\Windows\Cookies

[F:321][D:4]-> C:\Users\A\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:9][D:5]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 22/11/2009|15:18 - Option : [1]

--------------------\\ Fin du rapport a 15:18:07

[ UAC => 1 ]

bonjour et bienvenue
Désactive tes protections résidentes (Antivirus, ...) tu les réactivera après le scan

Télécharge Lop S&D < ici

Double-clique sur Lop S&D.exe présent sur ton bureau

Séléctionne la langue souhaitée, puis choisis l'Option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (%SystemDrive%\lopR.txt)

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

chrifleur · le 22 novembre 2009

Double-clique sur le raccourci de lop S&Det choisis l'option 2. Cela va supprimer l'infection et provoquer une réinitialisation du fichier hosts.
A la fin de la suppression, une recherche sera re-lancée.
Le bloc-note s'ouvre. Edite son contenu dans ta prochaine réponse.

Modifié le 22 novembre 2009 par chrifleur

kintaro37 · le 22 novembre 2009

Double-clique sur le raccourci de lop S&Det choisis l'option 2. Cela va supprimer l'infection et provoquer une réinitialisation du fichier hosts.

A la fin de la suppression, une recherche sera re-lancée.

Le bloc-note s'ouvre. Edite son contenu dans ta prochaine réponse.

Ok, voici donc le log que tu as demandé, suite à l'action 2 :

Qu'en penses-tu ?

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T7200 @ 2.00GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A06

USER : A ( Administrator )

BOOT : Normal boot

Firewall : McAfee Personal Firewall (Activated)

C:\ (Local Disk) - NTFS - Total:136 Go (Free:29 Go)

D:\ (Local Disk) - NTFS - Total:9 Go (Free:5 Go)

E:\ (CD or DVD)

G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 22/11/2009|17:03 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\A\AppData\Roaming\MICROS~1\Windows\Cookies\a@install.torrentspeeder[2].txt

Supprime! - C:\Users\A\AppData\Roaming\MICROS~1\Windows\Cookies\a@adopt.euroclick[2].txt

Supprime! - C:\ProgramData\corn nurb nurb.h9e1qb1

Supprime! - C:\ProgramData\corn nurb nurb.jqzamui

-

[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[07/03/2009|11:27] C:\Users\A\AppData\Local\2DBoy

[19/04/2008|17:42] C:\Users\A\AppData\Local\Adobe

[06/08/2008|19:08] C:\Users\A\AppData\Local\Ahead

[17/10/2009|10:10] C:\Users\A\AppData\Local\Apple

[14/03/2008|19:23] C:\Users\A\AppData\Local\Application Data

[25/07/2009|12:42] C:\Users\A\AppData\Local\CAPCOM

[26/08/2008|07:24] C:\Users\A\AppData\Local\d3d9caps.dat

[18/11/2009|00:12] C:\Users\A\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[22/11/2009|11:44] C:\Users\A\AppData\Local\Downloaded Installations

[30/07/2009|19:37] C:\Users\A\AppData\Local\eMule

[09/06/2008|08:38] C:\Users\A\AppData\Local\Flickr

[08/03/2009|09:44] C:\Users\A\AppData\Local\GDIPFONTCACHEV1.DAT

[25/07/2009|11:01] C:\Users\A\AppData\Local\Google

[14/03/2008|19:23] C:\Users\A\AppData\Local\History

[22/11/2009|16:45] C:\Users\A\AppData\Local\IconCache.db

[30/03/2008|09:53] C:\Users\A\AppData\Local\MediaDirect

[22/11/2009|11:52] C:\Users\A\AppData\Local\Microsoft

[30/07/2008|16:14] C:\Users\A\AppData\Local\Microsoft Games

[14/03/2008|19:32] C:\Users\A\AppData\Local\MigWiz

[14/03/2008|20:31] C:\Users\A\AppData\Local\Mozilla

[06/08/2008|19:05] C:\Users\A\AppData\Local\Nero

[01/04/2008|20:13] C:\Users\A\AppData\Local\Oblivion

[21/11/2009|12:22] C:\Users\A\AppData\Local\PackageAware

[29/03/2008|22:41] C:\Users\A\AppData\Local\Powercinema

[14/03/2008|22:04] C:\Users\A\AppData\Local\Real

[14/03/2008|22:10] C:\Users\A\AppData\Local\SupportSoft

[22/11/2009|17:03] C:\Users\A\AppData\Local\Temp

[14/03/2008|19:23] C:\Users\A\AppData\Local\Temporary Internet Files

[22/11/2009|16:46] C:\Users\A\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[22/11/2009 13:24][--a------] C:\Windows\tasks\ParetoLogic Registration.job

