Pourriez vous m'aider à analyser ce bilan

aymeu -  
 Utilisateur anonyme -
Bonjour,

Pourriez vous m'aider à analyser ce bilan et si possible me donner des solutions ?

Je vous remercie d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:32, on 30/10/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\a-squared Free\a2free.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\TROCME ALAIN\Bureau\Nouveau dossier\lavasoft_adawarefree.exe
C:\DOCUME~1\TROCME~1\LOCALS~1\Temp\mia86.tmp\Ad-AwareInstallation.exe
C:\Documents and Settings\TROCME ALAIN\Bureau\Nouveau dossier\Installés\HiJackThis.exe
C:\WINDOWS\System32\msiexec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.packardbell.fr/center
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz0.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {d08b4860-8557-4c3a-8f6e-000979231650} - c:\windows\system32\iwhhkft.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll
O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz0.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [32365] C:\edkkf.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [icf] C:\WINDOWS\System32:svchost.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{29DE82C9-85B6-4EDC-966C-8F39811E4759}: NameServer = 213.174.139.72,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E317C6C-FB21-4E52-85AA-79516B0D83CE}: NameServer = 213.174.139.72,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{29DE82C9-85B6-4EDC-966C-8F39811E4759}: NameServer = 213.174.139.72,192.168.1.1
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: fahzyxsx - C:\WINDOWS\SYSTEM32\iwhhkft.dll
O20 - Winlogon Notify: vgzhawe - vgzhawe.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\System32\afisicx.exe (file missing)
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: sofatnet Service (sofatnet) - Unknown owner - C:\WINDOWS\System32\sofatnet.exe (file missing)
O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\System32\tdctxte.exe (file missing)
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: Windows Hosts Controller (windows hosts controller) - Unknown owner - C:\WINDOWS\Fonts\uninstall_.exe
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 9113 bytes
Configuration: Windows XP Internet Explorer 6.0

7 réponses

  1. Utilisateur anonyme
     
    bonjour
    ça, c'est pas bon du tout
    O4 - HKLM\..\Run: [32365] C:\edkkf.exe
    O4 - HKUS\.DEFAULT\..\Run: [icf] C:\WINDOWS\System32:svchost.exe (User 'Default user')
    O20 - Winlogon Notify: fahzyxsx - C:\WINDOWS\SYSTEM32\iwhhkft.dll
    O20 - Winlogon Notify: vgzhawe - vgzhawe.dll (file missing)
    O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe
    O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\System32\tdctxte.exe (file missing) ????


    Télécharge malwarebytes' anti-malware
    https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
    Enregistre le sur le bureau
    Double-clique sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation
    Si la pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
    Il va se mettre à jour une fois faite
    Va dans l'onglet recherche
    Sélectionne exécuter un examen complet
    Clique sur rechercher
    Le scan démarre
    A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.
    Clique sur afficher les résultats pour afficher les objets trouvés
    Clique sur OK pour pousuivre
    Si des malwares ont été détectés, cliquer sur afficher les résultats
    Sélectionne tout (ou laisser coché)
    Clique sur supprimer la sélection
    Malwarebytes va détruire les fichiers et les clés de registre et en mettre une
    copie dans la quarantaine
    Malewarebytes va ouvrir le bloc-note et y copier le rapport
    Redémarre le PC
    Une fois redémarré, double-clique sur Malewarebytes
    Va dans l'onglet rapport/log
    Clique dessus pour l'afficher une fois affiché, cliquer sur édition en haut du
    bloc-note puis sur sélectionner tout
    Revient sur édition, puis sur copier et revient sur le forum et dans ta réponse
    Clic droit dans le cadre de la réponse et coller
    0
  3. Utilisateur anonyme
     
    ça bloque
    0
    1. aymeu
       
      ok merci je vais le faire mais j'ai lancé une analyse avec spybot et a-squared Free4,5
      0
      1. Utilisateur anonyme > aymeu
         
        laisse Spybot et a squared de coté, il faudrai plutot les désactiver, ils ne supprimeront pas l'infection que tu as
        0
      2. aymeu > Utilisateur anonyme
         
        Ok j'execute
        0
      3. aymeu > aymeu
         
        L'installation plante
        0
  4. Utilisateur anonyme
     
    je reviendrai ce soir vers 21H, car je dois partir
    0
    1. aymeu
       
      ok merci cool
      0

  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    je ne vois pas ta réponse
    0
    1. aymeu
       
