A voir également:
- Pourriez vous m'aider à analyser ce bilan
- Bilan de santé du pc - Guide
- Bilan@outlook.ca - Forum Outlook
- Je cherche une personne qui peut m'aider - Forum Logiciels
- Samia, kevin et jason ont gardé la trace de leurs ventes quotidiennes du mois de juillet 2016. dans la feuille bilan, il manque les résultats de jason. insérez une colonne entre samia et kevin et reportez-y les résultats de jason. quel mot secret apparait en f2 ? - Forum Excel
- La poste est prête à prendre en charge votre envoi. dès qu'il nous sera confié, vous pourrez suivre son trajet ici. ✓ - Forum Mobile
7 réponses
bonjour
ça, c'est pas bon du tout
O4 - HKLM\..\Run: [32365] C:\edkkf.exe
O4 - HKUS\.DEFAULT\..\Run: [icf] C:\WINDOWS\System32:svchost.exe (User 'Default user')
O20 - Winlogon Notify: fahzyxsx - C:\WINDOWS\SYSTEM32\iwhhkft.dll
O20 - Winlogon Notify: vgzhawe - vgzhawe.dll (file missing)
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\System32\tdctxte.exe (file missing) ????
Télécharge malwarebytes' anti-malware
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
Enregistre le sur le bureau
Double-clique sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation
Si la pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
Il va se mettre à jour une fois faite
Va dans l'onglet recherche
Sélectionne exécuter un examen complet
Clique sur rechercher
Le scan démarre
A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.
Clique sur afficher les résultats pour afficher les objets trouvés
Clique sur OK pour pousuivre
Si des malwares ont été détectés, cliquer sur afficher les résultats
Sélectionne tout (ou laisser coché)
Clique sur supprimer la sélection
Malwarebytes va détruire les fichiers et les clés de registre et en mettre une
copie dans la quarantaine
Malewarebytes va ouvrir le bloc-note et y copier le rapport
Redémarre le PC
Une fois redémarré, double-clique sur Malewarebytes
Va dans l'onglet rapport/log
Clique dessus pour l'afficher une fois affiché, cliquer sur édition en haut du
bloc-note puis sur sélectionner tout
Revient sur édition, puis sur copier et revient sur le forum et dans ta réponse
Clic droit dans le cadre de la réponse et coller
ça, c'est pas bon du tout
O4 - HKLM\..\Run: [32365] C:\edkkf.exe
O4 - HKUS\.DEFAULT\..\Run: [icf] C:\WINDOWS\System32:svchost.exe (User 'Default user')
O20 - Winlogon Notify: fahzyxsx - C:\WINDOWS\SYSTEM32\iwhhkft.dll
O20 - Winlogon Notify: vgzhawe - vgzhawe.dll (file missing)
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\System32\tdctxte.exe (file missing) ????
Télécharge malwarebytes' anti-malware
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
Enregistre le sur le bureau
Double-clique sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation
Si la pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
Il va se mettre à jour une fois faite
Va dans l'onglet recherche
Sélectionne exécuter un examen complet
Clique sur rechercher
Le scan démarre
A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.
Clique sur afficher les résultats pour afficher les objets trouvés
Clique sur OK pour pousuivre
Si des malwares ont été détectés, cliquer sur afficher les résultats
Sélectionne tout (ou laisser coché)
Clique sur supprimer la sélection
Malwarebytes va détruire les fichiers et les clés de registre et en mettre une
copie dans la quarantaine
Malewarebytes va ouvrir le bloc-note et y copier le rapport
Redémarre le PC
Une fois redémarré, double-clique sur Malewarebytes
Va dans l'onglet rapport/log
Clique dessus pour l'afficher une fois affiché, cliquer sur édition en haut du
bloc-note puis sur sélectionner tout
Revient sur édition, puis sur copier et revient sur le forum et dans ta réponse
Clic droit dans le cadre de la réponse et coller
ça bloque
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
je ne vois pas ta réponse
Analyse terminée
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3060
Windows 5.1.2600 Service Pack 1
30/10/2009 18:25:56
mbam-log-2009-10-30 (18-25-33).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 216886
Temps écoulé: 1 hour(s), 44 minute(s), 48 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 28
Valeur(s) du Registre infectée(s): 15
Elément(s) de données du Registre infecté(s): 25
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 45
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fahzyxsx (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_HOSTS_CONTROLLER (Worm.Kolab) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\evdoserver (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\windows hosts controller (Worm.Archive) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows hosts controller (Worm.Archive) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows hosts controller (Worm.Archive) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe (Adware.EGDAccess) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetGameBox (Adware.Popup) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\at1394 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DhcpSrv (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmena (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sysdrv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tdctxte (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\protect (Rootkit.Agent) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sys (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WaitToKillServiceT (Malware.Trace) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\iwhhkft.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.exe (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.exe (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.exe (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[1].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[2].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[1].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[2].bin (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[1].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[2].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[3].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[4].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\R5R3KC7A\w[1].bin (Trojan.Downloader) -> No action taken.
C:\mp3.exe (Worm.AutoRun) -> No action taken.
