Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Windows

INfection virus/spyware

Dernière réponse le 10 aoû 2008 à 16:54:16 Xam Danlref, le 5 aoû 2008 à 08:30:44

Signaler ce message aux modérateurs

Bonjour,

J'ai essayé de downloader une version hacké dun programme de graphisme et il se trouve quil y avait un virus/spyware ou qqchose du genre . Mon ordi est lent lent lent lent, ma barre de démarrage et mon deskop disparaisse, mon fond d'écran est bleu et bloqué à ''votre ordinateur est infecté,,(Ne peut plus changé de fond décran, il n'y a plus d'onglet dans mes préférence), installé un Anti virus, et un anti virus suspect (anti virus xp 2008) a été installé sur mon ordi, je ne peux le désinstallé.

Configuration: Windows XP
Internet Explorer 7.0

Meilleures réponses pour « INfection virus/spyware » dans :

Infection win spyware protect & heat virus (Résolu) Voir

[Infection] Un ou plusieurs virus/spywares Voir

Probleme infection virus spyware (Résolu) Voir

Rapport d'analyse du virus spyware secure (Résolu) Voir

Virus spyware secure svp (Résolu) Voir

Comment supprimer des virus spyware ? Voir

Spyware (Espiogiciel) VoirLes espiogiciels Un espiogiciel (en anglais spyware) est un programme chargé de recueillir des informations sur l'utilisateur de l'ordinateur sur lequel il est installé (on l'appelle donc parfois mouchard) afin de les envoyer à la société qui le...

Posez votre question Répondre

chefpunky, le 5 aoû 2008 à 08:33:40

Telecharge hijackthis:
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
1. une fois installer renomme le en HJT.exe
2. ouvre le et fai do a scan system and logfile
3 poste rapport sur ce forum. 1 seul personne suffi,ARRÊTER de vous interposer.

Répondre à chefpunky

Xam Danlref, le 5 aoû 2008 à 08:35:16

Renommer en HJT???

Répondre à Xam Danlref

chefpunky, le 5 aoû 2008 à 08:36:31

Oui car des hacker arrive a la contourner

mai apres l' installation tu doit renommer hajackthis.exe en HJT.exe 1 seul personne suffi,ARRÊTER de vous interposer.

Répondre à chefpunky

Xam Danlref, le 5 aoû 2008 à 08:37:33

Kk, donc je fais juste renommé le fichier?

Répondre à Xam Danlref

chefpunky, le 5 aoû 2008 à 08:39:59

Non je reprend

1 tu installe hijackthis
2 apres l' instalation tu va voir un fichier qui s' apelle hijackthis.exe tu le renomme en HJT.exe
3 tu fai do a scan system
4 tu copi/colle le rapport sur ce forum 1 seul personne suffi,ARRÊTER de vous interposer.

Répondre à chefpunky

Xam Danlref, le 5 aoû 2008 à 08:41:10

Hmm k

Répondre à Xam Danlref

chefpunky, le 5 aoû 2008 à 08:42:29

Ta toujour pas compris? 1 seul personne suffi,ARRÊTER de vous interposer.

Répondre à chefpunky

Xam Danlref, le 5 aoû 2008 à 08:47:14

Si je comprend bien, j'install, je prend le fichier hijackthis.exe et je le nomme HJT.exe?

Répondre à Xam Danlref

chefpunky, le 5 aoû 2008 à 08:47:57

Oui 1 seul personne suffi,ARRÊTER de vous interposer.

Répondre à chefpunky

Xam Danlref, le 5 aoû 2008 à 08:49:12

Kk, Merci bcp :)

Répondre à Xam Danlref

Xam Danlref, le 5 aoû 2008 à 08:50:02

Avant de partir ce topic jai downloader AVG anti spyware, esce que je dois le desinstallé avant de mettre HJT?

Répondre à Xam Danlref

chefpunky, le 5 aoû 2008 à 08:51:23

Non touche a rien sauf HJT 1 seul personne suffi,ARRÊTER de vous interposer.

