Help! Antiwalware doctor!
Fermé
lud64
-
14 sept. 2010 à 19:48
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 - 14 sept. 2010 à 22:14
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 - 14 sept. 2010 à 22:14
A voir également:
- Help! Antiwalware doctor!
- Pc doctor - Télécharger - Optimisation
- Disk doctor - Télécharger - Récupération de données
- Car doctor - Télécharger - Vie quotidienne
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Device doctor - Télécharger - Informations & Diagnostic
4 réponses
jfkpresident
Messages postés
13408
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 175
14 sept. 2010 à 20:20
14 sept. 2010 à 20:20
Bonsoir,
Télécharges ComboFix à partir d'un de ces liens :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
la protection en temps réel de ton Antivirus et de tes Antispywares,
qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt,.
est automatiquement sauvegardé et rangé à C:\Combofix.txt)
? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares,
avant de te reconnecter à internet.
? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Télécharges ComboFix à partir d'un de ces liens :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
la protection en temps réel de ton Antivirus et de tes Antispywares,
qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt,.
est automatiquement sauvegardé et rangé à C:\Combofix.txt)
? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares,
avant de te reconnecter à internet.
? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Mon pc rame tellement que je n'arrive pas à télécharger quoique se soit...
Voici le scan malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4608
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
13/09/2010 20:06:47
mbam-log-2010-09-13 (20-06-47).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 141342
Temps écoulé: 18 minute(s), 21 seconde(s)
Processus mémoire infecté(s): 6
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 23
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 74
Processus mémoire infecté(s):
C:\WINDOWS\Ajopob .exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\szetyj67vx.exe (Trojan.LVBP) -> Unloaded process successfully.
C:\WINDOWS\Temp\VRT8.tmp (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\updata.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\WINDOWS\system32\do_not_delete.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\szetyj67v.exe (Trojan.Dropper) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mskpwvmx.dll (Trojan.Onlinegames) -> Delete on reboot.
C:\Documents and Settings\ludivine nicolas\Application Data\CrazyLoader\crtdrvvcl68\msftldr.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MSoftware (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sppobv (Trojan.Onlinegames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\szetyj67vx (Trojan.LVBP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\apps (Trojan.Agent) -> Not selected for removal.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\w37e3 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\do_not_delete (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\do_not_delete (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\do_not_delete (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\do_not_delete (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\szetyj67v (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netlog2 (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\init (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\win (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firewall admin (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netlog3 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\firewall admin (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows\win (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows\init (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxe7dxcq37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mskpwvmx.dll (Trojan.Onlinegames) -> Delete on reboot.
C:\WINDOWS\Ajopob .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\szetyj67vx.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Application Data\CrazyLoader\crtdrvvcl68\msftldr.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\VRT8.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\updata.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\ludivine nicolas\wuaucldt.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sivchostp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sivchosts.exe (Trojan.Agent) -> Not selected for removal.
C:\WINDOWS\system32\hecm9qn.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yg0ctmi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\123.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\124.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\208kkz07n.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\m3qal7cp.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\mkcxhunr.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\pg6p5dna.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Ahk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Ahm .exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Aho.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Ahq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Ahr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Ahs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Aht.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Ahu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\egascxmj.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\eprto5pa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\foylxnq80.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\stp3f6b2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\d11si1hpz.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\wx4k7r2p.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\zcibxtutw.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\5gjlfwh2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\bfckwwbcj.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\oh3z0y2s.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\vvuynin8r.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\55q55.sys (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9k7boun8.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fny9nfl2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\r8caiku9.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\shosqyaa.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT10.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT11.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT12.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT4.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT5.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT6.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT9.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRTD.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRTF.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\wuaucldt .exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temporary Internet Files\Content.IE5\I9684X81\dmq4[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svc2 .exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\svc3 .exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Ajopoa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Ajopoc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uvt3fg5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_id.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsats.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\do_not_delete.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\service.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\szetyj67v.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\sRp13WlF.com (Malware.Generic) -> Quarantined and deleted successfully.
C:\WINDOWS\mdll.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\svc2.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Application Data\239BDE418B365F7437639F5E39C1BB04\mediafix70700en02.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\svc3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Ahm .exe (Trojan.FakeAlert) -> Delete on reboot.