C:\WINDOWS\System32:svchost.exe (Rootkit.ADS) -> No action taken.
C:\WINDOWS\system32\w.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\at1394.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dncyool32.sys (Trojan.Backdoor) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSserv.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\EvdoServer.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\567788.bat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\freddy46.exe (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ld11.exe (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro122458.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro122570.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro122597.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro122689.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro123290.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro123652.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\system32\drivers\protect.sys (Rootkit.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3060
Windows 5.1.2600 Service Pack 1
30/10/2009 18:25:56
mbam-log-2009-10-30 (18-25-33).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 216886
Temps écoulé: 1 hour(s), 44 minute(s), 48 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 28
Valeur(s) du Registre infectée(s): 15
Elément(s) de données du Registre infecté(s): 25
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 45
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fahzyxsx (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_HOSTS_CONTROLLER (Worm.Kolab) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\evdoserver (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\windows hosts controller (Worm.Archive) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows hosts controller (Worm.Archive) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows hosts controller (Worm.Archive) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe (Adware.EGDAccess) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetGameBox (Adware.Popup) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\at1394 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DhcpSrv (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmena (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sysdrv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tdctxte (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\protect (Rootkit.Agent) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\icf (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sys (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WaitToKillServiceT (Malware.Trace) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\iwhhkft.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.exe (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.exe (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.exe (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[1].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[2].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[1].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[2].bin (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[1].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[2].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[3].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[4].bin (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\R5R3KC7A\w[1].bin (Trojan.Downloader) -> No action taken.
C:\mp3.exe (Worm.AutoRun) -> No action taken.
C:\WINDOWS\System32:svchost.exe (Rootkit.ADS) -> No action taken.
C:\WINDOWS\system32\w.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\at1394.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dncyool32.sys (Trojan.Backdoor) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSserv.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\EvdoServer.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> No action taken.
C:\Documents and Settings\SEGHAIR WASSIM\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\567788.bat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\freddy46.exe (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ld11.exe (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro122458.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro122570.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro122597.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro122689.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro123290.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\ro123652.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\system32\drivers\protect.sys (Rootkit.Agent) -> No action taken.
Après suppression
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3060
Windows 5.1.2600 Service Pack 1
30/10/2009 18:29:59
mbam-log-2009-10-30 (18-29-59).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 216886
Temps écoulé: 1 hour(s), 44 minute(s), 48 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 28
Valeur(s) du Registre infectée(s): 15
Elément(s) de données du Registre infecté(s): 25
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 45
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fahzyxsx (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_HOSTS_CONTROLLER (Worm.Kolab) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetGameBox (Adware.Popup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\at1394 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DhcpSrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmena (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sysdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tdctxte (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WaitToKillServiceT (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\iwhhkft.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[2].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[2].bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[2].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[3].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[4].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\R5R3KC7A\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\mp3.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\System32:svchost.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\at1394.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dncyool32.sys (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\EvdoServer.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\567788.bat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy46.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ld11.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122458.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122570.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122597.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122689.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro123290.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro123652.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\protect.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3060
Windows 5.1.2600 Service Pack 1
30/10/2009 18:29:59
mbam-log-2009-10-30 (18-29-59).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 216886
Temps écoulé: 1 hour(s), 44 minute(s), 48 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 28
Valeur(s) du Registre infectée(s): 15
Elément(s) de données du Registre infecté(s): 25
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 45
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fahzyxsx (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d08b4860-8557-4c3a-8f6e-000979231650} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_HOSTS_CONTROLLER (Worm.Kolab) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetGameBox (Adware.Popup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\at1394 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DhcpSrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmena (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sysdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tdctxte (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WaitToKillServiceT (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{29de82c9-85b6-4edc-966c-8f39811e4759}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58ebdcd0-65e2-43a1-8920-017e49f61eaa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7e317c6c-fb21-4e52-85aa-79516b0d83ce}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e537b837-7b2e-4791-9e27-b250234a5678}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f40f0325-e264-4190-8b25-6b2c7d0afe01}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\iwhhkft.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\bxfcidkhnk.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\Local Settings\Application Data\khebe.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\TRABELSI ZOHRA\Local Settings\Application Data\sigiwcy.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\12O7Z9VW\w[2].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89DZFGH0\w[2].bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[2].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[3].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7QX7N9G\w[4].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\R5R3KC7A\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\mp3.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\System32:svchost.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\at1394.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dncyool32.sys (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\EvdoServer.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\Documents and Settings\SEGHAIR WASSIM\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\567788.bat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy46.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ld11.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122458.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122570.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122597.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122689.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro123290.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro123652.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\protect.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
toptitbal
Messages postés
25707
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 223
30 oct. 2009 à 18:33
30 oct. 2009 à 18:33
Whaooouuuu !
Bon courage nathandre :-)
Bon courage nathandre :-)
j'avais pas remarqué que tu n'avais pas d'anti-virus, faut pas t'étonner pourquoi ton PC est un élevage de nuisibles, il va falloir installer un anti-virus