Répondre à chefpunky

Xam Danlref, le 5 aoû 2008 à 09:10:04

LE telechargement de HJT ne commence pas... je ne peux tjrs pas désinstallé Antivirus XP2008 qui se declence a toute les 2 sec et l'Ordi est extremement lent... je vais essayé de mettre a jour avg

Répondre à Xam Danlref

chefpunky, le 5 aoû 2008 à 09:13:05

Non telecharge MBAM
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware

1.1 installe le
1.2 fai une recherche complete
1.3 a la fin affiche le resultat
1.4 nettoit tout
1.5 post le rapport ici. 1 seul personne suffi,ARRÊTER de vous interposer.

Répondre à chefpunky

Xam Danlref, le 5 aoû 2008 à 10:18:42

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1026
Windows 5.1.2600 Service Pack 3

04:11:37 2008-08-05
mbam-log-8-5-2008 (04-11-37).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 86964
Temps écoulé: 47 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 43

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mLeBSJcd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yrnodswv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jljehd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuVmmNeB.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53aca347-ee58-4f05-a4c1-9f86cd1c0334} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{53aca347-ee58-4f05-a4c1-9f86cd1c0334} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa3af88a-063d-4825-bcee-c6d2b177f726} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aa3af88a-063d-4825-bcee-c6d2b177f726} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{109be732-8f8c-49d4-a3f4-fedcac7f0a25} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{109be732-8f8c-49d4-a3f4-fedcac7f0a25} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc1kej0ecd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc1kej0ecd3 (Rogue.Multiple) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintss32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvmmneb (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmc7e56e00 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc1kej0ecd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{109be732-8f8c-49d4-a3f4-fedcac7f0a25} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc5kej0ecd3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\mlebsjcd -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mlebsjcd -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\rhc1kej0ecd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\mLeBSJcd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dcJSBeLm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dcJSBeLm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jljehd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yrnodswv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuVmmNeB.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\B0HDFE35\17PHolmes[1].cmt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\B0HDFE35\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\B0HDFE35\lrxherblpj[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CRWLFHZI\yflhrol[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CRWLFHZI\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GIH3JA5K\mpvspl[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GIH3JA5K\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\LQKGQZKN\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EEABD26-FC4D-48E4-B86B-B23469D204D3}\RP51\A0018013.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EEABD26-FC4D-48E4-B86B-B23469D204D3}\RP51\A0018019.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EEABD26-FC4D-48E4-B86B-B23469D204D3}\RP51\A0018020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu2000352.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buhsbqok.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yppfeuqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\14dba3e.sys (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\rhc1kej0ecd3.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\rhc1kej0ecd3.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintss32.dll (Dialer) -> Delete on reboot.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Disk (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\svchost.exe:exe.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXroLDs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7e56e00.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7e56e00.txt (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\blphc5kej0ecd3.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc5kej0ecd3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc5kej0ecd3.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Répondre à Xam Danlref

Xam Danlref, le 5 aoû 2008 à 19:35:57

Bon ... jai fais 2 recherche, jai trouvé des logiciel malveillant les 2 fois... et maintenant je ne vois plus mon deskop du tout kan jouvre mon ordinateur, et un processus nommé Isass.exe est apparu dans mon gestionnaire de tache (seul chose que je peux voir) sinon , pas de bar de demarrage pas dicone etc. Ce phénomène c'est produit après avoir redemarré mon ordinateur pr deleter les fichier ''on reboot''. La je suis sur un portable pr vous ecrire ca, un coup de main serais le bienvenu :s.

Répondre à Xam Danlref

Xam Danlref, le 5 aoû 2008 à 20:55:53

De plus, MBAM de marche plus du tout et ce message apparait kan je le démarre ''Run time error 372''.
FAiled to load control ''Vbalgrid''from vbalsgrid.ocx. Your version of Vbalsgrid.ocx might be outdated. Make sure you are using the version of the application that was provided with your application.

S.O.S, je sais vrm plus quoi faire

Répondre à Xam Danlref

suprainova, le 10 aoû 2008 à 16:54:16

Mwa osi c se ki est en train de marive che pa kwa faire
$

Répondre à suprainova

Posez votre question Répondre