Besoin d'aide windows .virus
Fermé
64ca_ra
Messages postés
25
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
22 mai 2009
-
21 mai 2009 à 16:27
Utilisateur anonyme - 22 mai 2009 à 23:11
Utilisateur anonyme - 22 mai 2009 à 23:11
A voir également:
- Besoin d'aide windows .virus
- Clé windows 10 gratuit - Guide
- Windows 10 gratuit - Guide
- Windows 12 - Guide
- Windows ne démarre pas - Guide
- Windows 10 iso - Guide
5 réponses
Utilisateur anonyme
21 mai 2009 à 16:32
21 mai 2009 à 16:32
Bonjour 64ca_ra,
Telecharges HijackThis sur le bureau, tu le lances, clic sur " do a scann system and save log file ", a la fin, le bloc notes doit s'ouvrir, tu fais un copier/coller de ce rapport dans un prochain post ci dessous.
A+
Telecharges HijackThis sur le bureau, tu le lances, clic sur " do a scann system and save log file ", a la fin, le bloc notes doit s'ouvrir, tu fais un copier/coller de ce rapport dans un prochain post ci dessous.
A+
64ca_ra
Messages postés
25
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
22 mai 2009
1
21 mai 2009 à 16:42
21 mai 2009 à 16:42
Salut ,
Quand jfai SCAn sur HJACK : ya une fenetre qui me dit en anglais : "You have an particulary large amount of hajacked domains.It probably better to delecte the file itself then to fix each item and create a backup."
Ensuite voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:44, on 21/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\mes logiciels\PC Tools Antivirus\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\FlashGet\FlashGet.exe
E:\mes logiciels\PC Tools Antivirus\PC Tools AntiVirus\PCTAV.exe
E:\mes logiciels\Installation_LooknStop_206p3\looknstop\looknstop.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>
O1 - Hosts: <tr>
O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*https://fr.yahoo.com/?p=us">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399 colspan=2>
O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
O1 - Hosts: <tr bgcolor=white><td valign=top align=center>
O1 - Hosts: <form action="http://search.yahoo.com/search">
O1 - Hosts: <input size="14" name="p" value="">
O1 - Hosts: <input type="SUBMIT" value="Search">
O1 - Hosts: <font face=arial size=-2>• <a href="http://search.yahoo.com/search/options?p=">advanced search</a> • <a href="http://buzz.yahoo.com">most popular</a></font>
O1 - Hosts: </form></td></tr></table>
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=ccccff><td>
O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td>
O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>
O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95.
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=right>
O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </td>
O1 - Hosts: <td width=1> </td>
O1 - Hosts: <td valign=top align=center width=445>
O1 - Hosts: <script language="JavaScript" type="text/javascript"
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr">
O1 - Hosts: </script>
O1 - Hosts: <noscript>
O1 - Hosts: <iframe
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
O1 - Hosts: </iframe>
O1 - Hosts: </noscript>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
O1 - Hosts: </font></td></tr></table></td></tr></table>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "E:\mes logiciels\PC Tools Antivirus\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Look 'n' Stop] "E:\mes logiciels\Installation_LooknStop_206p3\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Administrateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-3708] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\smss.exe"
O4 - Startup: Empty.pif = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MESLOG~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MESLOG~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - E:\mes logiciels\PC Tools Antivirus\PC Tools AntiVirus\PCTAVSvc.exe
Quand jfai SCAn sur HJACK : ya une fenetre qui me dit en anglais : "You have an particulary large amount of hajacked domains.It probably better to delecte the file itself then to fix each item and create a backup."
Ensuite voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:44, on 21/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\mes logiciels\PC Tools Antivirus\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\FlashGet\FlashGet.exe
E:\mes logiciels\PC Tools Antivirus\PC Tools AntiVirus\PCTAV.exe
E:\mes logiciels\Installation_LooknStop_206p3\looknstop\looknstop.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>
O1 - Hosts: <tr>
O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*https://fr.yahoo.com/?p=us">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399 colspan=2>
O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
O1 - Hosts: <tr bgcolor=white><td valign=top align=center>
O1 - Hosts: <form action="http://search.yahoo.com/search">
O1 - Hosts: <input size="14" name="p" value="">
O1 - Hosts: <input type="SUBMIT" value="Search">
O1 - Hosts: <font face=arial size=-2>• <a href="http://search.yahoo.com/search/options?p=">advanced search</a> • <a href="http://buzz.yahoo.com">most popular</a></font>
O1 - Hosts: </form></td></tr></table>
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=ccccff><td>
O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td>
O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>
O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95.
