Sujet Précédent Sujet Suivant

Rapport Malwarebytes

lili_rose Messages postés 54 Statut Membre -  
lili_rose Messages postés 54 Statut Membre -
Bonjour,

Un de mes amis trouvait que son ordi ramait depuis quelques temps et pour cause... Aucun traitement de faveur... J'ai remplacé Avast par Antivir + Spybot. J'ai également installé Mozilla Firefox (sans désinstaller IE).
J'ai effectué une analyse Cclear puis un nettoyage. J'ai ensuite lancé Malwarebytes et effectué un "examen complet". Je procèderai ensuite à une défragmentation du disque.
Il vient de me faire parvenir le rapport mais je ne sais pas si il peut tout supprimer sans risque.
D'autre part, dois-je effectuer d'autres manip ou les précédentes sont suffisantes ?
Merci d'avance.

Config : Windows XP
A voir également:

30 réponses

  • 1
  • 2
Réponse 1 / 30
Utilisateur anonyme
 
SAlut!!

On peut voir le rapport MBAM?

Merci.
0
Réponse 2 / 30
lili_rose Messages postés 54 Statut Membre
 
C'est mieux si je mets le rapport...

19:27 03/02/200919:27 03/02/200919:27 03/02/200919:27 Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1718
Windows 5.1.2600 Service Pack 3

