Pub intempestives, log hijackthis
warhol
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Sur l'ordi d'un ami il y a constamment des pop-ups genre casino et des sites connus genre laredoute.fr, l'antivirus et avg ne trouve rien, j'ai donc opté pour un log hijackthis que voici :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:06, on 04/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\test\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.tesco.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: (no name) - {0c70407c-f285-4788-8edf-803d7371f5fc} - C:\WINDOWS\system32\hutijezu.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [RevHDD] C:\WINDOWS\SYSTEM\RevHDD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [lujifapera] Rundll32.exe "C:\WINDOWS\system32\gavulowe.dll",s
O4 - HKLM\..\Run: [CPM2fec99bd] Rundll32.exe "c:\windows\system32\joloyasa.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BBCTicker.lnk = C:\Program Files\BBC Ticker\BBCTicker.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=https://www.tesco.com/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\kagohaku.dll c:\windows\system32\joloyasa.dll
O20 - Winlogon Notify: mt49hub - C:\WINDOWS\SYSTEM32\mt49hub.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\joloyasa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\joloyasa.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
Sur l'ordi d'un ami il y a constamment des pop-ups genre casino et des sites connus genre laredoute.fr, l'antivirus et avg ne trouve rien, j'ai donc opté pour un log hijackthis que voici :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:06, on 04/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\test\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.tesco.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: (no name) - {0c70407c-f285-4788-8edf-803d7371f5fc} - C:\WINDOWS\system32\hutijezu.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [RevHDD] C:\WINDOWS\SYSTEM\RevHDD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [lujifapera] Rundll32.exe "C:\WINDOWS\system32\gavulowe.dll",s
O4 - HKLM\..\Run: [CPM2fec99bd] Rundll32.exe "c:\windows\system32\joloyasa.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BBCTicker.lnk = C:\Program Files\BBC Ticker\BBCTicker.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=https://www.tesco.com/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\kagohaku.dll c:\windows\system32\joloyasa.dll
O20 - Winlogon Notify: mt49hub - C:\WINDOWS\SYSTEM32\mt49hub.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\joloyasa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\joloyasa.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
A voir également:
- Pub intempestives, log hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Supprimer pub youtube - Accueil - Streaming
- Stop pub gratuit - Télécharger - Divers Utilitaires
- Supprimer la pub - Guide
- Trouver nom acteur pub ✓ - Forum Cinéma / Télé
6 réponses
Bonsoir,
pour AVG antispyware7.5 c'est fini depuis le 31 décembre,tu peut supprimer
Tu télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :
http://www.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware
tu clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
tu suis les indications et tu n'apporte aucune modication aux réglages par défaut et en fin d'installation,vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
tu fais "Exécuter un examen complet"
Si des malwares ont été détectés, leur liste s'affiche.
tu clique sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
tu me poste le rapport
pour AVG antispyware7.5 c'est fini depuis le 31 décembre,tu peut supprimer
Tu télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :
http://www.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware
tu clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
tu suis les indications et tu n'apporte aucune modication aux réglages par défaut et en fin d'installation,vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
tu fais "Exécuter un examen complet"
Si des malwares ont été détectés, leur liste s'affiche.
tu clique sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
tu me poste le rapport
Ok, je suis en train de le faire mais le scan prend beaucoup de temps, je post sa dés que c'est finis, merci beaucoup !
Voici le rapport, il fait peur à voir lol
Malwarebytes' Anti-Malware 1.31
Database version: 1612
Windows 5.1.2600 Service Pack 3
05/01/2009 17:47:11
mbam-log-2009-01-05 (17-46-49).txt
Scan type: Full Scan (C:\|I:\|)
Objects scanned: 170000
Time elapsed: 4 hour(s), 3 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 13
Registry Values Infected: 6
Registry Data Items Infected: 8
Folders Infected: 1
Files Infected: 51
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\mijunope.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kagohaku.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hutijezu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gavulowe.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\bugagoku.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mt49hub.dll (Trojan.Agent) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c70407c-f285-4788-8edf-803d7371f5fc} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0c70407c-f285-4788-8edf-803d7371f5fc} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c70407c-f285-4788-8edf-803d7371f5fc} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msvtch (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mt49hub (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msvtch (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msvtch (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2cdfaa21 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lujifapera (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2fec99bd (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kagohaku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\kagohaku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kagohaku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\bugagoku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\bugagoku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> No action taken.
Folders Infected:
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken.
Files Infected:
C:\WINDOWS\system32\bujiluro.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\orulijub.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hulahake.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ekahaluh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kipelebi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ibelepik.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mijunope.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\eponujim.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\muyakada.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\adakayum.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tigahifa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\afihagit.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wolayuga.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aguyalow.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gavulowe.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\bugagoku.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hutijezu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kagohaku.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\FerreiraL99.home\Local Settings\Temporary Internet Files\Content.IE5\6PC32VKR\style[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\FerreiraL99.home\Local Settings\Temporary Internet Files\Content.IE5\KTQBKHAV\style[1] (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\test\backups\backup-20090104-162537-923.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP557\A0126697.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP557\A0126698.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP557\A0126699.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126884.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126885.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126886.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126888.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fasuwelo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fituzafi.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jedepona.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lipewedi.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mobahibe.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pinoteye.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\joloyasa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zipasuno.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zoyageze.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yubuguyi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yuvamifi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wukoraga.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nifarake.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nomadani.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gawojuso.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\k86.bin (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\mt49hub.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\adrnln.bin (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msvtch.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> No action taken.
J'en ai profité pour le faire sur mon ordinateur, car l'ordinateur en question est celui d'un ami, et le mien n'avait aucun problème, donc là sa m'inquiète pour l'autre ordi ...
Merci en tout cas
Malwarebytes' Anti-Malware 1.31
Database version: 1612
Windows 5.1.2600 Service Pack 3
05/01/2009 17:47:11
mbam-log-2009-01-05 (17-46-49).txt
Scan type: Full Scan (C:\|I:\|)
Objects scanned: 170000
Time elapsed: 4 hour(s), 3 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 13
Registry Values Infected: 6
Registry Data Items Infected: 8
Folders Infected: 1
Files Infected: 51
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\mijunope.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kagohaku.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hutijezu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gavulowe.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\bugagoku.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mt49hub.dll (Trojan.Agent) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c70407c-f285-4788-8edf-803d7371f5fc} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0c70407c-f285-4788-8edf-803d7371f5fc} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c70407c-f285-4788-8edf-803d7371f5fc} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msvtch (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mt49hub (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msvtch (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msvtch (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2cdfaa21 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lujifapera (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2fec99bd (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kagohaku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\kagohaku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kagohaku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\bugagoku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\bugagoku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> No action taken.
Folders Infected:
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken.
Files Infected:
C:\WINDOWS\system32\bujiluro.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\orulijub.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hulahake.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ekahaluh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kipelebi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ibelepik.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mijunope.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\eponujim.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\muyakada.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\adakayum.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tigahifa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\afihagit.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wolayuga.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aguyalow.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gavulowe.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\bugagoku.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hutijezu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kagohaku.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\FerreiraL99.home\Local Settings\Temporary Internet Files\Content.IE5\6PC32VKR\style[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\FerreiraL99.home\Local Settings\Temporary Internet Files\Content.IE5\KTQBKHAV\style[1] (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\test\backups\backup-20090104-162537-923.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP557\A0126697.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP557\A0126698.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP557\A0126699.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126884.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126885.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126886.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126888.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fasuwelo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fituzafi.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jedepona.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lipewedi.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mobahibe.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pinoteye.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\joloyasa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zipasuno.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zoyageze.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yubuguyi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yuvamifi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wukoraga.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nifarake.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nomadani.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gawojuso.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\k86.bin (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\mt49hub.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\adrnln.bin (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msvtch.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> No action taken.
J'en ai profité pour le faire sur mon ordinateur, car l'ordinateur en question est celui d'un ami, et le mien n'avait aucun problème, donc là sa m'inquiète pour l'autre ordi ...
