Sujet Précédent Sujet Suivant

Virus facebook via email

wadcox Messages postés 1022 Statut Membre -  
 Utilisateur anonyme -
bonjour,

j'ai actuellement 2 pc ayant attrapé ce super virus pourri par email (via facebook).

je vous poste mon rapport pour Hijackthis et FindyKill (le pc redémarre en ce moment suite au choix 2 dans FindyKill pour la suppression. je vous renvois le rapport suite au redémarrage.

Merci pour vos futures réponses.

Hijackthis :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-09-25 11:14:58
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 47 GB (32%) free of 144 GB
Total RAM: 1023 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:13, on 25/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\sYSteM32\SvchOst.eXE
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0 Server\English\lservnt.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
F:\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8f3734bcc0094e0d90324b64ba7e5f09
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8f3734bcc0094e0d90324b64ba7e5f09
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DEKERCOET
O17 - HKLM\Software\..\Telephony: DomainName = DEKERCOET
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DEKERCOET
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: Service RPC eTrust ITM (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: Service en temps réel eTrust ITM (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: Service des jobs eTrust ITM (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleOraTOPSNMPPeerEncapsulator - Unknown owner - C:\Oracle\OraTOP\BIN\ENCSVC.EXE
O23 - Service: OracleOraTOPSNMPPeerMasterAgent - Unknown owner - C:\Oracle\OraTOP\BIN\AGNTSVC.EXE
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: SentinelLM - Rainbow Technologies, Inc. - C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0 Server\English\lservnt.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
A voir également:

8 réponses

Réponse 1 / 8
Utilisateur anonyme
 
Salut.

Pourquoi as-tu utilisé FindyKill ? Le rapport fourni n'est pas un hijackthis, mais RSIT ! ;)

Commence par ceci :

▶ Télécharge Malwarebytes Anti-Malware (MBAM):

MBAM

▶ Installe-le en vérifiant que la case de mise à jour soit bien cochée en fin d'installation.

▶ Après la mise à jour, lance-le et coche "Examen Rapide". Puis "Rechercher".

▶ Si MBAM trouve quelque chose: fais "Voir les résultats" puis "Supprimer la sélection".

▶ Poste le rapport généré.

++
0
Réponse 2 / 8
wadcox Messages postés 1022 Statut Membre 222
 
re,

merci déjà de t'occuper de mon problème.

malwarebytes a été le premier logiciel que j'ai utilisé avant de poster ici, j'ai fait la maj, lancé une analyse complète. supprimé des spywares et autres cochonneries. je relance le pc et je relance internet et hop, je lance ma page de démarrage (google) aucun soucis, je fais une recherche avec le mot test par exemple.

j'ai tous les résultats (aucun soucis), et une fois que je clic sur n importe quel site dans les résultats, je suis directement renvoyé vers d'autres sites du style ebay, ou autres sites différents de celui que je recherche.

j'ai fais le test malwarebytes en mode normal et sans echec avec prise en charge réseau.

supprimé au max tout ce qu'il y avait au démarrage du pc au cas ou cela viendrait de là.
supprimé tout le contenu des fichiers temps (C: windows/temp, c:documents and settind...)

mais rien n'y fait.

je pourrai formater mais je voudrais arrivé à bout de ce satané virus plutôt que te me lancer dans un formatage facile.
0
Réponse 3 / 8
Utilisateur anonyme
 
Salut

Ici c'est le forum Windows, merci de poster les problèmes de Virus/Sécurité dans le forum approprié.

D'autre part, il est recommandé d'attendre les conseils des helpers avant de faire un quelconque rapport.

Bonne chance pour la désinfection!
0
Réponse 4 / 8
Utilisateur anonyme
 
Re.