03/02/2009 18:23:05
mbam-log-2009-02-03 (18-22-42).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 110880
Temps écoulé: 1 hour(s), 50 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 100
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 80
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{0494d93e-a2bb-4802-865c-a80a53b78107} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0777f4cb-c8d3-4d24-87ae-da072c750ffb} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0d4da0aa-99ab-40b3-9bf7-a9270fbaca46} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{155e990b-c7e9-47fd-a272-acdcb1474232} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17b69d53-cd88-4657-be84-63297b10078e} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{19bbc30a-d722-46ef-a260-e97cf87d4b3b} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1a697b7c-1f9a-4428-a35f-d67d3a7fb403} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1e4dda88-df4b-4a51-8efb-acb68370b5e7} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1e7a2f4c-1b67-43f2-8839-1a5313f39fab} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{21785954-f667-4e24-aa93-3e96dbf87088} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{21f92505-0d90-4d8e-89d7-95158d147e00} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2a81c12b-bddf-42aa-98dd-f91a78097e13} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2aa95d12-cdba-44ce-abb7-14f35fe213c9} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2c5638f8-9943-412e-bdaa-729df3caf9f2} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3479c9c8-b7ba-4704-9359-86fe33620c07} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{35d5e9e8-9110-479d-a3d5-1ce203e7cff8} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38200d33-6c95-43ed-bb05-aa6e9be57af8} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{387dd594-eca5-4053-b43e-49125a188d0f} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{394d4140-4bab-465e-b6ed-61252c1e983c} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3977a3c5-6ece-42b8-9932-d36192a351bf} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{49b3f626-1d1b-4018-8ba5-8ccab3fce422} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4fd6fe10-7424-4347-9527-b47ec1e5a5bb} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5183e02d-21d6-4325-8810-191ce7dbfa70} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5319069a-a18e-4a37-98e0-292e949f6302} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{536c1ae5-9000-4349-bdf4-ba9489d68ea1} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{566a294b-d4a3-447e-9bc7-c1ad9d4dab68} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{57cc0b7e-163e-4f94-ae52-ef9c8665db96} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{597e9862-08f9-48e8-b2fa-a59bf7b53791} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{599805b6-6faa-46e6-99e6-5f5425f52fd6} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5db349b9-44c9-469f-909b-1e2a4c200b43} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{62f7f9c4-151f-45a3-92cb-c0bdde482b5b} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63ca0638-fbca-4487-b4d2-706603a687c1} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6b22978e-f8a5-437b-8f35-8010d0173441} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6b3b803b-ec5b-4e8b-b3d5-a9f6e0418565} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{70c1cc74-496c-42ce-acb4-768407d505ce} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{71d71cd3-3ade-409a-92e9-760def7e73ae} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{722c97fb-2966-424d-9432-fb0ae9275dd2} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72b1c0d3-3957-453a-8f48-48cb854a569e} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{73766aaa-d49b-4fea-a46b-b288b97a91df} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{737ebf2a-41a0-4c01-8476-30fa38580c03} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7618d3e7-84b8-45e1-9b3d-14c164b0ae85} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{76dd8871-d61f-497c-8fb4-1886a73986e0} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7878f678-230d-4c64-a66c-d25bb140552f} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{79b9cdad-6160-468b-8c95-47fa426cb081} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7b57f151-f41c-49e1-a83f-8543867d2fea} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7d3dd1e8-b95e-4eae-a1d3-da34cf97ca35} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7ebc5c68-c80a-41b2-bd12-0d51a3efd683} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{815ff77e-a436-4485-8137-75fbe65eba2d} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{81fbff49-8b79-4a90-8325-709fb4fba7b5} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{87da8e65-15bc-4b5d-8a7d-649f81a4003b} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8bfed1cd-14f8-497d-90f1-bada7d1e7f4e} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8df45a28-2cf7-4175-ac04-ce45d26b7d0b} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8e7bd10f-872e-42b2-961d-45d6d6405d7c} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90305b36-8d00-48b6-bc2d-ae2131a50f64} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{91bc4b60-9252-4e13-9c49-2e917174b109} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{968042b1-bded-41e4-b758-18adad406c33} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{975b8fb4-a107-4b4c-a811-d3560c5b70b8} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9ada0fb8-1133-4c07-a46e-eaa8b6982727} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9dc36da5-9635-4fa0-9dab-8a7ce65b8b65} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9e809c16-5c6e-47e9-a58e-3d8cecaac5fe} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a5357862-4be9-4eeb-af92-02efd2a2a8a8} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ac191b5e-c5d5-49e0-a96a-3589c14e48b4} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{acf09d30-013c-4fd7-96f2-b5331b7cb400} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ad980ef9-797e-4392-a036-e1a9cb8c67c1} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aeebd295-3f93-4745-9208-57ba25305136} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b6ae969b-8eb6-4173-a696-ca39a0a50165} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b7ef28d0-1b74-4fad-8226-4c5e0a467106} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bf5ec252-e290-42f4-a907-bec9640d99f5} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c1023d23-a735-4b74-9850-13cfb45c138f} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c1746d8b-71c5-49d4-9b26-c500cbe42d81} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c1941056-f303-4db8-b014-48b70a2b9048} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c3dfcbcb-f7d0-4909-8ee0-308305b1e0cd} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