[16/08/2009 03:31][--a------] C:\Windows\tasks\Driver Robot.job

[22/11/2009 16:51][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964503660-626179915-801367091-1000UA.job

[21/11/2009 22:51][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964503660-626179915-801367091-1000Core.job

[22/11/2009 16:46][--ah-----] C:\Windows\tasks\SA.DAT

[22/11/2009 16:45][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[05/10/2009|22:00] C:\ProgramData\_Temp

[21/11/2009|12:23] C:\ProgramData\{CCF7B54F-09A1-41ED-BA1B-471D81BFFC09}

[07/03/2009|11:27] C:\ProgramData\2DBoy

[10/11/2009|14:54] C:\ProgramData\Adobe

[17/10/2009|10:10] C:\ProgramData\Apple

[17/10/2009|10:11] C:\ProgramData\Apple Computer

[14/03/2008|19:23] C:\ProgramData\Application Data

[12/03/2008|03:11] C:\ProgramData\CyberLink

[20/11/2009|20:31] C:\ProgramData\DAEMON Tools Lite

[14/03/2008|22:20] C:\ProgramData\Dell

[14/03/2008|19:23] C:\ProgramData\Desktop

[14/03/2008|19:23] C:\ProgramData\Documents

[15/03/2008|00:18] C:\ProgramData\eMule

[14/03/2008|19:23] C:\ProgramData\Favorites

[10/02/2009|19:46] C:\ProgramData\Google

[12/03/2008|02:59] C:\ProgramData\InstallShield

[22/11/2009|11:06] C:\ProgramData\Malwarebytes

[15/08/2009|15:05] C:\ProgramData\McAfee

[22/11/2009|16:41] C:\ProgramData\mfcdlist

[17/01/2009|11:02] C:\ProgramData\Microsoft

[06/08/2008|19:28] C:\ProgramData\Nero

[20/11/2009|20:34] C:\ProgramData\ntuser.pol

[15/08/2009|21:56] C:\ProgramData\NVIDIA

[22/11/2009|16:46] C:\ProgramData\nvModes.001

[22/11/2009|14:31] C:\ProgramData\nvModes.dat

[22/11/2009|13:38] C:\ProgramData\ParetoLogic

[14/03/2008|22:04] C:\ProgramData\Real

[01/04/2008|18:31] C:\ProgramData\Roxio

[12/03/2008|03:01] C:\ProgramData\Sonic

[22/11/2009|12:57] C:\ProgramData\Spybot - Search & Destroy

[21/11/2009|12:23] C:\ProgramData\Stardock

[14/03/2008|19:23] C:\ProgramData\Start Menu

[22/11/2009|11:14] C:\ProgramData\SUPERAntiSpyware.com

[12/03/2008|03:08] C:\ProgramData\SupportSoft

[22/11/2009|17:03] C:\ProgramData\TEMP

[14/03/2008|19:23] C:\ProgramData\Templates

[05/05/2008|21:55] C:\ProgramData\ZoomBrowser

--------------------\\ Listing des dossiers dans C:\Program Files

[20/11/2009|23:18] C:\Program Files\1C Company

[02/05/2009|17:00] C:\Program Files\AC3Filter

[16/03/2009|16:48] C:\Program Files\Adobe

[15/08/2009|21:50] C:\Program Files\AGEIA Technologies

[15/08/2009|22:27] C:\Program Files\Alcohol 120

[17/10/2009|10:10] C:\Program Files\Apple Software Update

[22/11/2009|14:08] C:\Program Files\a-squared Free

[25/08/2009|18:14] C:\Program Files\AviSynth 2.5

[12/03/2008|02:55] C:\Program Files\Broadcom

[17/03/2008|22:13] C:\Program Files\Canon

[22/11/2009|11:45] C:\Program Files\Common Files

[12/03/2008|02:39] C:\Program Files\CONEXANT

[11/08/2008|18:58] C:\Program Files\coolsitemapper

[12/03/2008|03:11] C:\Program Files\CyberLink

[20/11/2009|20:32] C:\Program Files\DAEMON Tools Lite

[12/03/2008|03:11] C:\Program Files\Dell

[12/03/2008|03:08] C:\Program Files\Dell Support Center

[17/10/2009|14:18] C:\Program Files\Diablo II

[12/03/2008|02:58] C:\Program Files\Digital Line Detect

[28/02/2004|11:06] C:\Program Files\directx

[11/01/2009|10:44] C:\Program Files\Driver NVIDIA

[23/07/2009|05:41] C:\Program Files\Dropbox

[25/08/2009|18:13] C:\Program Files\Easy DVD Creator

[15/08/2009|20:59] C:\Program Files\EasyCleaner

[10/05/2008|13:34] C:\Program Files\EasyPHP 2.0b1

[16/03/2008|11:02] C:\Program Files\eMule