Merci en tout cas
Voici le rapport, il fait peur à voir lol
Malwarebytes' Anti-Malware 1.31
Database version: 1612
Windows 5.1.2600 Service Pack 3
05/01/2009 17:47:11
mbam-log-2009-01-05 (17-46-49).txt
Scan type: Full Scan (C:\|I:\|)
Objects scanned: 170000
Time elapsed: 4 hour(s), 3 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 13
Registry Values Infected: 6
Registry Data Items Infected: 8
Folders Infected: 1
Files Infected: 51
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\mijunope.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kagohaku.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hutijezu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gavulowe.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\bugagoku.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mt49hub.dll (Trojan.Agent) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c70407c-f285-4788-8edf-803d7371f5fc} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0c70407c-f285-4788-8edf-803d7371f5fc} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c70407c-f285-4788-8edf-803d7371f5fc} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msvtch (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mt49hub (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msvtch (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msvtch (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2cdfaa21 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lujifapera (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2fec99bd (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kagohaku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\kagohaku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kagohaku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\bugagoku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\bugagoku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> No action taken.
Folders Infected:
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken.
Files Infected:
C:\WINDOWS\system32\bujiluro.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\orulijub.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hulahake.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ekahaluh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kipelebi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ibelepik.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mijunope.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\eponujim.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\muyakada.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\adakayum.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tigahifa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\afihagit.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wolayuga.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aguyalow.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gavulowe.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\bugagoku.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hutijezu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kagohaku.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\FerreiraL99.home\Local Settings\Temporary Internet Files\Content.IE5\6PC32VKR\style[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\FerreiraL99.home\Local Settings\Temporary Internet Files\Content.IE5\KTQBKHAV\style[1] (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\test\backups\backup-20090104-162537-923.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP557\A0126697.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP557\A0126698.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP557\A0126699.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126884.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126885.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126886.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126888.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fasuwelo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fituzafi.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jedepona.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lipewedi.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mobahibe.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pinoteye.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\joloyasa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zipasuno.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zoyageze.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yubuguyi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yuvamifi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wukoraga.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nifarake.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nomadani.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gawojuso.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\k86.bin (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\mt49hub.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\adrnln.bin (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msvtch.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> No action taken.
J'en ai profité pour le faire sur mon ordinateur, car l'ordinateur en question est celui d'un ami, et le mien n'avait aucun problème, donc là sa m'inquiète pour l'autre ordi ...
Merci en tout cas
Malwarebytes' Anti-Malware 1.31
Database version: 1612
Windows 5.1.2600 Service Pack 3
05/01/2009 17:47:11
mbam-log-2009-01-05 (17-46-49).txt
Scan type: Full Scan (C:\|I:\|)
Objects scanned: 170000
Time elapsed: 4 hour(s), 3 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 13
Registry Values Infected: 6
Registry Data Items Infected: 8
Folders Infected: 1
Files Infected: 51
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\mijunope.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kagohaku.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hutijezu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gavulowe.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\bugagoku.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mt49hub.dll (Trojan.Agent) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c70407c-f285-4788-8edf-803d7371f5fc} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0c70407c-f285-4788-8edf-803d7371f5fc} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c70407c-f285-4788-8edf-803d7371f5fc} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msvtch (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mt49hub (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msvtch (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msvtch (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2cdfaa21 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lujifapera (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2fec99bd (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kagohaku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\kagohaku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kagohaku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\bugagoku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\bugagoku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> No action taken.
Folders Infected:
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken.