ca243c53-890c-4e0e-ba24-6c01431993b3} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cea21171-37d9-48c1-bc42-466071222381} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d1b10638-06cd-4683-9486-fa8144c120db} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d63fc539-120d-4db8-ab0d-cd1eb7c960b9} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{daa0f52a-e3e9-429d-96ec-1ee45fc01517} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{db0c739d-8790-4a6b-9f9f-de43c08a6e23} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{dc16bb9b-f6ff-4e4f-85ee-f5b0c94d6d13} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e92aa001-ceed-412b-9fc9-bb91c7c8c9dc} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ea3f9b9e-3ee5-452c-9046-f177dd8d0c52} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ec66f0db-f509-42c8-b0f3-92eaf64affad} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ed349e37-a7cc-4337-aabe-b8cea6816ce3} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f2c72a7f-5d3c-4c2f-8240-8b62c1ba66f2} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f57b0fcc-c093-49a9-9627-7008868b2799} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f8af8de8-bf15-4e9f-8601-f0985a1e8759} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fab32c1a-f718-4d11-8a36-dfaf3b6fe4dc} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{a521ac73-b0b9-48a4-82c2-454156af0e26} (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{31ce147e-178c-4c35-9520-319db1143a2f} (Rogue.Spy-Rid) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{12f9ab4e-091e-4270-9c7f-61caf32eb345} (Rogue.InfeStopRemover) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{03b902b1-9b25-4173-9468-56775c85a8d4} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access (Adware.InstantAccess) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com (Rogue.WinIFixer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\taskmon (Trojan.Downloader) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> No action taken.
C:\Program Files\EasySpywareCleaner\Quarantine (Rogue.EasySpywareCleaner) -> No action taken.
C:\Program Files\Spy-Rid (Rogue.Spy-Rid) -> No action taken.
C:\Program Files\Spy-Rid\Infected (Rogue.Spy-Rid) -> No action taken.
C:\Program Files\InfeStop (Rogue.InfeStopRemover) -> No action taken.
C:\Program Files\InfeStop\Quarantine (Rogue.InfeStopRemover) -> No action taken.
C:\Program Files\WinIFixer (Rogue.WinIFixer) -> No action taken.
C:\Program Files\MyWay (Adware.MyWay) -> No action taken.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnce (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnceEx (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnce (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnceEx (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuAllUsers (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuCurrentUser (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\BrowserObjects (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnce (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnceEx (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnce (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnceEx (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuAllUsers (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuCurrentUser (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\BrowserObjects (Rogue.EasySpywareCleaner) -> No action taken.
C:\Documents and Settings\User\Application Data\spy-rid.com (Rogue.Spy-Rid) -> No action taken.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid (Rogue.Spy-Rid) -> No action taken.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun (Rogue.Spy-Rid) -> No action taken.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun (Rogue.Spy-Rid) -> No action taken.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun\RunOnce (Rogue.Spy-Rid) -> No action taken.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun\RunOnceEx (Rogue.Spy-Rid) -> No action taken.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun (Rogue.Spy-Rid) -> No action taken.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun\RunOnce (Rogue.Spy-Rid) -> No action taken.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun\RunOnceEx (Rogue.Spy-Rid) -> No action taken.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\StartMenuAllUsers (Rogue.Spy-Rid) -> No action taken.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\StartMenuCurrentUser (Rogue.Spy-Rid) -> No action taken.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\BrowserObjects (Rogue.Spy-Rid) -> No action taken.
C:\Documents and Settings\User\Application Data\InfeStop.com (Rogue.InfeStopRemover) -> No action taken.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop (Rogue.InfeStopRemover) -> No action taken.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun (Rogue.InfeStopRemover) -> No action taken.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\HKCURun (Rogue.InfeStopRemover) -> No action taken.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\HKCURun\RunOnce (Rogue.InfeStopRemover) -> No action taken.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\HKCURun\RunOnceEx (Rogue.InfeStopRemover) -> No action taken.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\HKLMRun (Rogue.InfeStopRemover) -> No action taken.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\HKLMRun\RunOnce (Rogue.InfeStopRemover) -> No action taken.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\HKLMRun\RunOnceEx (Rogue.InfeStopRemover) -> No action taken.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\StartMenuAllUsers (Rogue.InfeStopRemover) -> No action taken.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\StartMenuCurrentUser (Rogue.InfeStopRemover) -> No action taken.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\BrowserObjects (Rogue.InfeStopRemover) -> No action taken.
C:\Documents and Settings\User\Application Data\WinIFixer.com (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\User\Local Settings\Application Data\zymwfxkjn_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\User\Local Settings\Application Data\zymwfxkjn_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\User\Local Settings\Application Data\zymwfxkjn.dat (Adware.Navipromo.H) -> No action taken.
C:\Program Files\WinRAR\Patch.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\WinIFixer\MFC71.dll (Rogue.WinIFixer) -> No action taken.
C:\Program Files\WinIFixer\msvcp71.dll (Rogue.WinIFixer) -> No action taken.
C:\Program Files\WinIFixer\msvcr71.dll (Rogue.WinIFixer) -> No action taken.
C:\WINDOWS\XUPDATE.EXE (Worm.Zhelatin) -> No action taken.
C:\Program Files\Setup.exe (Rogue.Installer) -> No action taken.
0
Réponse 3 / 30
Utilisateur anonyme
 
