Pc rame
patoch
-
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
Bonjour,
voila mon scan merci de l'etudier ?
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3174
Windows 5.1.2600 Service Pack 3
15/11/2009 14:20:22
mbam-log-2009-11-15 (14-20-22).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|J:\|)
Eléments examinés: 204917
Temps écoulé: 54 minute(s), 30 second(s)
Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 17
Processus mémoire infecté(s):
C:\documents and settings\patrick\local settings\application data\yefkv.exe (Adware.Navipromo.H) -> Unloaded process successfully.
C:\Program Files\Kwanzy\kwanzy.exe (Adware.Kwanzy) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\Kwanzy\kwanzy125.exe (Adware.Kwanzy) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Program Files\Kwanzy\kwanzy.dll (Adware.Kwanzy) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{61663dd6-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61663dd6-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{61663dd6-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{61663dd7-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61663dd7-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61663dd7-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kwanzy (Adware.Kwanzy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kwanzy Service (Adware.Kwanzy) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yefkv (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{61663dd6-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{61663dd6-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\spamblockerutility 4.8.4 (Adware.Hotbar) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\patrick\Application Data\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
C:\Program Files\Kwanzy (Adware.Kwanzy) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Kwanzy (Adware.Kwanzy) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\patrick\Local Settings\Application Data\yefkv_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\patrick\Local Settings\Application Data\yefkv_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\patrick\Local Settings\Application Data\yefkv.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\patrick\Local Settings\Application Data\yefkv.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Application Data\crhvla_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Application Data\crhvla_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Application Data\crhvla.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Application Data\crhvla.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\patrick\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\patrick\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3f78.dll (Adware.Mirar) -> Delete on reboot.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\Documents and Settings\patrick\Application Data\WhereSphere\config.cfg (Adware.WhereSphere) -> Quarantined and deleted successfully.
C:\Program Files\Kwanzy\kwanzy.dll (Adware.Kwanzy) -> Delete on reboot.
C:\Program Files\Kwanzy\kwanzy.exe (Adware.Kwanzy) -> Quarantined and deleted successfully.
C:\Program Files\Kwanzy\uninstall.exe (Adware.Kwanzy) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Kwanzy\kwanzy125.exe (Adware.Kwanzy) -> Quarantined and deleted successfully.
voila mon scan merci de l'etudier ?
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3174
Windows 5.1.2600 Service Pack 3
15/11/2009 14:20:22
mbam-log-2009-11-15 (14-20-22).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|J:\|)
Eléments examinés: 204917
Temps écoulé: 54 minute(s), 30 second(s)
Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 17
Processus mémoire infecté(s):
C:\documents and settings\patrick\local settings\application data\yefkv.exe (Adware.Navipromo.H) -> Unloaded process successfully.
C:\Program Files\Kwanzy\kwanzy.exe (Adware.Kwanzy) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\Kwanzy\kwanzy125.exe (Adware.Kwanzy) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Program Files\Kwanzy\kwanzy.dll (Adware.Kwanzy) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{61663dd6-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61663dd6-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{61663dd6-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{61663dd7-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61663dd7-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61663dd7-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kwanzy (Adware.Kwanzy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kwanzy Service (Adware.Kwanzy) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yefkv (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{61663dd6-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{61663dd6-ec61-4ef1-af68-cd6a70d14fcf} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\spamblockerutility 4.8.4 (Adware.Hotbar) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\patrick\Application Data\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
C:\Program Files\Kwanzy (Adware.Kwanzy) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Kwanzy (Adware.Kwanzy) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\patrick\Local Settings\Application Data\yefkv_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\patrick\Local Settings\Application Data\yefkv_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\patrick\Local Settings\Application Data\yefkv.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\patrick\Local Settings\Application Data\yefkv.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Application Data\crhvla_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Application Data\crhvla_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Application Data\crhvla.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Application Data\crhvla.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\patrick\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\patrick\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3f78.dll (Adware.Mirar) -> Delete on reboot.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\Documents and Settings\patrick\Application Data\WhereSphere\config.cfg (Adware.WhereSphere) -> Quarantined and deleted successfully.
