Sujet Précédent Sujet Suivant

Pourriez vous m'aider à analyser ce bilan

aymeu -  
 Utilisateur anonyme -
Bonjour,

Pourriez vous m'aider à analyser ce bilan et si possible me donner des solutions ?

Je vous remercie d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:32, on 30/10/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\a-squared Free\a2free.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\TROCME ALAIN\Bureau\Nouveau dossier\lavasoft_adawarefree.exe
C:\DOCUME~1\TROCME~1\LOCALS~1\Temp\mia86.tmp\Ad-AwareInstallation.exe
C:\Documents and Settings\TROCME ALAIN\Bureau\Nouveau dossier\Installés\HiJackThis.exe
C:\WINDOWS\System32\msiexec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.packardbell.fr/center
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz0.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {d08b4860-8557-4c3a-8f6e-000979231650} - c:\windows\system32\iwhhkft.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll
O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz0.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [32365] C:\edkkf.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [icf] C:\WINDOWS\System32:svchost.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{29DE82C9-85B6-4EDC-966C-8F39811E4759}: NameServer = 213.174.139.72,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E317C6C-FB21-4E52-85AA-79516B0D83CE}: NameServer = 213.174.139.72,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{29DE82C9-85B6-4EDC-966C-8F39811E4759}: NameServer = 213.174.139.72,192.168.1.1
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: fahzyxsx - C:\WINDOWS\SYSTEM32\iwhhkft.dll
O20 - Winlogon Notify: vgzhawe - vgzhawe.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\System32\afisicx.exe (file missing)
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: sofatnet Service (sofatnet) - Unknown owner - C:\WINDOWS\System32\sofatnet.exe (file missing)
O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\System32\tdctxte.exe (file missing)
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: Windows Hosts Controller (windows hosts controller) - Unknown owner - C:\WINDOWS\Fonts\uninstall_.exe
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\
A voir également:

7 réponses

Réponse 1 / 7
Utilisateur anonyme
 
bonjour
ça, c'est pas bon du tout
O4 - HKLM\..\Run: [32365] C:\edkkf.exe
O4 - HKUS\.DEFAULT\..\Run: [icf] C:\WINDOWS\System32:svchost.exe (User 'Default user')
O20 - Winlogon Notify: fahzyxsx - C:\WINDOWS\SYSTEM32\iwhhkft.dll
O20 - Winlogon Notify: vgzhawe - vgzhawe.dll (file missing)
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\System32\tdctxte.exe (file missing) ????


Télécharge malwarebytes' anti-malware
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
Enregistre le sur le bureau
Double-clique sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation
Si la pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
Il va se mettre à jour une fois faite
Va dans l'onglet recherche
Sélectionne exécuter un examen complet
Clique sur rechercher
Le scan démarre
A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.
Clique sur afficher les résultats pour afficher les objets trouvés
Clique sur OK pour pousuivre
Si des malwares ont été détectés, cliquer sur afficher les résultats
Sélectionne tout (ou laisser coché)
Clique sur supprimer la sélection
Malwarebytes va détruire les fichiers et les clés de registre et en mettre une
copie dans la quarantaine
Malewarebytes va ouvrir le bloc-note et y copier le rapport
Redémarre le PC
Une fois redémarré, double-clique sur Malewarebytes
Va dans l'onglet rapport/log
Clique dessus pour l'afficher une fois affiché, cliquer sur édition en haut du
bloc-note puis sur sélectionner tout
Revient sur édition, puis sur copier et revient sur le forum et dans ta réponse
Clic droit dans le cadre de la réponse et coller
0
Réponse 2 / 7
Utilisateur anonyme
 
up
0
Réponse 3 / 7
Utilisateur anonyme
 
ça bloque
0
aymeu
 
ok merci je vais le faire mais j'ai lancé une analyse avec spybot et a-squared Free4,5
0
Utilisateur anonyme > aymeu
 
laisse Spybot et a squared de coté, il faudrai plutot les désactiver, ils ne supprimeront pas l'infection que tu as
0
aymeu > Utilisateur anonyme
 
Ok j'execute
0
aymeu > aymeu
 
L'installation plante
0
Réponse 4 / 7
Utilisateur anonyme
 
je reviendrai ce soir vers 21H, car je dois partir
0
aymeu
 
ok merci cool
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
Utilisateur anonyme
 
je ne vois pas ta réponse
0
aymeu
 
Analyse terminée

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3060
Windows 5.1.2600 Service Pack 1