Files Infected:
C:\WINDOWS\system32\bujiluro.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\orulijub.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hulahake.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ekahaluh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kipelebi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ibelepik.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mijunope.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\eponujim.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\muyakada.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\adakayum.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tigahifa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\afihagit.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wolayuga.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aguyalow.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gavulowe.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\bugagoku.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hutijezu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kagohaku.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\FerreiraL99.home\Local Settings\Temporary Internet Files\Content.IE5\6PC32VKR\style[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\FerreiraL99.home\Local Settings\Temporary Internet Files\Content.IE5\KTQBKHAV\style[1] (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\test\backups\backup-20090104-162537-923.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP557\A0126697.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP557\A0126698.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP557\A0126699.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126884.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126885.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126886.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7263451-9993-4B6B-B9AA-A22504DEF620}\RP559\A0126888.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fasuwelo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fituzafi.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jedepona.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lipewedi.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mobahibe.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pinoteye.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\joloyasa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zipasuno.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zoyageze.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yubuguyi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yuvamifi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wukoraga.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nifarake.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nomadani.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gawojuso.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\k86.bin (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\mt49hub.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\adrnln.bin (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msvtch.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> No action taken.
J'en ai profité pour le faire sur mon ordinateur, car l'ordinateur en question est celui d'un ami, et le mien n'avait aucun problème, donc là sa m'inquiète pour l'autre ordi ...
Merci en tout cas
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir, as tu supprimer la quarantaine à la fin du scan avec Malwarebytes ? ----> "No Action Taken" voudrait dire que non ! si ce n'est pas le cas, refais un scan Rapide du pc , à la fin tu cliques sur " Afficher les resultats "et ensuite sur supprimer la selection Ensuite fais un clic droit sur ce lien : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (enregistrer la cible sous...) et prends soins de renommer Combofix en l'enregistant sur ton bureau ... Deconnectes te toi du net, Desactives ton antivirus et la garde de ton antispyware, Ne reactives que l'antivirus à la fin du scan. Double clique sur l'icone combofix, Un pop-up apparait --> clique sur "oui ", ( vu la puissance de ce Fix, il est conseillé d'installer la console de recuperations )
---> Choisis la langue et tapes sur la touche 1 pour demarrer le scan,/!\ Ne touche ni à la souris, ni à ton clavier/!\ ! pendant la durée du scan, tu risquerais de figer le pc.
* En fin de scan, il se peut que ComboFix ait besoin de redemarrer l'ordi pour finaliser la desinfection, laisses le faire... Une fois le scan terminé, un rapport s'affiche, postes son contenu. le rapport se trouve egalement à C:\Combofix.txt
---> Choisis la langue et tapes sur la touche 1 pour demarrer le scan,/!\ Ne touche ni à la souris, ni à ton clavier/!\ ! pendant la durée du scan, tu risquerais de figer le pc.
* En fin de scan, il se peut que ComboFix ait besoin de redemarrer l'ordi pour finaliser la desinfection, laisses le faire... Une fois le scan terminé, un rapport s'affiche, postes son contenu. le rapport se trouve egalement à C:\Combofix.txt
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.130 [GMT 0:00]
Running from: c:\documents and settings\FerreiraL99.home\Desktop\huberts.exe
AV: CA Anti-Virus *On-access scanning enabled* (Outdated)
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
C:\test.txt
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\ehazakul.ini
c:\windows\system32\famepami.dll
c:\windows\system32\igotakik.ini
c:\windows\system32\jahanane.dll
c:\windows\system32\jikumoja.dll
c:\windows\system32\kikatogi.dll
c:\windows\system32\nizukipu.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.