Fais le scan MBAM, poste-moi le rapport et on verra ensuite ! ;)

++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
wadcox Messages postés 1022 Statut Membre 222
 
voici le rapport avant de supprimés les fichiers infectés, puis après le rapport une fois supprimés :

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

25/09/2009 15:40:00
mbam-log-2009-09-25 (15-39-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 251301
Time elapsed: 48 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 76

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\ddnsfilter\ddnsfilter.dll (Trojan.DNSChanger) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ddnsfilter (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ddnsfilter (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddnsfilter (Trojan.DNSChanger) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ddnsfilter (Trojan.DNSChanger) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
C:\Program Files\DDnsFilter (Trojan.DNSChanger) -> No action taken.

Files Infected:
C:\1utbfd.bat (Spyware.OnlineGames) -> No action taken.
C:\22yj2fy1.exe (Worm.AutoRun) -> No action taken.
C:\6rxt26.exe (Worm.Magania) -> No action taken.
C:\hx.exe (Spyware.OnlineGames) -> No action taken.
C:\kgji.exe (Worm.Magania) -> No action taken.
C:\lcw.exe (Spyware.OnlineGames) -> No action taken.
C:\m1eqos3.exe (Worm.Magania) -> No action taken.
C:\mb9x.exe (Worm.Magania) -> No action taken.
C:\rx.exe (Worm.Magania) -> No action taken.
C:\u0riu2.exe (Spyware.OnlineGames) -> No action taken.
C:\ukfbi3aw.exe (Worm.Magania) -> No action taken.
C:\nkbd1v.exe (Spyware.OnlineGames) -> No action taken.
C:\p0ijj.bat (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0091286.bat (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0091293.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0092287.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0092327.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0092329.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0092333.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0092334.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0092401.dll (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP405\A0092481.bat (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP405\A0092546.dll (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP405\A0092892.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP405\A0092736.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP405\A0092810.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP406\A0092954.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP406\A0093036.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP407\A0093142.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP407\A0093203.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP407\A0093443.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP407\A0093297.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP407\A0093373.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP408\A0093460.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP408\A0093488.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP410\A0095220.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP411\A0095231.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP411\A0095663.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP414\A0095987.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP414\A0096206.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP414\A0096105.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP415\A0096285.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP415\A0097361.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP415\A0097477.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP416\A0097568.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP416\A0097663.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP416\A0097761.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP417\A0097851.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP417\A0097908.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP418\A0098044.exe (Worm.Magania) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP419\A0098452.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP420\A0098459.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP420\A0098576.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP420\A0098682.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP421\A0098765.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP421\A0098851.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\hippy14.exe (Worm.Koobface) -> No action taken.
C:\Program Files\DDnsFilter\DDnsFilter.dll (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\nlmark2.dat (KoobFace.Trace) -> No action taken.
C:\autorun.inf (SuspectAutorun.Rootdrive.H) -> No action taken.
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Camille\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Camille\Local Settings\Temp\cvasds2.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Camille\Local Settings\Temp\cvasds3.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Camille\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\010112010146116101.xe (KoobFace.Trace) -> No action taken.
C:\WINDOWS\0101120101465050.xe (KoobFace.Trace) -> No action taken.
C:\WINDOWS\0101120101465249.xe (KoobFace.Trace) -> No action taken.
C:\WINDOWS\0101120101465349.xe (KoobFace.Trace) -> No action taken.
C:\WINDOWS\0101120101465354.xe (KoobFace.Trace) -> No action taken.
C:\WINDOWS\0101120101465549.xe (KoobFace.Trace) -> No action taken.
C:\WINDOWS\mmsmark2.dat (KoobFace.Trace) -> No action taken.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

25/09/2009 15:40:27
mbam-log-2009-09-25 (15-40-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 251301
Time elapsed: 48 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 76

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\ddnsfilter\ddnsfilter.dll (Trojan.DNSChanger) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\DDnsFilter (Trojan.DNSChanger) -> Delete on reboot.