      Analyse terminée

      Malwarebytes' Anti-Malware 1.41
      Version de la base de données: 3060
      Windows 5.1.2600 Service Pack 1

      30/10/2009 18:25:56
      mbam-log-2009-10-30 (18-25-33).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 216886
      Temps écoulé: 1 hour(s), 44 minute(s), 48 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 28
      Valeur(s) du Registre infectée(s): 15
      Elément(s) de données du Registre infecté(s): 25
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 45

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fahzyxsx (Trojan.Vundo.H) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> No action taken.
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_HOSTS_CONTROLLER (Worm.Kolab) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Trojan.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\evdoserver (Trojan.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Trojan.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\windows hosts controller (Worm.Archive) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows hosts controller (Worm.Archive) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows hosts controller (Worm.Archive) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe (Adware.EGDAccess) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetGameBox (Adware.Popup) -> No action taken.
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\afisicx (Trojan.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\at1394 (Trojan.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DhcpSrv (Trojan.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmena (Trojan.Downloader) -> No action taken.
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> No action taken.
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> No action taken.
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sysdrv (Rootkit.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tdctxte (Rootkit.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Rootkit.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\protect (Rootkit.Agent) -> No action taken.

      Valeur(s) du Registre infectée(s):
      HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\icf (Rootkit.ADS) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sys (Rootkit.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WaitToKillServiceT (Malware.Trace) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      c:\WINDOWS\system32\iwhhkft.dll (Trojan.Vundo.H) -> No action taken.
      C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_navps.dat (Adware.Navipromo.H) -> No action taken.
      C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_nav.dat (Adware.Navipromo.H) -> No action taken.
      C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.dat (Adware.Navipromo.H) -> No action taken.
      C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.exe (Adware.Navipromo.H) -> No action taken.
      C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_navps.dat (Adware.Navipromo.H) -> No action taken.
      C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_nav.dat (Adware.Navipromo.H) -> No action taken.
      C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.dat (Adware.Navipromo.H) -> No action taken.
      C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.exe (Adware.Navipromo.H) -> No action taken.
      C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_navps.dat (Adware.Navipromo.H) -> No action taken.
      C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_nav.dat (Adware.Navipromo.H) -> No action taken.
      C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.dat (Adware.Navipromo.H) -> No action taken.
      C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.exe (Adware.Navipromo.H) -> No action taken.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[1].bin (Trojan.Downloader) -> No action taken.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[2].bin (Trojan.Downloader) -> No action taken.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[1].bin (Trojan.Downloader) -> No action taken.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[2].bin (Trojan.Agent) -> No action taken.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[1].bin (Trojan.Downloader) -> No action taken.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[2].bin (Trojan.Downloader) -> No action taken.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[3].bin (Trojan.Downloader) -> No action taken.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[4].bin (Trojan.Downloader) -> No action taken.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\R5R3KC7A\w[1].bin (Trojan.Downloader) -> No action taken.
      C:\mp3.exe (Worm.AutoRun) -> No action taken.
      C:\WINDOWS\System32:svchost.exe (Rootkit.ADS) -> No action taken.
      C:\WINDOWS\system32\w.exe (Backdoor.Bot) -> No action taken.
      C:\WINDOWS\system32\at1394.sys (Trojan.Agent) -> No action taken.
      C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken.
      C:\WINDOWS\system32\dncyool32.sys (Trojan.Backdoor) -> No action taken.
      C:\WINDOWS\system32\drivers\TDSSserv.sys (Trojan.Agent) -> No action taken.
      C:\WINDOWS\system32\EvdoServer.dll (Trojan.Agent) -> No action taken.
      C:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> No action taken.
      C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken.
      C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> No action taken.
      C:\Documents and Settings\SEGHAIR WASSIM\reader_s.exe (Trojan.Agent) -> No action taken.
      C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> No action taken.
      C:\WINDOWS\567788.bat (Worm.KoobFace) -> No action taken.
      C:\WINDOWS\freddy46.exe (Worm.KoobFace) -> No action taken.
      C:\WINDOWS\ld11.exe (Worm.KoobFace) -> No action taken.
      C:\WINDOWS\ro122458.dat (Worm.KoobFace) -> No action taken.
      C:\WINDOWS\ro122570.dat (Worm.KoobFace) -> No action taken.
      C:\WINDOWS\ro122597.dat (Worm.KoobFace) -> No action taken.
      C:\WINDOWS\ro122689.dat (Worm.KoobFace) -> No action taken.
      C:\WINDOWS\ro123290.dat (Worm.KoobFace) -> No action taken.
      C:\WINDOWS\ro123652.dat (Worm.KoobFace) -> No action taken.
      C:\WINDOWS\system32\drivers\protect.sys (Rootkit.Agent) -> No action taken.
      0
      1. aymeu > aymeu
         
