Se connecter / S'enregistrer
Votre question

Windows security alert virus

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Décembre 2009 03:24:42

Bonjour à tous,

Depuis une semaine, mon ordinateur est infecté par le virus (ou quelque chose du genre) Windows Security Alerts. Je ne sais absolument pas quoi faire. Il y a une croix blanche dans un cercle blanc dans la barre des tâches et des pop-up qui me disent que mon ordinateur est infecté apparaisent auxx 30 secondes. Je sais que je ne suis pas le premier à poser une question à ce sujet, mais ce que j'ai lu ne m'a pas aidé. J'ai téléchargé High Jack This et voici le rapport:
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:31, on 2009-12-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\DOCUME~1\Pierre\LOCALS~1\Temp\richtx64.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\DOCUME~1\Pierre\LOCALS~1\Temp\wscsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimreal.exe
C:\Documents and Settings\Pierre\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: 120237 helper - {176D799E-6C8C-4D1A-8024-044D96A035E2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8691F860-96E4-4FB3-8D35-531C0D1B0AC1} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000030.dll
O3 - Toolbar: Ask && Record Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 SE\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [mwtxiyuv] C:\Documents and Settings\Pierre\Local Settings\Application Data\faawig\rttksysguard.exe
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [mwtxiyuv] C:\Documents and Settings\Pierre\Local Settings\Application Data\faawig\rttksysguard.exe
O4 - HKCU\..\Run: [sysinfo] C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\Pierre\LOCALS~1\Temp\1158121555Wsy.dll,Sets
O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\Pierre\LOCALS~1\Temp\richtx64.exe
O4 - HKCU\..\Run: [AntiMalware] "C:\Program Files\AntiMalware\antimalware.exe" -noscan
O4 - HKCU\..\Run: [Live Downloader] "C:\Program Files\Live Downloader\live_downloader.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Age2 Config.lnk = C:\Program Files\Age Of Empires 2 & The Conquerors Expansion - Full Game\Data\closedpw.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://qp.admnt.usherbrooke.ca/qp2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll
O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll
O20 - Winlogon Notify: geBtQhgg - geBtQhgg.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13560 bytes

Merci d'avance pour votre aide !

Autres pages sur : windows security alert virus

a c 267 8 Sécurité
7 Décembre 2009 03:26:06

Bonjour,

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    8 Décembre 2009 01:02:28

    Tout semble revenu à la normale ! Un énorme merci ! Je joins quand même mon rapport MBAM juste au cas:

    Malwarebytes' Anti-Malware 1.42
    Version de la base de données: 3312
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    2009-12-07 17:55:09
    mbam-log-2009-12-07 (17-55-09).txt

    Type de recherche: Examen rapide
    Eléments examinés: 140671
    Temps écoulé: 11 minute(s), 50 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 9
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 44

    Processus mémoire infecté(s):
    C:\Program Files\AntiMalware\antimalware.exe (Rogue.ActiveSecurity) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\Program Files\AntiMalware\amext.dll (Trojan.FakeAlert) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{176d799e-6c8c-4d1a-8024-044d96a035e2} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{176d799e-6c8c-4d1a-8024-044d96a035e2} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antimalware (Rogue.AntiMalware) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antimalware (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mwtxiyuv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mwtxiyuv (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Documents and Settings\All Users\Application Data\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\120237 (Trojan.BHO) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\AntiMalware\amext.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\Program Files\AntiMalware\antimalware.exe (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Application Data\faawig\rttksysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-839522115-1580436667-725345543-1004\Dc76.doc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac1745.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac21a5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac233b.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac257e.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac2ee5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac3136.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac3156.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac33b.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac3406.tmp (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac517f.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac612b.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac63da.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac65af.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac6a6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac6fc3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac71c7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac737c.tmp (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac780c.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac7a6d.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac7f11.tmp (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac822e.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac87bc.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac8d69.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uac945.tmp (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uacb0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uacbfdd.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uacc0f7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uacc22f.tmp (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uacf05f.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uacf198.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uacf33d.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uacf343.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uacf555.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uacf8e0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uacf9cb.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Local Settings\Temp\uacfd83.tmp (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pierre\Mes documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\AntiMalware\help.ico (Rogue.AntiMalware) -> Quarantined and deleted successfully.
    C:\Program Files\AntiMalware\malw.db (Rogue.AntiMalware) -> Quarantined and deleted successfully.
    C:\Program Files\AntiMalware\Uninstall.exe (Rogue.AntiMalware) -> Quarantined and deleted successfully.
    Contenus similaires
    a c 267 8 Sécurité
    8 Décembre 2009 16:46:32

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    10 Décembre 2009 11:27:57

    Bonjour à tous,
    tout d'abord, merci qaux "Helper" et à ce site qui m'a permis de résoudre plusieurs petits problèmes!!

    J'ai été infecté par ce même virus sur mon PC du boulot qui est pourtant bien protégé par Symantec. Bref.
    J'ai essayé de suivre la procédure de Destrio5 mais une fois MBAM installé, impossible de lancer le programme! Pourquoi et comment faire?

    Merci.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS