Infécté par des trojan(fakealert) et (dowlander)
Forum Sécurité - Virus : Infécté par des trojan(fakealert) et (dowlander)
bonjour se matin en allent sur ma messagerie j'ai supprimer tous les mail que je connaissé pas une fous la corbeil vider de ma messagerie, les mot "VIRUS ALERT!" se sont affiché juste a coté de l'heure pius mon anti-virus"bit defender" ma affiché un message pour autorissé le virus a entré sur mon ordinateur je nais pas eu le temp de cliké sur non que la fenettre ses fermé jai lancer des analyse sans succée puis je ne peut pas allez dans poste de travail plus d'icone dans démarrer plus d'icone aussi je ne peut pas allez voir tous les programe je peut juste arrété l'ordinateur, da sur le bureau a la place des icone poste de travail est msn et steam(jeu) il y a MS anti-virus, Error Cleaner, Privacy protector, Spyware&malware protection est j'ai esseyé de voire les application quand je les lance mon anti-virus m'informe qu'il a bloké le trojan.fakealert, dans ma quarentaine jai les trojan suivant : trojan.fakealert.ABA, trojan.PATCHED.CK. les seul application qui marche ses BitDefender.
désolé pour les faute d'ortographe, jai réussi a allez dans poste de travail mais le disk dur est pas affichez juste les disk amovible je ne kompren rien jai vremen besion daide si vou ne komprenez rien possez moi des kestion merci 
je ne sais plus comment faire
Répondre à alexandre-hanibal
Merci d'écrire correctement !
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
tien voila mon rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:48:04, on 01/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\2\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sunbelt Software\iHateSpam\siService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\2\FTCOMModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: QXK Olive - {7AFF0558-B4DF-4D98-B741-60169574D2D1} - C:\WINDOWS\vanwxemgqep.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\Sunbelt Software\iHateSpam\siService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/5 [...] plugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tec [...] SupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tec [...] mAData.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/so [...] launch.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_1_1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn. [...] gWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O21 - SSODL: xrdwbfgn - {BB849D2B-915F-486E-81F9-92720E9F7E8A} - C:\WINDOWS\xrdwbfgn.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\2\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 13084 bytes
Répondre à alexandre-hanibal
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1103
Windows 5.1.2600 Service Pack 2
02:37:37 02/09/2008
mbam-log-09-02-2008 (02-37-32).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 156928
Temps écoulé: 5 hour(s), 43 minute(s), 28 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 121
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 28
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{8abe4dbe-80f1-45cc-8592-de0bcf78c32c} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv (Rootkit.Agent) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3d72f15b-24a2-4880-b8e5-7944d2ee4a27} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0c63fd70-fc74-46f1-ac6c-85f1e47a2e75} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{af9bdb20-9e34-4a79-85cb-37f97a9a9fd2} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7aff0558-b4df-4d98-b741-60169574d2d1} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7aff0558-b4df-4d98-b741-60169574d2d1} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{01e20262-53c8-45a2-8b50-2382016765d5} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{04f2149a-9f3e-4eb6-8c0b-e19d726cea7a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{076389bd-7043-445e-8bc7-e3ef1b28ce38} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07cc8b03-abff-4da7-8a05-bd96081a192b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0b164ae4-217a-4a12-99e9-7e3547d51ef3} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{11f1960f-55cd-4680-a354-60a783df83d9} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{17e6f39d-c116-44dd-b410-f21d0f171357} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1968b5b7-7a39-477b-ac08-8e12640c8c8c} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1bb8e167-f829-423e-bae4-bcbea03b6c95} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1c5e235b-9376-4a49-a97f-092b43269199} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2085748a-d7fd-4413-94fd-2ed425d73ffa} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25f90e9b-91c1-4bfd-a0ed-291650a9bc79} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{26976b5d-3fbc-448e-b857-10b29a68b781} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2ac7dde4-35aa-4ad3-87a6-78084b23ef5a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b3848fc-b48b-4b