        Après suppression


        Malwarebytes' Anti-Malware 1.41
        Version de la base de données: 3060
        Windows 5.1.2600 Service Pack 1

        30/10/2009 18:29:59
        mbam-log-2009-10-30 (18-29-59).txt

        Type de recherche: Examen complet (C:\|)
        Eléments examinés: 216886
        Temps écoulé: 1 hour(s), 44 minute(s), 48 second(s)

        Processus mémoire infecté(s): 0
        Module(s) mémoire infecté(s): 0
        Clé(s) du Registre infectée(s): 28
        Valeur(s) du Registre infectée(s): 15
        Elément(s) de données du Registre infecté(s): 25
        Dossier(s) infecté(s): 0
        Fichier(s) infecté(s): 45

        Processus mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Module(s) mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Clé(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fahzyxsx (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_CLASSES_ROOT\CLSID\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_HOSTS_CONTROLLER (Worm.Kolab) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetGameBox (Adware.Popup) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\at1394 (Trojan.Agent) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DhcpSrv (Trojan.Agent) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmena (Trojan.Downloader) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sysdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tdctxte (Rootkit.Agent) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.

        Valeur(s) du Registre infectée(s):
        HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sys (Rootkit.Agent) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WaitToKillServiceT (Malware.Trace) -> Quarantined and deleted successfully.

        Elément(s) de données du Registre infecté(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.

        Dossier(s) infecté(s):
        (Aucun élément nuisible détecté)

        Fichier(s) infecté(s):
        c:\WINDOWS\system32\iwhhkft.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[2].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[2].bin (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[2].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[3].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[4].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\R5R3KC7A\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\mp3.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
        C:\WINDOWS\System32:svchost.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\at1394.sys (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\dncyool32.sys (Trojan.Backdoor) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\TDSSserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\EvdoServer.dll (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
        C:\Documents and Settings\SEGHAIR WASSIM\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
        C:\WINDOWS\567788.bat (Worm.KoobFace) -> Quarantined and deleted successfully.
        C:\WINDOWS\freddy46.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
        C:\WINDOWS\ld11.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
        C:\WINDOWS\ro122458.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
        C:\WINDOWS\ro122570.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
        C:\WINDOWS\ro122597.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
        C:\WINDOWS\ro122689.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
        C:\WINDOWS\ro123290.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
        C:\WINDOWS\ro123652.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\protect.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
        0
  7. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Whaooouuuu !
    Bon courage nathandre :-)
    0
    1. aymeu
       
      J'ai supprimé les fichiers infectés, je redémarre mon pc et maintenant je n'ai plus rien qui s'affiche sur le bureau rrrrrrrrrrrrrrrrrrrrrrrrrrrr

      A l'aide .....................................;
      0
      1. Utilisateur anonyme > aymeu
         
        c'est explorer qui s'est arrété
        touches ctrl+alt+supp, sélectionne gestionnaire de tâches va dans l'onglet
        processus, clique sur fichier, puis sur nouvelle tâche
        tape explorer, puis valide
        0
  8. Utilisateur anonyme
     
    j'avais pas remarqué que tu n'avais pas d'anti-virus, faut pas t'étonner pourquoi ton PC est un élevage de nuisibles, il va falloir installer un anti-virus
    0
    1. aymeu
       
      Ce n'est pas mon PC je viens de faire les corrections.

      Explorer n'est plus présent depuis la suppression des virus comment faire ?
      0
      1. Utilisateur anonyme > aymeu
         
        il faudrai aller sur un autre PC aller dans le dossier Windows copier le fichier explorer.exe, puis le replacer dans ton PC dans le dossier Windows
        0

Discussions similaires

Problème colissimo suivi
Kim -
contrariness -

1 réponse
colis prêt à être expédiée depuis 9 jours !
Bobdurochelot -
lolo3402 -

4 réponses
Erreur Windows Update maj impossible 0x800f0805
Alan... -
Alan -

21 réponses
Y a t-il une âme charitable pour m'aider ??
Rochat1 -
Rochat1 -

3 réponses