Ok! Tu peux faire "Supprimer la sélection".

Ensuite poste le nouveau rapport obtenu.
0
Réponse 4 / 30
lili_rose Messages postés 54 Statut Membre
 
Ok ;)
Je ne suis pas chez lui, je lui téléphone l'info et je poste le rapport dès réception.
Merci pour l'info et bonne soirée au cas où ce ne soit pas toi qui me réponde tout à l'heure
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 30
Utilisateur anonyme
 
Ok! Normalement je suis là, on verra bien.

D'autre part, dois-je effectuer d'autres manip ou les précédentes sont suffisantes ?

--> Au vu du rapport MBAM, sûrement d'autres choses seront à envisager. ;))
0
Réponse 6 / 30
lili_rose Messages postés 54 Statut Membre
 
Voici le nouveau rapport :

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1718
Windows 5.1.2600 Service Pack 3

03/02/2009 20:28:05
mbam-log-2009-02-03 (20-28-05).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 110880
Temps écoulé: 1 hour(s), 50 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 100
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 80
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{0494d93e-a2bb-4802-865c-a80a53b78107} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0777f4cb-c8d3-4d24-87ae-da072c750ffb} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0d4da0aa-99ab-40b3-9bf7-a9270fbaca46} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{155e990b-c7e9-47fd-a272-acdcb1474232} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17b69d53-cd88-4657-be84-63297b10078e} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{19bbc30a-d722-46ef-a260-e97cf87d4b3b} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a697b7c-1f9a-4428-a35f-d67d3a7fb403} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e4dda88-df4b-4a51-8efb-acb68370b5e7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e7a2f4c-1b67-43f2-8839-1a5313f39fab} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21785954-f667-4e24-aa93-3e96dbf87088} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21f92505-0d90-4d8e-89d7-95158d147e00} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2a81c12b-bddf-42aa-98dd-f91a78097e13} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2aa95d12-cdba-44ce-abb7-14f35fe213c9} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2c5638f8-9943-412e-bdaa-729df3caf9f2} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3479c9c8-b7ba-4704-9359-86fe33620c07} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{35d5e9e8-9110-479d-a3d5-1ce203e7cff8} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38200d33-6c95-43ed-bb05-aa6e9be57af8} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{387dd594-eca5-4053-b43e-49125a188d0f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{394d4140-4bab-465e-b6ed-61252c1e983c} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3977a3c5-6ece-42b8-9932-d36192a351bf} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{49b3f626-1d1b-4018-8ba5-8ccab3fce422} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4fd6fe10-7424-4347-9527-b47ec1e5a5bb} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5183e02d-21d6-4325-8810-191ce7dbfa70} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5319069a-a18e-4a37-98e0-292e949f6302} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{536c1ae5-9000-4349-bdf4-ba9489d68ea1} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{566a294b-d4a3-447e-9bc7-c1ad9d4dab68} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{57cc0b7e-163e-4f94-ae52-ef9c8665db96} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{597e9862-08f9-48e8-b2fa-a59bf7b53791} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{599805b6-6faa-46e6-99e6-5f5425f52fd6} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5db349b9-44c9-469f-909b-1e2a4c200b43} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{62f7f9c4-151f-45a3-92cb-c0bdde482b5b} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63ca0638-fbca-4487-b4d2-706603a687c1} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6b22978e-f8a5-437b-8f35-8010d0173441} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6b3b803b-ec5b-4e8b-b3d5-a9f6e0418565} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{70c1cc74-496c-42ce-acb4-768407d505ce} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71d71cd3-3ade-409a-92e9-760def7e73ae} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{722c97fb-2966-424d-9432-fb0ae9275dd2} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72b1c0d3-3957-453a-8f48-48cb854a569e} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{73766aaa-d49b-4fea-a46b-b288b97a91df} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{737ebf2a-41a0-4c01-8476-30fa38580c03} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7618d3e7-84b8-45e1-9b3d-14c164b0ae85} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{76dd8871-d61f-497c-8fb4-1886a73986e0} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7878f678-230d-4c64-a66c-d25bb140552f} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{79b9cdad-6160-468b-8c95-47fa426cb081} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7b57f151-f41c-49e1-a83f-8543867d2fea} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7d3dd1e8-b95e-4eae-a1d3-da34cf97ca35} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7ebc5c68-c80a-41b2-bd12-0d51a3efd683} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{815ff77e-a436-4485-8137-75fbe65eba2d} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{81fbff49-8b79-4a90-8325-709fb4fba7b5} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{87da8e65-15bc-4b5d-8a7d-649f81a4003b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8bfed1cd-14f8-497d-90f1-bada7d1e7f4e} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8df45a28-2cf7-4175-ac04-ce45d26b7d0b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8e7bd10f-872e-42b2-961d-45d6d6405d7c} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90305b36-8d00-48b6-bc2d-ae2131a50f64} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{91bc4b60-9252-4e13-9c49-2e917174b109} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{968042b1-bded-41e4-b758-18adad406c33} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