30/10/2009 18:25:56
mbam-log-2009-10-30 (18-25-33).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 216886
Temps écoulé: 1 hour(s), 44 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 28
Valeur(s) du Registre infectée(s): 15
Elément(s) de données du Registre infecté(s): 25
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 45

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fahzyxsx (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_HOSTS_CONTROLLER (Worm.Kolab) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\evdoserver (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\windows hosts controller (Worm.Archive) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows hosts controller (Worm.Archive) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows hosts controller (Worm.Archive) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe (Adware.EGDAccess) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetGameBox (Adware.Popup) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\at1394 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DhcpSrv (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmena (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sysdrv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tdctxte (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\protect (Rootkit.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sys (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WaitToKillServiceT (Malware.Trace) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\iwhhkft.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.exe (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.exe (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.exe (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[1].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[2].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[1].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[2].bin (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[1].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[2].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[3].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[4].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\R5R3KC7A\w[1].bin (Trojan.Downloader) -> No action taken.
C:\mp3.exe (Worm.AutoRun) -> No action taken.
C:\WINDOWS\System32:svchost.exe (Rootkit.ADS) -> No action taken.
C:\WINDOWS\system32\w.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\at1394.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dncyool32.sys (Trojan.Backdoor) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSserv.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\EvdoServer.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\567788.bat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\freddy46.exe (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ld11.exe (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro122458.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro122570.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro122597.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro122689.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro123290.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro123652.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\system32\drivers\protect.sys (Rootkit.Agent) -> No action taken.
0
aymeu > aymeu
 
Après suppression


Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3060
Windows 5.1.2600 Service Pack 1

30/10/2009 18:29:59
mbam-log-2009-10-30 (18-29-59).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 216886
Temps écoulé: 1 hour(s), 44 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 28
Valeur(s) du Registre infectée(s): 15
Elément(s) de données du Registre infecté(s): 25
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 45

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fahzyxsx (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_HOSTS_CONTROLLER (Worm.Kolab) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetGameBox (Adware.Popup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\at1394 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DhcpSrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmena (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sysdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tdctxte (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WaitToKillServiceT (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\iwhhkft.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[2].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[2].bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[2].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[3].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[4].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\R5R3KC7A\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\mp3.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\System32:svchost.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\at1394.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dncyool32.sys (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\EvdoServer.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\567788.bat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy46.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ld11.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122458.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122570.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122597.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122689.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro123290.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro123652.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\protect.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
0
Réponse 6 / 7
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Whaooouuuu !
Bon courage nathandre :-)
0
aymeu
 
J'ai supprimé les fichiers infectés, je redémarre mon pc et maintenant je n'ai plus rien qui s'affiche sur le bureau rrrrrrrrrrrrrrrrrrrrrrrrrrrr

A l'aide .....................................;
0
Utilisateur anonyme > aymeu
 
c'est explorer qui s'est arrété
touches ctrl+alt+supp, sélectionne gestionnaire de tâches va dans l'onglet
processus, clique sur fichier, puis sur nouvelle tâche
tape explorer, puis valide
0
Réponse 7 / 7
Utilisateur anonyme
 
j'avais pas remarqué que tu n'avais pas d'anti-virus, faut pas t'étonner pourquoi ton PC est un élevage de nuisibles, il va falloir installer un anti-virus
0
aymeu
 
Ce n'est pas mon PC je viens de faire les corrections.

Explorer n'est plus présent depuis la suppression des virus comment faire ?
0
Utilisateur anonyme > aymeu
 
il faudrai aller sur un autre PC aller dans le dossier Windows copier le fichier explorer.exe, puis le replacer dans ton PC dans le dossier Windows
0

Discussions similaires

Outiles d'analyse sur Excel
abdeloihab -
etr032 -

11 réponses
Problème colissimo suivi
Kim -
contrariness -

1 réponse
Fixer un résultat pour de bon à l'aide d'une fonction.
Bioforge -
Bioforge -

1 réponse
colis prêt à être expédiée depuis 9 jours !
Bobdurochelot -
lolo3402 -

4 réponses
Y a t-il une âme charitable pour m'aider ??
Rochat1 -
Rochat1 -

3 réponses