C:\Program Files\Kwanzy\kwanzy.dll (Adware.Kwanzy) -> Delete on reboot.
C:\Program Files\Kwanzy\kwanzy.exe (Adware.Kwanzy) -> Quarantined and deleted successfully.
C:\Program Files\Kwanzy\uninstall.exe (Adware.Kwanzy) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Kwanzy\kwanzy125.exe (Adware.Kwanzy) -> Quarantined and deleted successfully.
A voir également:
- Pc rame
- Pc qui rame - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
- Double ecran pc - Guide
1 réponse
bonjour, vu ce que malwarbytes à trouvé tu passeras navilog option 1, tu postes le rapport suivi d'un RSIT pourvoir si rien d'autre sur le pc , Merci
1) pour navilog option 1
Télécharge Navilog1 (par IL-MAFIOSO) sur ton bureau
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistre la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, double clique sur le raccourci Navilog1 présent sur le bureau.
Laisse-toi guider. Appuie sur une touche quand on te le demande.
Au menu principal, choisis 1 et valide.
< Ne fais pas le choix 2 >
Patiente le temps du scan. Il te sera peut-être demandé de redémarrer ton PC.
Laisse l'outil le faire automatiquement, sinon redémarre ton PC normalement s'il te le demande.
Patiente jusqu'au message "Scan terminé le......"
Appuie sur une touche comme demandé ; le bloc-notes va s'ouvrir.
Copie-colle l'intégralité dans ta réponse. Referme le bloc-notes.
PS : le rapport est, aussi, sauvegardé à la racine du disque dur C:\cleannavi.txt
tuto : https://kerio.probb.fr/t3324-tuto-navilog
2) postes les rapports log.txt et info.txt de RSIT
• Télécharge Random's System Information Tool (RSIT) de Random/Random, et enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
* laisses le chois 1 month
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp
ps:Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt
Tutoriel pour t'aider
si le rapport ne passe pas sur le forum à cause de sa longeur envoie-le sur : http://www.cijoint.fr/ ,
fais parcourir , sélecctionnes le rapport log.txt en double cliquand dessus
puis envoie le fichier.
un lien bleu de cette forme va apparaitre :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
renvoie le lien tout frais dans ta prochaine reponse .
1) pour navilog option 1
Télécharge Navilog1 (par IL-MAFIOSO) sur ton bureau
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistre la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, double clique sur le raccourci Navilog1 présent sur le bureau.
Laisse-toi guider. Appuie sur une touche quand on te le demande.
Au menu principal, choisis 1 et valide.
< Ne fais pas le choix 2 >
Patiente le temps du scan. Il te sera peut-être demandé de redémarrer ton PC.
Laisse l'outil le faire automatiquement, sinon redémarre ton PC normalement s'il te le demande.
Patiente jusqu'au message "Scan terminé le......"
Appuie sur une touche comme demandé ; le bloc-notes va s'ouvrir.
Copie-colle l'intégralité dans ta réponse. Referme le bloc-notes.
PS : le rapport est, aussi, sauvegardé à la racine du disque dur C:\cleannavi.txt
tuto : https://kerio.probb.fr/t3324-tuto-navilog
2) postes les rapports log.txt et info.txt de RSIT
• Télécharge Random's System Information Tool (RSIT) de Random/Random, et enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
* laisses le chois 1 month
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp
ps:Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt
Tutoriel pour t'aider
si le rapport ne passe pas sur le forum à cause de sa longeur envoie-le sur : http://www.cijoint.fr/ ,
fais parcourir , sélecctionnes le rapport log.txt en double cliquand dessus
puis envoie le fichier.
un lien bleu de cette forme va apparaitre :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
renvoie le lien tout frais dans ta prochaine reponse .