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=right>
O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </td>
O1 - Hosts: <td width=1> </td>
O1 - Hosts: <td valign=top align=center width=445>
O1 - Hosts: <script language="JavaScript" type="text/javascript"
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr">
O1 - Hosts: </script>
O1 - Hosts: <noscript>
O1 - Hosts: <iframe
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
O1 - Hosts: </iframe>
O1 - Hosts: </noscript>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
O1 - Hosts: </font></td></tr></table></td></tr></table>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "E:\mes logiciels\PC Tools Antivirus\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Look 'n' Stop] "E:\mes logiciels\Installation_LooknStop_206p3\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Administrateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-3708] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\smss.exe"
O4 - Startup: Empty.pif = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MESLOG~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MESLOG~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - E:\mes logiciels\PC Tools Antivirus\PC Tools AntiVirus\PCTAVSvc.exe
Utilisateur anonyme
21 mai 2009 à 18:04
21 mai 2009 à 18:04
RE
*Desinstalles ton soit disant antivirus et installes AntiVir Personal (Version 9) tu fais la mise a jour et un scanne tout de suite, tu mets tout ce qu'il trouve en quarantaine.Redemarres.
*Telecharges Malwarebytes' Anti-Malware , tu le lances, fais la mise a jour, un scanne complet, tu fais supprimer la selection et afficher le rapport.
*Tu repostes le rapport de Antivir et celui de Malwarebytes. Redemarres.
A+
*Desinstalles ton soit disant antivirus et installes AntiVir Personal (Version 9) tu fais la mise a jour et un scanne tout de suite, tu mets tout ce qu'il trouve en quarantaine.Redemarres.
*Telecharges Malwarebytes' Anti-Malware , tu le lances, fais la mise a jour, un scanne complet, tu fais supprimer la selection et afficher le rapport.
*Tu repostes le rapport de Antivir et celui de Malwarebytes. Redemarres.
A+
64ca_ra
Messages postés
25
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
22 mai 2009
1
22 mai 2009 à 22:43
22 mai 2009 à 22:43
RE,
Merci pour ton soutien .
Je suis dans le souci c est urgent . Mon pc redémmare toutes les 5 mn des que jlance une application . J ai effectivement effectué une analyse avec Malwarebytes' Anti-Malware qui a détecté une multitude d'éléments infectés .Je les ai tous supprimé ( en ne trouvant pas le moyen de les mettre en quarantaine ) .
de plus je narrive pas a desinstaller PCToolsantivirus qui me fait bugger dans le panneau de config .
Voici tout de mem le rapport de Malwarebytes :
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2167
Windows 5.1.2600 Service Pack 2
22/05/2009 22:06:28
mbam-log-2009-05-22 (22-06-22).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 85328
Temps écoulé: 21 minute(s), 56 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 83
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe") Good: (Explorer.exe) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\0bcobed.exe (Spyware.OnlineGames) -> No action taken.
C:\boyedt.com (Spyware.OnlineGames) -> No action taken.
C:\em8tqm.cmd (Trojan.OnlineGames) -> No action taken.
C:\eyt.exe (Spyware.OnlineGames) -> No action taken.
C:\hkn6k.bat (Spyware.OnlineGames) -> No action taken.
C:\husyu8n.exe (Spyware.OnlineGames) -> No action taken.
C:\lc.exe (Spyware.OnlineGames) -> No action taken.
C:\npee.com (Spyware.OnlineGames) -> No action taken.
C:\nu.cmd (Spyware.OnlineGames) -> No action taken.
C:\uhoxajc.cmd (Spyware.OnlineGames) -> No action taken.