2009-01-04 20:17 . 2009-01-04 20:17 <DIR> d-------- c:\documents and settings\FerreiraL99.home\Application Data\Malwarebytes
2009-01-04 20:16 . 2009-01-04 20:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-04 20:16 . 2009-01-04 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-04 20:16 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 20:16 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-04 15:20 . 2009-01-04 15:20 <DIR> d-------- c:\program files\Bonjour
2008-12-20 00:12 . 2008-12-20 00:12 1,586,105 ---hs---- c:\windows\system32\ehazakul.tmp
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
2008-12-07 13:24 . 2008-12-07 13:24 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-07 13:23 . 2008-12-07 13:23 <DIR> d-------- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 22:47 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-01-05 22:46 --------- d-----w c:\documents and settings\FerreiraL99.home\Application Data\Skype
2009-01-05 22:25 --------- d-----w c:\program files\BBC Ticker
2009-01-05 21:56 --------- d-----w c:\documents and settings\FerreiraL99.home\Application Data\skypePM
2009-01-05 15:34 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-18 23:54 --------- d-----w c:\program files\DivX
2008-11-05 09:13 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2008-04-06 11:49 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-12-16 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-12-16 561152]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2002-11-29 73728]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-01-05 40960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 15:49 110592 c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\jahanane.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-484763869-1606980848-682003330-1135\Scripts\Logoff\[u]0[/u]\[u]0[/u]]
"Script"=%logonserver%\netlogon\scripts\logoffAudit.vbe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-484763869-1606980848-682003330-1135\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=%LOGONSERVER%\NETLOGON\Scripts\logonAudit.vbe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-484763869-1606980848-682003330-1135\Scripts\Logon\[u]0[/u]\1]
"Script"=%LOGONSERVER%\NETLOGON\Scripts\mapr.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-484763869-1606980848-682003330-1135\Scripts\Logon\[u]0[/u]\2]
"Script"=%LOGONSERVER%\NETLOGON\Scripts\mape.bat
[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Generic ChkMail.lnk]
path=c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\Generic ChkMail.lnk
backup=c:\windows\pss\Generic ChkMail.lnkCommon Startup
[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2007-11-27 11:58 1032376 c:\program files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
--a------ 2007-05-03 07:57 230928 c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
--a------ 2007-08-28 07:37 177416 c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 09:29 40960 c:\windows\system32\ezSP_Px.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcontrol]
-ra------ 2003-03-06 12:00 57344 c:\windows\Hcontrol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-02-16 20:06 118784 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-02-16 20:07 155648 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2007-11-27 11:58 1032376 c:\program files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2003-12-10 01:36 86016 c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
--a------ 2004-01-05 17:34 40960 c:\windows\vsnpstd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
--a------ 2008-04-14 00:12 143360 c:\windows\system32\mobsync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
--a------ 2008-04-12 20:53 3042816 c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-03-31 09:21 87751 c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Kontiki\\KHost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ade89f10-ccd4-11db-b06f-00112f1654bd}]
\Shell\AutoRun\command - F:\Installer.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-05 c:\windows\Tasks\Backup.job
- c:\windows\system32\ntbackup.exe [2008-04-14 00:12]
2009-01-04 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-14 00:12]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-RevHDD - c:\windows\SYSTEM\RevHDD.exe
SafeBoot-msvtch.sys
MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: memberservices.tesco.net
Trusted Zone: register.tesco.net
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\FerreiraL99.home\Application Data\Mozilla\Firefox\Profiles\wg7x1268.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 22:43:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1120)
c:\windows\System32\LgNotify.dll
- - - - - - - > 'lsass.exe'(1308)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\ZCfgSvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\1XConfig.exe
c:\program files\BBC Ticker\BBCTicker.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2009-01-05 22:53:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-05 22:52:58
Pre-Run: 8,748,244,992 bytes free
Post-Run: 10,313,515,008 bytes free
248 --- E O F --- 2008-12-12 21:07:21
Voilàààà merci à toi
Running from: c:\documents and settings\FerreiraL99.home\Desktop\huberts.exe
AV: CA Anti-Virus *On-access scanning enabled* (Outdated)
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
C:\test.txt
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\ehazakul.ini
c:\windows\system32\famepami.dll
c:\windows\system32\igotakik.ini
c:\windows\system32\jahanane.dll
c:\windows\system32\jikumoja.dll
c:\windows\system32\kikatogi.dll
c:\windows\system32\nizukipu.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.