{975b8fb4-a107-4b4c-a811-d3560c5b70b8} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9ada0fb8-1133-4c07-a46e-eaa8b6982727} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9dc36da5-9635-4fa0-9dab-8a7ce65b8b65} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9e809c16-5c6e-47e9-a58e-3d8cecaac5fe} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a5357862-4be9-4eeb-af92-02efd2a2a8a8} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ac191b5e-c5d5-49e0-a96a-3589c14e48b4} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{acf09d30-013c-4fd7-96f2-b5331b7cb400} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ad980ef9-797e-4392-a036-e1a9cb8c67c1} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aeebd295-3f93-4745-9208-57ba25305136} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b6ae969b-8eb6-4173-a696-ca39a0a50165} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b7ef28d0-1b74-4fad-8226-4c5e0a467106} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bf5ec252-e290-42f4-a907-bec9640d99f5} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1023d23-a735-4b74-9850-13cfb45c138f} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1746d8b-71c5-49d4-9b26-c500cbe42d81} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1941056-f303-4db8-b014-48b70a2b9048} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c3dfcbcb-f7d0-4909-8ee0-308305b1e0cd} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ca243c53-890c-4e0e-ba24-6c01431993b3} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cea21171-37d9-48c1-bc42-466071222381} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d1b10638-06cd-4683-9486-fa8144c120db} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d63fc539-120d-4db8-ab0d-cd1eb7c960b9} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{daa0f52a-e3e9-429d-96ec-1ee45fc01517} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{db0c739d-8790-4a6b-9f9f-de43c08a6e23} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dc16bb9b-f6ff-4e4f-85ee-f5b0c94d6d13} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e92aa001-ceed-412b-9fc9-bb91c7c8c9dc} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea3f9b9e-3ee5-452c-9046-f177dd8d0c52} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec66f0db-f509-42c8-b0f3-92eaf64affad} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ed349e37-a7cc-4337-aabe-b8cea6816ce3} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f2c72a7f-5d3c-4c2f-8240-8b62c1ba66f2} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f57b0fcc-c093-49a9-9627-7008868b2799} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f8af8de8-bf15-4e9f-8601-f0985a1e8759} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fab32c1a-f718-4d11-8a36-dfaf3b6fe4dc} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a521ac73-b0b9-48a4-82c2-454156af0e26} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{31ce147e-178c-4c35-9520-319db1143a2f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{12f9ab4e-091e-4270-9c7f-61caf32eb345} (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{03b902b1-9b25-4173-9468-56775c85a8d4} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access (Adware.InstantAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Delete on reboot.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\taskmon (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\Quarantine (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid\Infected (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\InfeStop (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Program Files\InfeStop\Quarantine (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Program Files\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuAllUsers (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuCurrentUser (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\BrowserObjects (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuAllUsers (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuCurrentUser (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\BrowserObjects (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\spy-rid.com (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun\RunOnce (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun\RunOnceEx (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun\RunOnce (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun\RunOnceEx (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\StartMenuAllUsers (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\Autorun\StartMenuCurrentUser (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\spy-rid.com\SpyRid\BrowserObjects (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\InfeStop.com (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\HKCURun (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\HKCURun\RunOnce (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\HKCURun\RunOnceEx (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\HKLMRun (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\HKLMRun\RunOnce (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\HKLMRun\RunOnceEx (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\StartMenuAllUsers (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\Autorun\StartMenuCurrentUser (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\InfeStop.com\InfeStop\BrowserObjects (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\User\Local Settings\Application Data\zymwfxkjn_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\zymwfxkjn_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\zymwfxkjn.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Program Files\WinRAR\Patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\WinIFixer\MFC71.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Program Files\WinIFixer\msvcp71.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Program Files\WinIFixer\msvcr71.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\WINDOWS\XUPDATE.EXE (Worm.Zhelatin) -> Quarantined and deleted successfully.
C:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
0
Réponse 7 / 30
Utilisateur anonyme
 