C:\ukvr.bat (Spyware.OnlineGames) -> No action taken.
C:\vwewav8.com (Spyware.OnlineGames) -> No action taken.
C:\ymxf2.exe (Spyware.OnlineGames) -> No action taken.
C:\ysep1.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP65\A0015809.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP66\A0015818.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP66\A0015829.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP66\A0015834.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP66\A0015836.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP66\A0015837.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP67\A0015846.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP68\A0015858.com (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP68\A0015867.com (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP68\A0015869.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP68\A0015870.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP68\A0015885.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015922.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015899.bat (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015915.bat (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015925.bat (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015927.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015928.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015938.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015942.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP70\A0015948.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP70\A0015954.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP70\A0015957.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP70\A0015961.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP70\A0015962.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP71\A0015972.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP71\A0015978.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP71\A0015982.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP71\A0015985.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP71\A0015986.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP71\A0015992.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP72\A0016049.com (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP72\A0016054.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP72\A0016055.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP73\A0016057.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP73\A0016072.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP73\A0016077.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP73\A0016093.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP73\A0016096.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP74\A0016100.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP74\A0016115.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP74\A0016120.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP74\A0016124.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP74\A0016125.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP75\A0016146.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP76\A0016247.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP76\A0016251.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP76\A0016252.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP77\A0016259.bat (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP77\A0016271.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP77\A0016274.bat (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP77\A0016290.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP77\A0016294.bat (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP77\A0016298.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP77\A0016299.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP78\A0016321.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP78\A0018354.com (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP78\A0018355.cmd (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> No action taken.
C:\icxpa.cmd (Trojan.Agent) -> No action taken.
C:\minm.cmd (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnLineGames) -> No action taken.
C:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnLineGames) -> No action taken.
C:\WINDOWS\system32\haozs0.dll (Spyware.OnlineGames) -> No action taken.
C:\ej10fkdo.bat (Spyware.OnlineGames) -> No action taken.
C:\g1ljsm.com (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\services.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
Merci pour ton soutien .
Je suis dans le souci c est urgent . Mon pc redémmare toutes les 5 mn des que jlance une application . J ai effectivement effectué une analyse avec Malwarebytes' Anti-Malware qui a détecté une multitude d'éléments infectés .Je les ai tous supprimé ( en ne trouvant pas le moyen de les mettre en quarantaine ) .
de plus je narrive pas a desinstaller PCToolsantivirus qui me fait bugger dans le panneau de config .
Voici tout de mem le rapport de Malwarebytes :
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2167
Windows 5.1.2600 Service Pack 2
22/05/2009 22:06:28
mbam-log-2009-05-22 (22-06-22).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 85328
Temps écoulé: 21 minute(s), 56 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 83
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe") Good: (Explorer.exe) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\0bcobed.exe (Spyware.OnlineGames) -> No action taken.
C:\boyedt.com (Spyware.OnlineGames) -> No action taken.
C:\em8tqm.cmd (Trojan.OnlineGames) -> No action taken.
C:\eyt.exe (Spyware.OnlineGames) -> No action taken.
C:\hkn6k.bat (Spyware.OnlineGames) -> No action taken.
C:\husyu8n.exe (Spyware.OnlineGames) -> No action taken.
C:\lc.exe (Spyware.OnlineGames) -> No action taken.
C:\npee.com (Spyware.OnlineGames) -> No action taken.
C:\nu.cmd (Spyware.OnlineGames) -> No action taken.
C:\uhoxajc.cmd (Spyware.OnlineGames) -> No action taken.
C:\ukvr.bat (Spyware.OnlineGames) -> No action taken.
C:\vwewav8.com (Spyware.OnlineGames) -> No action taken.
C:\ymxf2.exe (Spyware.OnlineGames) -> No action taken.