[31/08/2008|16:50] C:\Program Files\ExplorerView

[14/03/2008|21:59] C:\Program Files\FastStone Image Viewer

[14/03/2008|22:05] C:\Program Files\FastStone Photo Resizer

[31/08/2008|08:12] C:\Program Files\FileZilla FTP Client

[12/06/2009|21:29] C:\Program Files\Flickr Uploadr

[24/08/2008|14:24] C:\Program Files\foobar2000

[08/04/2008|19:05] C:\Program Files\FreeMind

[25/08/2009|18:14] C:\Program Files\Haali

[22/11/2009|14:41] C:\Program Files\HijackThis

[21/11/2009|12:23] C:\Program Files\Impulse

[21/11/2009|13:29] C:\Program Files\Indie Games

[20/11/2009|22:42] C:\Program Files\InfraRecorder

[15/08/2009|14:57] C:\Program Files\InstallShield Installation Information

[17/10/2009|10:12] C:\Program Files\Internet Explorer

[14/03/2008|22:02] C:\Program Files\IZArc

[30/08/2009|21:15] C:\Program Files\Java

[14/03/2008|22:04] C:\Program Files\K-Lite Codec Pack

[09/04/2008|19:00] C:\Program Files\Maguma Open Studio

[22/11/2009|14:39] C:\Program Files\Malwarebytes' Anti-Malware

[02/05/2009|16:55] C:\Program Files\Media Player Classic

[15/11/2009|12:17] C:\Program Files\mfcdlist

[02/11/2006|12:37] C:\Program Files\Microsoft Games

[19/02/2009|18:29] C:\Program Files\Microsoft Games for Windows - LIVE

[07/04/2008|19:35] C:\Program Files\Microsoft Office

[25/09/2009|00:04] C:\Program Files\Microsoft Silverlight

[08/07/2008|12:34] C:\Program Files\Microsoft Works

[12/03/2008|02:57] C:\Program Files\Modem Diagnostic Tool

[25/04/2009|16:12] C:\Program Files\Mount&Blade

[25/08/2009|18:14] C:\Program Files\Movie DVD Maker

[02/11/2006|12:42] C:\Program Files\Movie Maker

[22/11/2009|14:37] C:\Program Files\Mozilla Firefox

[14/03/2009|18:48] C:\Program Files\Mozilla Firefox3

[12/03/2009|15:40] C:\Program Files\MSBuild

[02/11/2006|12:37] C:\Program Files\MSN

[14/03/2008|19:54] C:\Program Files\MSXML 4.0

[12/03/2008|02:56] C:\Program Files\NetWaiting

[09/04/2008|19:07] C:\Program Files\Notepad++

[15/08/2009|22:09] C:\Program Files\Photo Story 3 for Windows

[07/03/2011|09:31] C:\Program Files\PowerISO

[27/05/2008|20:01] C:\Program Files\ProtectDisc Driver Installer

[17/10/2009|10:12] C:\Program Files\QuickTime

[12/03/2009|15:40] C:\Program Files\Reference Assemblies

[12/03/2008|02:54] C:\Program Files\SigmaTel

[22/11/2009|12:57] C:\Program Files\Spybot - Search & Destroy

[21/11/2009|12:22] C:\Program Files\Steam

[25/07/2009|12:33] C:\Program Files\StreetFighterIV

[22/11/2009|13:39] C:\Program Files\SUPERAntiSpyware

[12/03/2008|10:33] C:\Program Files\Synaptics

[15/08/2009|21:12] C:\Program Files\SystemRequirementsLab

[29/10/2009|21:33] C:\Program Files\Torchlight

[02/11/2006|13:01] C:\Program Files\Uninstall Information

[20/11/2009|22:18] C:\Program Files\VirtualCloneDrive

[08/06/2009|20:07] C:\Program Files\VLC

[15/03/2008|10:11] C:\Program Files\Winamp

[04/01/2009|10:51] C:\Program Files\Winamp5

[12/03/2008|10:27] C:\Program Files\Windows Calendar

[12/03/2008|10:23] C:\Program Files\Windows Defender

[02/11/2006|12:42] C:\Program Files\Windows Journal

[22/11/2009|11:52] C:\Program Files\Windows Live Safety Center

[14/03/2008|20:15] C:\Program Files\Windows Mail

[15/08/2009|14:49] C:\Program Files\Windows Media Player

[02/11/2006|12:37] C:\Program Files\Windows NT

[02/11/2006|12:42] C:\Program Files\Windows Photo Gallery

[14/03/2008|20:15] C:\Program Files\Windows Sidebar

[22/11/2009|16:19] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[08/07/2008|12:40] C:\Program Files\Common Files\ACD Systems