Files Infected:
C:\1utbfd.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\22yj2fy1.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\6rxt26.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\hx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\kgji.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\lcw.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\m1eqos3.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\mb9x.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\rx.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\u0riu2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\ukfbi3aw.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\nkbd1v.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\p0ijj.bat (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0091286.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0091293.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0092287.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0092327.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0092329.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0092333.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0092334.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP404\A0092401.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP405\A0092481.bat (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP405\A0092546.dll (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP405\A0092892.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP405\A0092736.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP405\A0092810.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP406\A0092954.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP406\A0093036.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP407\A0093142.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP407\A0093203.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP407\A0093443.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP407\A0093297.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP407\A0093373.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP408\A0093460.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP408\A0093488.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP410\A0095220.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP411\A0095231.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP411\A0095663.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP414\A0095987.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP414\A0096206.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP414\A0096105.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP415\A0096285.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP415\A0097361.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP415\A0097477.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP416\A0097568.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP416\A0097663.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP416\A0097761.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP417\A0097851.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP417\A0097908.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP418\A0098044.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP419\A0098452.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP420\A0098459.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP420\A0098576.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP420\A0098682.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP421\A0098765.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP421\A0098851.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\hippy14.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Program Files\DDnsFilter\DDnsFilter.dll (Trojan.DNSChanger) -> Delete on reboot.
C:\WINDOWS\nlmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\autorun.inf (SuspectAutorun.Rootdrive.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Camille\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Camille\Local Settings\Temp\cvasds2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Camille\Local Settings\Temp\cvasds3.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Camille\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146116101.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465050.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465249.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465349.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465354.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465549.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mmsmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
0
Réponse 6 / 8
Utilisateur anonyme
 
Ok. Fais ceci stp :

SmitfraudFix :

Option 1 - Recherche :

▶ Télécharge Smitfraudfix et enregistre le sur le bureau

Sous XP : Double clique sur smitfraudfix puis exécuter

▶ Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.

(attention : N utilise pas l'option 2 si je ne te l'ai pas demandé !!)

▶ Copie/colle le rapport dans la réponse.

Voici un tutoriel sonore et animé en cas de problème d'utilisation

(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool". Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)

++
0
Réponse 7 / 8
wadcox Messages postés 1022 Statut Membre 222
 
re,

voici le rapport :

SmitFraudFix v2.424

Rapport fait à 16:33:55,26, 25/09/2009
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0 Server\English\lservnt.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme Gigabit Ethernet - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.200

HKLM\SYSTEM\CCS\Services\Tcpip\..\{92C97CA7-D6AB-4393-8BC8-0AA84597256E}: DhcpNameServer=192.168.1.200
HKLM\SYSTEM\CS1\Services\Tcpip\..\{92C97CA7-D6AB-4393-8BC8-0AA84597256E}: DhcpNameServer=192.168.1.200
HKLM\SYSTEM\CS3\Services\Tcpip\..\{92C97CA7-D6AB-4393-8BC8-0AA84597256E}: DhcpNameServer=192.168.1.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.200
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.200
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 8 / 8
Utilisateur anonyme
 
Tes recherches sont toujours redirigées ?

Habituellement, les détournements DNS sont accompagnés de Rootkit. Afin d'éviter une ré-infection sous peu et pour parer à cela, fais ce qui suit :

/!\ A l'attention de ceux qui passent sur ce sujet : L'outil qui suit ne doit pas être utilisé sans avis /!\

/!\ Désactive tes protections résidentes (Antivirus, Antispywares, etc...) /!\

Télécharge ComboFix (de sUBs) sur ton Bureau.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
* Il va te demander d'installer la console de récupération : ACCEPTE !.
* Ne touche pas au pc durant le scan.
* Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un Tutoriel sur l'utilisation de ComboFix (à lire avant de le lancer)

-->> https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

++
0

Discussions similaires

Messenger plante ? Solutions ici !
Seckhom -
Viovio -

6 réponses
je voudrais récupérer mon adresse e mail
clobel -
Lucio -

19 réponses