Wahou! Le pc doit déjà respirer un bon coup!

Alors dans l'ordre: ouvre MBAM, va dans quarantaine et supprime tout.

Un petit nettoyage ensuite:

Fait passer CCleaner, registre compris.

==================

Redémarre le pc.

==================

Télécharge sur le bureau navilog1

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Double-clique sur le raccourci "navilog1" sur ton bureau.
Appuie sur la lettre f de ton clavier puis sur la touche Entrée.
Appuie sur une touche de ton clavier pour continuer...

Tape 1, puis appuie sur la touche Entrée.
Ainsi Navilog1 va effectuer la recherche des fichiers infectieux:

/!\ NE PAS UTILISER L'OPTION 2, 3, 4 SANS AVIS /!\

Patiente, cela peut prendre une dizaine de minutes...
Navilog1 t'informera que la recherche est terminée :
Appuie sur une touche pour afficher le rapport qu'il a généré.

Le rapport sera sauvegardé dans le fichier suivant : "fixnavi.txt" à la racine
du disque dur (ex : C:\fixnavi.txt).

Poste le rapport généré.
0
Réponse 8 / 30
lili_rose Messages postés 54 Statut Membre
 
Compris ;)
Je ne pourrais faire ces manip que demain mais idem que tout à l'heure je poste le rapport dès que je peux.
Merci pour ton aide.. Je me doutais bien que son ordi avait besoin d'un gros dépoussiérage et d'un bon bol d'air...
@ demain
0
Réponse 9 / 30
Utilisateur anonyme
 
Pas de soucis, tu postes dès que tu as et je vois quand j'arrive.

Bonne soirée.
0
Réponse 10 / 30
lili_rose Messages postés 54 Statut Membre
 
Bonsoir,

Comme convenu j'ai effectué les manip indiquées hier soir et je joints le rapport fixnavi.
J'attends tes infos ;)

Search Navipromo version 3.7.1 commencé le 04/02/2009 à 17:57:13,15

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 1500MHz )
BIOS : Award Medallion BIOS v6.0
USER : User ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:19 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\User\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\User\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\User\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\User\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\User\locals~1\applic~1" :

zymwfxkjn_navup.dat trouvé !

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

*** Analyse terminée le 04/02/2009 à 18:05:14,89 ***
0
Réponse 11 / 30
Utilisateur anonyme
 
Salut!!

Ok! Donc la suite: Il faut relancer Navilog et exécuter cette fois l'option 2, celle du nettoyage.

Poste ensuite le rapport généré.

===============

Ensuite:

Option 1 - Recherche :

Télécharge Smitfraudfix et enregistre le sur le bureau

(c est le numéro 2 en bas de la page) :

Ensuite double clique sur smitfraudfix puis exécuter

Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.

(attention : N'utilise pas l'option 2 si je ne te l'ai pas demandé !!)

Copier/colle le rapport dans la réponse.

Un tutoriel sonore et animé est à ta disposition sur le site.

(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool".
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains,
cet utilitaire pourrait arrêter des logiciels de sécurité.)

A++ ;)
0
Réponse 12 / 30
lili_rose Messages postés 54 Statut Membre
 
RE

Ci joint le cleanavi + rapport Smit
Je dois m'absenter pas lgtps et je viens voir tes instructions dès mon retour...

Clean Navipromo version 3.7.1 commencé le 04/02/2009 à 18:26:15,26

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 1500MHz )
BIOS : Award Medallion BIOS v6.0
USER : User ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:19 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\User\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\User\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\User\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\User\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Suppression fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\User\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

* Dans "C:\Documents and Settings\User\locals~1\applic~1" *

zymwfxkjn_navup.dat trouvé !
Copie zymwfxkjn_navup.dat réalisée avec succès !
zymwfxkjn_navup.dat supprimé !

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***

*** Nettoyage terminé le 04/02/2009 à 18:37:01,09 ***

=====================================================================

SmitFraudFix v2.392

Rapport fait à 18:49:14,46, 04/02/2009
Executé à partir de C:\Documents and Settings\User\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.0.1

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{117270AA-6E07-43CA-8E3E-FB1113C65996}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9F4CA9B1-0573-4C4D-9E13-2CE876329983}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EBD80E08-D46E-45D0-BD21-74210B7AC05A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{117270AA-6E07-43CA-8E3E-FB1113C65996}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9F4CA9B1-0573-4C4D-9E13-2CE876329983}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EBD80E08-D46E-45D0-BD21-74210B7AC05A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 13 / 30
Utilisateur anonyme
 
Parfait!

Suite:

Télécharge cet outil de SiRi sur ton bureau :

RHost

Double-clique dessus pour le lancer .

-> clique sur " Restore original Hosts "

( Tu auras l'impression que rien ne s'est passé, c'est normal ... )

=======================================

Option 2 - Nettoyage :

Redémarrer l'ordinateur en mode sans échec xp Comment redémarrer en mode sans échec ??

Double clique sur smitfraudfix

Sélectionne 2 pour supprimer les fichiers responsables de l'infection.

A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

Enregistre le rapport sur ton bureau

Redémarre en mode normal et poste le rapport.

A++
0
Réponse 14 / 30
lili_rose Messages postés 54 Statut Membre
 
Voilà, les dernières manip ont été effectuées mais nous n'avons pas eu :

A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

Nous avons refait la manip 2 fois mais rien (?)

Voici toutefois le rapport Smit et j'attends ta réponse

SmitFraudFix v2.392

Rapport fait à 21:38:13,78, 04/02/2009
Executé à partir de C:\Documents and Settings\User\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\autorun.inf supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{117270AA-6E07-43CA-8E3E-FB1113C65996}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9F4CA9B1-0573-4C4D-9E13-2CE876329983}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EBD80E08-D46E-45D0-BD21-74210B7AC05A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{117270AA-6E07-43CA-8E3E-FB1113C65996}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9F4CA9B1-0573-4C4D-9E13-2CE876329983}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EBD80E08-D46E-45D0-BD21-74210B7AC05A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 15 / 30
Utilisateur anonyme
 
Ok! C'est bon.

Sinon, comment va le pc? Mieux?

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

http://images.malwareremoval.com/random/RSIT.exe

Double-clique sur RSIT.exe.

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

A noter: Les rapports se trouvent également ici: C:\rsit.

/!\ Poste les deux rapports (log + info) dans deux messages séparés, merci /!\
0
Réponse 16 / 30
lili_rose Messages postés 54 Statut Membre
 
Ouf ! On avance... Merci de ta présence..
Je viens de lui envoyer le lien et j'attends son apl pour le guider..
Je te poste les rapports dès que je les reçois ;)
0
Réponse 17 / 30
lili_rose Messages postés 54 Statut Membre
 
RE

Voici les 2 rapports par contre apparemment l'ordi rame toujours..

Logfile of random's system information tool 1.05 (written by random/random)
Run by User at 2009-02-04 22:37:55
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 20 GB (52%) free of 38 GB
Total RAM: 256 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:05, on 04/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\Bureau\RSIT.exe
C:\Program Files\trend micro\User.exe

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mswinupdate.exe] C:\WINDOWS\mswinupdate.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [mswinupdate.exe] C:\WINDOWS\mswinupdate.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
0
Réponse 18 / 30
Utilisateur anonyme
 
256 Mo de Ram! Il peut ramer le pc! XD

Puis Vuze + La Mule: Vuze est un gros consommateur de mémoire! La Mule un peu moins, mais tout de même! ;))

Ok! Également une toolbar infectée:

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

Poste le rapport généré. (C:\TB.txt)
0
Réponse 19 / 30
lili_rose Messages postés 54 Statut Membre
 
lol ! Il m'avait pourtant dit avoir supp La Mule.. en tous cas tu m'a bin fait rire avec ton com :D!!
je te poste ça dans qq mn
0
Réponse 20 / 30
lili_rose Messages postés 54 Statut Membre
 
Emule était resté dans "programme file" il est maintenant officiellement supp !!
Voici le rapport de TB :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 1500MHz )
BIOS : Award Medallion BIOS v6.0
USER : User ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:20 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 04/02/2009|23:18 )

-----------\\ Recherche de Fichiers / Dossiers ...

[Service] ASKService
[Service] ASKUpgrade
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\AskSplash.exe
C:\Program Files\AskBarDis\bar\bin\AskTBApp.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm

-----------\\ Extensions

(User) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(User) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 04/02/2009|23:21 - Option : [1]

-----------\\ Fin du rapport a 23:21:35,04
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
installer malwarebytes gratuit
Frenzel -
MPMP10 -

9 réponses