[09/11/2009|20:00] C:\Program Files\Common Files\Adobe

[17/10/2009|10:11] C:\Program Files\Common Files\Apple

[19/08/2008|20:04] C:\Program Files\Common Files\Blizzard Entertainment

[11/08/2008|18:58] C:\Program Files\Common Files\Borland Shared

[17/03/2008|22:12] C:\Program Files\Common Files\Canon

[07/04/2008|19:35] C:\Program Files\Common Files\Designer

[12/03/2008|02:59] C:\Program Files\Common Files\InstallShield

[12/03/2008|02:53] C:\Program Files\Common Files\Java

[15/08/2009|22:09] C:\Program Files\Common Files\microsoft shared

[06/08/2008|19:28] C:\Program Files\Common Files\Nero

[22/11/2009|13:38] C:\Program Files\Common Files\ParetoLogic

[01/04/2008|18:31] C:\Program Files\Common Files\Roxio Shared

[02/11/2006|11:18] C:\Program Files\Common Files\Services

[25/08/2009|18:14] C:\Program Files\Common Files\SourceTec

[02/11/2006|11:18] C:\Program Files\Common Files\SpeechEngines

[15/08/2009|22:07] C:\Program Files\Common Files\Steam

[12/03/2008|03:08] C:\Program Files\Common Files\supportsoft

[12/03/2008|10:32] C:\Program Files\Common Files\System

[22/11/2009|13:39] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 59 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-22 17:03:43

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:47][D:128]-> C:\Users\A\AppData\Local\Temp

[F:170][D:1]-> C:\Users\A\AppData\Roaming\MICROS~1\Windows\Cookies

[F:322][D:4]-> C:\Users\A\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:265][D:5]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 22/11/2009|15:18 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 22/11/2009|16:54 - Option : [1]

3 - "C:\Lop SD\LopR_3.txt" - 22/11/2009|17:04 - Option : [2]

--------------------\\ Fin du rapport a 17:04:41

[ UAC => 1 ]

chrifleur · le 22 novembre 2009

comment se comporte ton PC? toujours des alertes?

kintaro37 · le 22 novembre 2009

comment se comporte ton PC? toujours des alertes?

Les resultats de lop S&Det me paraissent encourageant mais apres un redemarrage, windows defender donne toujours la meme alerte :/

Je ne sais vraiment pas quoi faire

chrifleur · le 22 novembre 2009

suis le chemin et supprime ce dossier qui est en gras

C:\ProgramData\mfcdlist

C:\Program Files\mfcdlist

donne moi le nom et le chemin du fichier infecté trouvé par windows defender

Modifié le 22 novembre 2009 par chrifleur

kintaro37 · le 22 novembre 2009

suis le chemin et supprime ce dossier qui est en gras
C:\ProgramData\mfcdlist

C:\Program Files\mfcdlist

donne moi le nom et le chemin du fichier infecté trouvé par windows defender

Mon malheur, c'est bien que je ne comprenne pas où est la source précisement :/

En plus windows defender n'a pas l'air d'être l'antivirus ultime...

L'info qu'il me donne c'est :

Name:

Backdoor:Win32/Rbot.gen

Alert level:

Severe

Category:

Backdoor

Description:

This program has potentially unwanted behavior.

Advice:

Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.

Resources:

process:

pid:3608 (j'ai checké ds le task manager, ce processus n'existe pas !)

Sur le net j'ai vu que le trojan Rbot.gen était capable de se dupliquer sur le disque avec des noms différents à chaque fois pour rendre plus difficile son nettoyage total. Ce qu'il faudrait je pense, c'est un patch ou un outil spécifique pour tout nettoyer automatiquement mais je n'en ai pas trouvé après pas mal de recherches sur le net.

Autre possibilité, windows defender est défaillant et fait une fausse alerte ? J'ai fait bcp de scans toute la journée avec différents anti malwares et ils n'ont jamais rien trouvé.

Qu'en penses-tu ?

chrifleur · le 23 novembre 2009

il est possible que windows defender te donne un faux positif

on va chercher plus loin

Télécharge Random's System Information Tool (RSIT) de Random / Random et sauvegarde-le sur ton Bureau,

http://images.malwareremoval.com/random/RSIT.exe

Double-clique sur RSIT.exe pour lancer le programme,
Clique sur continuer sur l'écran Disclaimer,
Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Connexion

Pas encore inscrit ?

Grosse galère, je n'arrive pas à supprimer le trojan win32/rbot.ge

Messages recommandés

kintaro37

chrifleur

kintaro37

chrifleur

kintaro37

chrifleur

kintaro37

chrifleur

kintaro37

chrifleur

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer