Sujet Précédent Sujet Suivant

mon ordi portable bug pas mal

Résolu/Fermé
pepejeux Messages postés 52 Date d'inscription lundi 23 février 2009 Statut Membre Dernière intervention 9 mars 2023 - 21 juin 2009 à 15:46
 Utilisateur anonyme - 21 juin 2009 à 18:39
bonjour,

je maitrise un peu l'outil informatique mais pas suffisament pour bien comprendre un rapport hijack. donc je me tourne vers vous car mon ordi portable bug pas mal et je soupçonne un virus ou autre.

voici ce rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:43, on 21/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\tgbstarter.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\system.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system\mrsvss.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system\mrsvss.exe
C:\Program Files\TheGreenBow\TheGreenBow VPN\VpnConf.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\TheGreenBow\TheGreenBow VPN\tgbike.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\winsvc32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\smngr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\xSpool\xSpool.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\aperino.POSTE26\Bureau\HiJackThis.exe
C:\WINDOWS\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\system.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [TgbVpn] C:\Program Files\TheGreenBow\TheGreenBow VPN\VpnConf.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [winsvc321] winsvc32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Data Serivce] smngr.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozillacorp] C:\WINDOWS\system32\system.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Raccourci vers xSpool.lnk = C:\Program Files\xSpool\xSpool.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - file://\\srvcolibri\colibri\web_image\setup.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ADMR.local
O17 - HKLM\Software\..\Telephony: DomainName = ADMR.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ADMR.local
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Unknown owner - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe (file missing)
O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Unknown owner - C:\Program Files\CA\eTrust Antivirus\InoRT.exe (file missing)
O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Unknown owner - C:\Program Files\CA\eTrust Antivirus\InoTask.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MRSVSS Service - Unknown owner - C:\WINDOWS\system\mrsvss.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TgbIke Starter (TgbIKE Starter) - Sistech - C:\WINDOWS\system32\tgbstarter.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
A voir également:

3 réponses

Réponse 1 / 3
Utilisateur anonyme
21 juin 2009 à 16:00
• Bonjour

• Télécharge et installe Malwarebytes' Anti-Malware
• (NB : S'il te manque"COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes
• Poste le rapport de scan après la suppression ici
• Si tu as besoin d’aide regarde ce tutorial
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
............................................................................................................................................................
0
Réponse 2 / 3
pepejeux Messages postés 52 Date d'inscription lundi 23 février 2009 Statut Membre Dernière intervention 9 mars 2023 5
21 juin 2009 à 18:27
voila le rapport de scan:

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2318
Windows 5.1.2600 Service Pack 2

21/06/2009 18:14:40
mbam-log-2009-06-21 (18-14-40).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 273516
Temps écoulé: 1 hour(s), 49 minute(s), 51 second(s)

Processus mémoire infecté(s): 6
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 36

Processus mémoire infecté(s):
C:\WINDOWS\system\mrsvss.exe (Backdoor.SdBot) -> Unloaded process successfully.
C:\WINDOWS\system\mrsvss.exe (Backdoor.SdBot) -> Unloaded process successfully.
C:\WINDOWS\smngr.exe (Backdoor.SdBot) -> Unloaded process successfully.
C:\l.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\winsvc32.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\system.exe (Spyware.OnlineGames) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrsvss service (Backdoor.SdBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mrsvss service (Backdoor.SdBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrsvss service (Backdoor.SdBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Data Serivce (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mozillacorp (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.OnlineGames) -> Data: c:\windows\system32\system.exe -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system\mrsvss.exe (Backdoor.SdBot) -> Delete on reboot.
C:\WINDOWS\smngr.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\loc.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\documents and settings\ap\local settings\temporary internet files\Content.IE5\OB5CEN8A\install.48208[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\ap\local settings\temporary internet files\Content.IE5\WUVAD5HB\loc[1].exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\documents and settings\poste26\222540.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\documents and settings\poste26\250060.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\documents and settings\poste26\local settings\temporary internet files\Content.IE5\LD9HO5XW\loc[1].exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\YHIAKLVE\l[1].exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\documents and settings\xc\208478.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\documents and settings\xc\741760.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\documents and settings\xc\local settings\temporary internet files\Content.IE5\K5M3KX2J\loc[1].exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\documents and settings\xc\local settings\temporary internet files\Content.IE5\S5A30TQ3\nes[1].exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{53aa0f30-77c8-43ed-a1a7-49e68d32e3db}\RP453\A0098605.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{53aa0f30-77c8-43ed-a1a7-49e68d32e3db}\RP453\A0099809.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{53aa0f30-77c8-43ed-a1a7-49e68d32e3db}\RP453\A0099813.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{53aa0f30-77c8-43ed-a1a7-49e68d32e3db}\RP453\A0099814.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{53aa0f30-77c8-43ed-a1a7-49e68d32e3db}\RP453\A0099815.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{53aa0f30-77c8-43ed-a1a7-49e68d32e3db}\RP453\A0099817.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{53aa0f30-77c8-43ed-a1a7-49e68d32e3db}\RP453\A0099818.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{53aa0f30-77c8-43ed-a1a7-49e68d32e3db}\RP453\A0099816.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{53aa0f30-77c8-43ed-a1a7-49e68d32e3db}\RP455\A0107234.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{53aa0f30-77c8-43ed-a1a7-49e68d32e3db}\RP455\A0107306.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{53aa0f30-77c8-43ed-a1a7-49e68d32e3db}\RP455\A0107307.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{53aa0f30-77c8-43ed-a1a7-49e68d32e3db}\RP455\A0107308.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{53aa0f30-77c8-43ed-a1a7-49e68d32e3db}\RP455\A0111379.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{53aa0f30-77c8-43ed-a1a7-49e68d32e3db}\RP456\A0114383.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\no6.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\WINDOWS\CSC\d4\8000B2AB (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\Ms06.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\no6.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\sysdrv32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\l.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\winsvc32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\system.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winamp.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
0
Réponse 3 / 3
Utilisateur anonyme
21 juin 2009 à 18:39
C:\WINDOWS\system\mrsvss.exe (Backdoor.SdBot) -> Delete on reboot
Tu éteint ton pc et tu le redémarres.(important)
-------------------------------------------------------------------------------------------------------
• Télécharge : http://images.malwareremoval.com/random/RSIT.exe

/!\ Important (Sous Vista) /!\

Vous devez exécuter RSIT avec les droits d'administrateur, pour cela Clique droit sur RSIT et "Lancer en tant qu'administrateur"
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur 'Continue' à l'écran Disclaimer.
• Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
• Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
( C:\RSIT\log.txt et C:\RSIT\info.txt )
• CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
• tuto: : https://www.androidworld.fr/
0

Discussions similaires

Annuaire portable gratuit à partir d'un nom
dani26 -
Authority -

9 réponses
Comment trouver un numéro à partir du nom et prénom
papillon -
guyguy -

10 réponses
Problème Facebook rencontre
Margalle -
Jpf -

17 réponses
Problème musiques étranges sur story instagram
somnorun -
SN -

21 réponses
Iptv beug
leogauthier15 -
bazfile -

1 réponse