Virus spyware soft ?
Fermé
zeus42
-
10 juin 2010 à 14:39
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 10 juin 2010 à 14:46
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 10 juin 2010 à 14:46
A voir également:
- Virus spyware soft ?
- Anti spyware - Télécharger - Antivirus & Antimalwares
- Svchost.exe virus - Guide
- Altruistic virus ✓ - Forum Antivirus
- Faux message virus iphone - Forum iPhone
- Operagxsetup virus ✓ - Forum Virus
2 réponses
rapport:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4185
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
10/06/2010 14:43:38
mbam-log-2010-06-10 (14-43-38).txt
Type d'examen: Examen complet (C:\|E:\|F:\|G:\|H:\|I:\|)
Elément(s) analysé(s): 266081
Temps écoulé: 1 heure(s), 40 minute(s), 57 seconde(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
C:\Users\Michel\AppData\Local\kcsrpoxxx\ijylcaotssd.exe (Malware.Gen) -> Unloaded process successfully.
C:\Users\Public\msnl.exe (Trojan.Agent) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.dll (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qmtjxfbu (Malware.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system guard (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\Michel\Local Settings\Application Data\cyyoi_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\cyyoi_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\cyyoi.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\ecyeayw_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\ecyeayw_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\ecyeayw.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\mwqkawu_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\mwqkawu_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\mwqkawu.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\kcsrpoxxx\ijylcaotssd.exe (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\Public\msnl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IBI7N5G\pic[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTBJ98R3\photo-2010-05-30-jpg[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IONGXQBG\photo-2010-05-30-jpg[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JHDAFGBS\photo-2010-05-30-jpg[2].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Temp\amv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Temp\qubjcfnu.exe (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Temp\sluqu.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Temp\uhq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\rwbmaua_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\yiwwqew_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4185
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
10/06/2010 14:43:38
mbam-log-2010-06-10 (14-43-38).txt
Type d'examen: Examen complet (C:\|E:\|F:\|G:\|H:\|I:\|)
Elément(s) analysé(s): 266081
Temps écoulé: 1 heure(s), 40 minute(s), 57 seconde(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
C:\Users\Michel\AppData\Local\kcsrpoxxx\ijylcaotssd.exe (Malware.Gen) -> Unloaded process successfully.
C:\Users\Public\msnl.exe (Trojan.Agent) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.dll (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qmtjxfbu (Malware.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system guard (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\Michel\Local Settings\Application Data\cyyoi_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\cyyoi_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\cyyoi.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\ecyeayw_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\ecyeayw_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\ecyeayw.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\mwqkawu_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\mwqkawu_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\mwqkawu.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\kcsrpoxxx\ijylcaotssd.exe (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\Public\msnl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IBI7N5G\pic[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTBJ98R3\photo-2010-05-30-jpg[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IONGXQBG\photo-2010-05-30-jpg[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JHDAFGBS\photo-2010-05-30-jpg[2].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Temp\amv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Temp\qubjcfnu.exe (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Temp\sluqu.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\AppData\Local\Temp\uhq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\rwbmaua_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Michel\Local Settings\Application Data\yiwwqew_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 634
Modifié par Malekal_morte- le 10/06/2010 à 14:50
Modifié par Malekal_morte- le 10/06/2010 à 14:50
Salut,
EDIT : oups j'avais mal lu :)
bha malwarebyte a fait le boulot nan ?
Eventuellement fais ça :
* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
* Sous Custom Scans/Fixes, copie-colle ce qu'il y a dans le cadre ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
* Clique sur le bouton Quick Scan.
* Quand le scan est fini, utilise le site http://www.cijoint.fr/ pour me donner les deux rapports : OTL.Txt et Extras.Txt.
Them crooked vultures this evening :D
EDIT : oups j'avais mal lu :)
bha malwarebyte a fait le boulot nan ?
Eventuellement fais ça :
* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
* Sous Custom Scans/Fixes, copie-colle ce qu'il y a dans le cadre ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
* Clique sur le bouton Quick Scan.
* Quand le scan est fini, utilise le site http://www.cijoint.fr/ pour me donner les deux rapports : OTL.Txt et Extras.Txt.
Them crooked vultures this evening :D