C:\ysep1.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP65\A0015809.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP66\A0015818.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP66\A0015829.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP66\A0015834.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP66\A0015836.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP66\A0015837.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP67\A0015846.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP68\A0015858.com (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP68\A0015867.com (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP68\A0015869.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP68\A0015870.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP68\A0015885.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015922.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015899.bat (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015915.bat (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015925.bat (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015927.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015928.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015938.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP69\A0015942.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP70\A0015948.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP70\A0015954.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP70\A0015957.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP70\A0015961.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP70\A0015962.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP71\A0015972.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP71\A0015978.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP71\A0015982.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP71\A0015985.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP71\A0015986.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP71\A0015992.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP72\A0016049.com (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP72\A0016054.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP72\A0016055.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP73\A0016057.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP73\A0016072.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP73\A0016077.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP73\A0016093.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP73\A0016096.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP74\A0016100.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP74\A0016115.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP74\A0016120.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP74\A0016124.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP74\A0016125.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP75\A0016146.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP76\A0016247.cmd (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP76\A0016251.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP76\A0016252.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP77\A0016259.bat (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP77\A0016271.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP77\A0016274.bat (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP77\A0016290.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP77\A0016294.bat (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP77\A0016298.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP77\A0016299.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP78\A0016321.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP78\A0018354.com (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{D08DCCC6-F97C-45A6-B1FE-FBB9C2139586}\RP78\A0018355.cmd (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> No action taken.
C:\icxpa.cmd (Trojan.Agent) -> No action taken.
C:\minm.cmd (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnLineGames) -> No action taken.
C:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnLineGames) -> No action taken.
C:\WINDOWS\system32\haozs0.dll (Spyware.OnlineGames) -> No action taken.
C:\ej10fkdo.bat (Spyware.OnlineGames) -> No action taken.
C:\g1ljsm.com (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\services.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
22 mai 2009 à 23:11
22 mai 2009 à 23:11
Re
Supprimes ce rapport dans malwarebytes, vas dans demarrer, clic droit sur poste de travail, restauration du systeme, coches la case desactive..., redemarres et retournes la decoches.
Pour desinstaller PCToolsantivirus il faut certainement arreter la protection residente auparavant, sinon desinstaller en mode sans echecs: Tapotes sur F8 (ou F5) au demarrage, en meme temps que le logo de ton PC, dans la fenetre noire, selectionnes mode sans echecs avec les fleches du clavier, appuyes deux fois sur entree, prends le compte administrateur, ensuite c'est pareil sauf que tout est plus gros, c'est normal, soit tu vas dans ajout et suppression de programmes, soit tu vas dans le dossier de PCToolsantivirus qui doit etre dans programmes files et tu trouves un Uninstall.exe pour desinstaller et ensuite mettre l'autre.
Pour Malwarebytes, tu n'as rien supprimer du tout : "no action taken" donc tu recommences un scanne complet, a la fin, tu clic sur afficher les resultats, regardes que tout soit coche et tu clic sur supprimer la selection, tu redemarres, retournes dans malwarebytes pour recuperer le nouveau rapport et le reposter, ainsi que celui de Antivir que tu auras du pouvoir installer.
A+
Supprimes ce rapport dans malwarebytes, vas dans demarrer, clic droit sur poste de travail, restauration du systeme, coches la case desactive..., redemarres et retournes la decoches.
Pour desinstaller PCToolsantivirus il faut certainement arreter la protection residente auparavant, sinon desinstaller en mode sans echecs: Tapotes sur F8 (ou F5) au demarrage, en meme temps que le logo de ton PC, dans la fenetre noire, selectionnes mode sans echecs avec les fleches du clavier, appuyes deux fois sur entree, prends le compte administrateur, ensuite c'est pareil sauf que tout est plus gros, c'est normal, soit tu vas dans ajout et suppression de programmes, soit tu vas dans le dossier de PCToolsantivirus qui doit etre dans programmes files et tu trouves un Uninstall.exe pour desinstaller et ensuite mettre l'autre.
Pour Malwarebytes, tu n'as rien supprimer du tout : "no action taken" donc tu recommences un scanne complet, a la fin, tu clic sur afficher les resultats, regardes que tout soit coche et tu clic sur supprimer la selection, tu redemarres, retournes dans malwarebytes pour recuperer le nouveau rapport et le reposter, ainsi que celui de Antivir que tu auras du pouvoir installer.
A+