Voici le scan malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4608
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
13/09/2010 20:06:47
mbam-log-2010-09-13 (20-06-47).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 141342
Temps écoulé: 18 minute(s), 21 seconde(s)
Processus mémoire infecté(s): 6
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 23
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 74
Processus mémoire infecté(s):
C:\WINDOWS\Ajopob .exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\szetyj67vx.exe (Trojan.LVBP) -> Unloaded process successfully.
C:\WINDOWS\Temp\VRT8.tmp (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\updata.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\WINDOWS\system32\do_not_delete.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\szetyj67v.exe (Trojan.Dropper) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mskpwvmx.dll (Trojan.Onlinegames) -> Delete on reboot.
C:\Documents and Settings\ludivine nicolas\Application Data\CrazyLoader\crtdrvvcl68\msftldr.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MSoftware (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sppobv (Trojan.Onlinegames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\szetyj67vx (Trojan.LVBP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\apps (Trojan.Agent) -> Not selected for removal.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\w37e3 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\do_not_delete (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\do_not_delete (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\do_not_delete (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\do_not_delete (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\szetyj67v (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netlog2 (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\init (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\win (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firewall admin (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netlog3 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\firewall admin (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows\win (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows\init (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxe7dxcq37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mskpwvmx.dll (Trojan.Onlinegames) -> Delete on reboot.
C:\WINDOWS\Ajopob .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\szetyj67vx.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Application Data\CrazyLoader\crtdrvvcl68\msftldr.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\VRT8.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\updata.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\ludivine nicolas\wuaucldt.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sivchostp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sivchosts.exe (Trojan.Agent) -> Not selected for removal.
C:\WINDOWS\system32\hecm9qn.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yg0ctmi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\123.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\124.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\208kkz07n.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\m3qal7cp.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\mkcxhunr.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\pg6p5dna.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Ahk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Ahm .exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Aho.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Ahq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Ahr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Ahs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Aht.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Ahu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\egascxmj.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\eprto5pa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\foylxnq80.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\stp3f6b2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\d11si1hpz.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\wx4k7r2p.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\zcibxtutw.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\5gjlfwh2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\bfckwwbcj.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\oh3z0y2s.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\vvuynin8r.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\55q55.sys (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9k7boun8.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fny9nfl2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\r8caiku9.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\shosqyaa.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT10.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT11.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT12.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT4.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT5.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT6.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT9.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRTD.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRTF.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\wuaucldt .exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temporary Internet Files\Content.IE5\I9684X81\dmq4[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svc2 .exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\svc3 .exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Ajopoa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Ajopoc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uvt3fg5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_id.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsats.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\do_not_delete.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\service.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\szetyj67v.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\sRp13WlF.com (Malware.Generic) -> Quarantined and deleted successfully.
C:\WINDOWS\mdll.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\svc2.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Application Data\239BDE418B365F7437639F5E39C1BB04\mediafix70700en02.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\svc3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ludivine nicolas\Local Settings\Temp\Ahm .exe (Trojan.FakeAlert) -> Delete on reboot.
jfkpresident
Messages postés
13408
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 175
14 sept. 2010 à 22:14
14 sept. 2010 à 22:14
Autant dire qu'il y a du monde au portail :)
*Télécharge Rkill (de Grinler) depuis l'un des liens ci dessous :
Rkill
Rkill
Rkill
Rkill
*Enregistrer le fichier sur le Bureau.
*Désactive ton antivirus et/ou antispyware .
*Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.
Pour Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.
*Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des quatre liens ci-dessus et faire une nouvelle tentative d'exécution.
Une fois fait ça ,essaie de télécharger et lancer Combofix comme décrit dans mon premier post .
*Télécharge Rkill (de Grinler) depuis l'un des liens ci dessous :
Rkill
Rkill
Rkill
Rkill
*Enregistrer le fichier sur le Bureau.
*Désactive ton antivirus et/ou antispyware .
*Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.
Pour Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.
*Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des quatre liens ci-dessus et faire une nouvelle tentative d'exécution.
Une fois fait ça ,essaie de télécharger et lancer Combofix comme décrit dans mon premier post .