95-a670-d4aa3bbf4f28} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3562113a-f8a4-4c61-9cda-8a3d42d0d621} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3738618a-c8cb-4260-a95a-c513880f695a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3eb0e391-bf06-474e-80b6-34eef44629d9} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3ed578ab-361f-47b8-857f-25aa0e4a599c} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4035c60e-09f1-49bd-97f1-3df38b7e0aae} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{43f4a252-f142-4919-b2a8-14c36aad071f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4983b8db-f422-4b79-aa8b-603bc6d3bb7b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4b84ff8e-bd0c-4a5a-af11-79f9a716673c} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4bd27a9c-b63d-4a6b-8e81-060afa8ecbf7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4cf4b92b-21eb-40e8-b7f0-0bc3982d3351} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4e9c38e0-999b-4f76-be6c-bb4d0d6c20dd} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{528f6ba0-94b8-44ce-b216-f8a46f81fe40} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53610fe7-f339-4fd6-b9bb-92984e62192b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{539585db-f8c3-44ba-9c0d-89f46c1fdd63} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54d449d3-a4cd-4cd9-a27b-6d257b4f1a09} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{58a10483-7f33-40b0-b840-ccefdfa8c32a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{58c1ab07-e4c7-4e2f-9953-3b6b5df086d0} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5afc767f-a5c0-45a8-a17d-8d0ad215aab3} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c2ba8d4-a7ab-47bf-9f22-3689635fd040} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5e851b98-fdec-4b60-9f28-54b6d102dbf5} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{66b14c36-f7dd-401d-bb78-806bd4337942} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{67571683-a544-418a-a6d5-5967aca32b53} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{69ec2126-492e-49d1-9245-44702cdac975} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6cfafff9-70db-4b82-8094-317352c9a123} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7006ffed-1458-4b32-ae13-17178f5e08b6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{72e3bee5-a8b8-4155-af0e-2dfc1f87610d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{74da8d88-4a3a-4d41-83eb-88a214ac4529} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{74f4cb5f-4a8f-4a9e-9772-90c6f870ce77} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7673fde0-dff6-49a5-9550-3cfb4c855c56} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{79445c28-b36a-400d-a49c-a83d0b727157} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7a650dba-4948-4293-a1d0-cb55103e7b84} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7d1a458e-d11e-4178-8043-2c7f58d9aad7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8478cf4e-12e2-4160-b37c-4842c6085c3b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8646dcf9-9d76-445b-8ed5-4efcf36f88d1} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{878e4d19-ca0e-4ab2-bf54-672f227a3dcb} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{879b98f2-e0bd-49a1-b7f5-84340e690f3c} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{87e3bc04-7b59-4cc1-abdf-d5a15918d75b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8c2743f7-6492-4d91-ab5e-f98220f6e705} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{90ea5d3e-7a61-47ac-a68e-dfd250953afe} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{91c1c7a8-5daa-4705-9f74-c7c370a29f5f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{94ac1ec1-da14-448b-9090-76aa239b024b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{950bce3d-5503-420c-aa10-b2f251f14cf2} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9922b031-8d91-4a30-89ff-489583194eba} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9c2d4573-84cc-4514-85e4-be391440b290} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9c6093a6-3bb3-4c36-91b7-4be1fb177be4} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9dcad628-cdcd-428f-9b19-083df20302e1} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9f0d4ec7-6bc7-4901-90d1-c41b7ec44971} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a09bbba7-52cd-4a8a-a4bd-bd86a14a648f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a2aefc87-6f68-48a0-ae20-ba5e8ef971f7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a3bc0a40-eb5a-43a5-82f8-48a641102cf3} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4645d60-a413-45c3-8877-6362a8cb2dc2} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7b6b1f3-fc61-4375-b370-bfcbf5624aad} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a8dd1624-c82a-47af-b528-165210079007} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ad03639b-e1b1-4b46-9768-6dc89fea473b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ad4d9fa8-dacc-4ff9-936a-bc40ef2888ca} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b1090ed5-5e2c-42f2-b353-e01011299c4a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b5444847-4421-45cd-9c62-cd5cbd9b8878} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b7c9529a-e00a-4d62-a7a7-a150ecd648d3} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bb849d2b-915f-486e-81f9-92720e9f7e8a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bd58ea2f-92a2-4970-a401-2933c8c11dad} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c029859e-cf8b-4409-894d-eea05da5ee70} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c0b562e8-133d-4fa9-8230-6707791b0de7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c296e494-e48a-4b81-a1a1-fbb30f2abf4e} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c312105d-b8d7-4e21-8141-343519c5cba1} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c78026e4-6ea9-42e9-8aa4-a8036817b156} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{caff841e-10ad-4834-b280-8228ec642930} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cb267c20-687a-43f4-8be2-0dfffd89afe1} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cfa32d31-41fe-48a7-9235-31fcbe145b21} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d0310650-440c-43de-b25f-39adf261b6d3} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d3b1afe8-88ac-4f14-8bce-f45c205567e5} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d56dfc8a-1438-4718-82b3-6d28510a7aaf} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d6b63aa8-abc2-4b11-b4fd-c8b22d3f1c0e} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d900c638-1653-4be3-a16d-724e82b07a08} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d9b766f9-4e76-4a03-a22f-74a7932e3aa9} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{da1d80f8-26d8-49fa-8dc9-29d5f969ccdb} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{db3098f0-a54d-43e5-8d2b-7c311a909c7b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{db4e1861-5434-4158-a893-15c90e021c63} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{db81f262-2ae0-4501-8204-cabf4ccd848f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{dcff30fe-6bb3-4461-a467-4a3567161288} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e29c8894-bb4d-4825-b6a6-ceacfafd9540} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e311c002-b357-4a70-b31c-83c29daa0dc6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e7f340b3-5b35-4449-89a7-cc4f7b35a7de} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec584ac9-901e-44ed-97d7-8908e3247b22} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ed9d8799-de32-4bbb-b542-c817acdae6b4} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{eee5cc6a-f2c1-42ff-ba72-a25a4e7022f1} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{eee7da48-a895-4179-b4b5-3f135a58f8d9} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f3bb08fa-4747-46d6-828e-c4334cfd7aa1} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f55ee2c5-a1dd-41cb-ad4b-6b34e185c6e3} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f6af3120-02bd-42f2-9e11-ee30ab01ad56} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f7f22987-e707-4fe7-a082-4736dd092bd2} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f99c30c0-ae70-4913-bfd0-976a0fd5623a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fcf10500-29da-4fc9-b04f-c981e4ee29b7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fd4eaa59-53fd-4510-8e59-f0c13b15723a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe26843f-5e6f-4f8f-87b6-fcb5e6d5b859} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\gksraemq.bkte (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xrdwbfgn (Trojan.FakeAlert) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76412-OEM-0011903-00199) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
Fichier(s) infecté(s):
C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\1.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\2.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\5.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\7.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{9BD1E2A9-38A1-4417-9D2D-F598174C7603}\RP833\A0359510.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{9BD1E2A9-38A1-4417-9D2D-F598174C7603}\RP833\A0359511.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\dgksvbpn.dll (Trojan.Zlob) -> No action taken.
C:\WINDOWS\egov.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\VIE30.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
C:\Program Files\MSA\MSA.exe (Rogue.MSAntivirus) -> No action taken.
C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> No action taken.
C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> No action taken.
C:\WINDOWS\vanwxemgqep.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\xrdwbfgn.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\sxmaokgf.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\rbwelcvn_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\rbwelcvn_nav.dat (Adware.NaviPromo) -> No action taken.