2009-01-04 20:17 . 2009-01-04 20:17 <DIR> d-------- c:\documents and settings\FerreiraL99.home\Application Data\Malwarebytes
2009-01-04 20:16 . 2009-01-04 20:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-04 20:16 . 2009-01-04 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-04 20:16 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 20:16 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-04 15:20 . 2009-01-04 15:20 <DIR> d-------- c:\program files\Bonjour
2008-12-20 00:12 . 2008-12-20 00:12 1,586,105 ---hs---- c:\windows\system32\ehazakul.tmp
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
2008-12-07 13:24 . 2008-12-07 13:24 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-07 13:23 . 2008-12-07 13:23 <DIR> d-------- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 22:47 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-01-05 22:46 --------- d-----w c:\documents and settings\FerreiraL99.home\Application Data\Skype
2009-01-05 22:25 --------- d-----w c:\program files\BBC Ticker
2009-01-05 21:56 --------- d-----w c:\documents and settings\FerreiraL99.home\Application Data\skypePM
2009-01-05 15:34 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-18 23:54 --------- d-----w c:\program files\DivX
2008-11-05 09:13 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2008-04-06 11:49 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-12-16 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-12-16 561152]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2002-11-29 73728]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-01-05 40960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 15:49 110592 c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\jahanane.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-484763869-1606980848-682003330-1135\Scripts\Logoff\[u]0[/u]\[u]0[/u]]
"Script"=%logonserver%\netlogon\scripts\logoffAudit.vbe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-484763869-1606980848-682003330-1135\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=%LOGONSERVER%\NETLOGON\Scripts\logonAudit.vbe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-484763869-1606980848-682003330-1135\Scripts\Logon\[u]0[/u]\1]
"Script"=%LOGONSERVER%\NETLOGON\Scripts\mapr.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-484763869-1606980848-682003330-1135\Scripts\Logon\[u]0[/u]\2]
"Script"=%LOGONSERVER%\NETLOGON\Scripts\mape.bat
[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Generic ChkMail.lnk]
path=c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\Generic ChkMail.lnk
backup=c:\windows\pss\Generic ChkMail.lnkCommon Startup
[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2007-11-27 11:58 1032376 c:\program files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
--a------ 2007-05-03 07:57 230928 c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
--a------ 2007-08-28 07:37 177416 c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 09:29 40960 c:\windows\system32\ezSP_Px.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcontrol]
-ra------ 2003-03-06 12:00 57344 c:\windows\Hcontrol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-02-16 20:06 118784 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-02-16 20:07 155648 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2007-11-27 11:58 1032376 c:\program files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2003-12-10 01:36 86016 c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
--a------ 2004-01-05 17:34 40960 c:\windows\vsnpstd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
--a------ 2008-04-14 00:12 143360 c:\windows\system32\mobsync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
--a------ 2008-04-12 20:53 3042816 c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-03-31 09:21 87751 c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Kontiki\\KHost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ade89f10-ccd4-11db-b06f-00112f1654bd}]
\Shell\AutoRun\command - F:\Installer.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-05 c:\windows\Tasks\Backup.job
- c:\windows\system32\ntbackup.exe [2008-04-14 00:12]
2009-01-04 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-14 00:12]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-RevHDD - c:\windows\SYSTEM\RevHDD.exe
SafeBoot-msvtch.sys
MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: memberservices.tesco.net
Trusted Zone: register.tesco.net
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\FerreiraL99.home\Application Data\Mozilla\Firefox\Profiles\wg7x1268.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 22:43:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1120)
c:\windows\System32\LgNotify.dll
- - - - - - - > 'lsass.exe'(1308)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\ZCfgSvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\1XConfig.exe
c:\program files\BBC Ticker\BBCTicker.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2009-01-05 22:53:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-05 22:52:58
Pre-Run: 8,748,244,992 bytes free
Post-Run: 10,313,515,008 bytes free
248 --- E O F --- 2008-12-12 21:07:21
Voilàààà merci à toi
Telecharges RSIT sur ton bureau : http://images.malwareremoval.com/random/RSIT.exe Double cliques sur RSIT.exe afin de lancer le programme. Cliques sur " continue" à l'écran " Disclaimer. Si l'outil " hijackthis n'est pas detecté sur le pc, RSIT le telechargera ---> il faudra accepter la licence. Lorsque l'analyse est finie, deux fichiers textes s'ouvriront. Postes le contenu de log.txt et info.txt ( dans la barre des taches ). Note : les rapports sont aussi à C:\Rsit