C:\Documents and Settings\Claudine\Bureau\MS Antivirus.lnk (Rogue.Link) -> No action taken.
C:\Documents and Settings\Claudine\Bureau\Privacy Protector.url (Rogue.Link) -> No action taken.
Répondre à alexandre-hanibal
apres cette analyse jai toujour plien d'alerte me disant qu'il a bloké un trojan quand je lance une analyse bitdefender trouve 34 menace qu'il ne peut pas supprimer comment puije faire merci d'avance je suis désésspéré tu est ma derniere chance AngelDark
Message édité par alexandre-hanibal le 02-09-2008 à 16:42:04
Répondre à alexandre-hanibal
Tu as bien supprimé les infections avec MBAM ?
Répondre à Angeldark
oui je vais mettre a jour instalé la deniere version est je recomence dans 5 heures je te donne de mes nouvelles merci beaucoup !
Message édité par alexandre-hanibal le 02-09-2008 à 18:06:04
Répondre à alexandre-hanibal
Ok.
Répondre à Angeldark
Désolé pour double poste mais demain j'ai entrénement de rugby j'étin mon pc pour pouvoire dormire correctement cette nuit voila jte donne sa demain merci a+
Répondre à alexandre-hanibal
No prob.
Répondre à Angeldark
Désolé pour le retard la rentré du lycée ma occupé pendant tou mon temp libre
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1103
Windows 5.1.2600 Service Pack 2
04/09/2008 01:39:11
mbam-log-2008-09-04 (13-39-08).txt
Type de recherche: Examen complet (C:\|D:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 154652
Temps écoulé: 2 hour(s), 22 minute(s), 8 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{9BD1E2A9-38A1-4417-9D2D-F598174C7603}\RP833\A0359520.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{9BD1E2A9-38A1-4417-9D2D-F598174C7603}\RP833\A0359519.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{9BD1E2A9-38A1-4417-9D2D-F598174C7603}\RP833\A0359523.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{9BD1E2A9-38A1-4417-9D2D-F598174C7603}\RP833\A0359525.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{9BD1E2A9-38A1-4417-9D2D-F598174C7603}\RP833\A0359526.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{9BD1E2A9-38A1-4417-9D2D-F598174C7603}\RP833\A0359527.exe (Trojan.FakeAlert) -> No action taken.
Répondre à alexandre-hanibal
Tu as bien supprimé les infections ?
Répondre à Angeldark
oui sa a l'aire de bien fonctioné c'etai la derniere etapes ?
Répondre à alexandre-hanibal
Nan, reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:27, on 07/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sunbelt Software\iHateSpam\siService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\2\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\Sunbelt Software\iHateSpam\siService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/5 [...] plugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tec [...] SupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tec [...] mAData.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/so [...] launch.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_1_1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn. [...] gWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\2\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 12326 bytes
Répondre à alexandre-hanibal
Re,
Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - (no file)
|
Répondre à Angeldark
Je les fait merci pour tes conseile que faut t-il fair ensuite ?
Répondre à alexandre-hanibal
est pour celle_ci ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Répondre à alexandre-hanibal
Il faut les laisser. Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:19, on 08/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\2\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sunbelt Software\iHateSpam\siService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\2\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\Sunbelt Software\iHateSpam\siService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/5 [...] plugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tec [...] SupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tec [...] mAData.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/so [...] launch.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_1_1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn. [...] gWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\2\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 12701 bytes
Répondre à alexandre-hanibal
D'autres soucis ?
Répondre à Angeldark
non ses fini si oui merci beaucoup !!
Répondre à alexandre-hanibal
Bon surf.
Répondre à Angeldark
Bonjour moi aussi j'ai a peu pres le meme probleme le bouclier rouge avec la croix qui flood "you have a security problem" j'ai deja essayer de l'effacé j'ai stop son processus mais rien je sais plus quoi faire x_x si quelqu'un pouvais m'aider sa serais cool ^^
Il y a 1659 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
