Rapport analyse de Mawarebytes' Anti Malware Fermé

Question

Bonjour, 

Après une infection de mon ordinateur par un faux antispame du nom de pest detector j'ai installé malwarebytes' anti malware et après analyse j'ai eu le rapport suivant, qqn pourrait-il m'aider à le déchiffrer? en vous remerciant d'avance:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4780

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

09/10/2010 10:16:30
mbam-log-2010-10-09 (10-16-30).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 337830
Temps écoulé: 13 heure(s), 0 minute(s), 7 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 36
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 25

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Users\i2man\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\megaswelladsforyou.megaswelladsforyou (Adware.MegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\megaswelladsforyou.megaswelladsforyou.1 (Adware.MegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ehrclvg (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eorezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\i2man\Local Settings\Application Data\ehrclvg_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\i2man\Local Settings\Application Data\ehrclvg_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\i2man\Local Settings\Application Data\ehrclvg.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Backup\i2man\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Program Files\Navilog1\gnc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoBHO.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Users\i2man\AppData\Local\Temp\lgnwct.exe (Trojan.DOwnloader) -> Quarantined and deleted successfully.
C:\Users\i2man\AppData\Local\Temp\xwmnoacres.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\i2man\AppData\Local\Temp\~TM5508.tmp (Trojan.DOwnloader) -> Quarantined and deleted successfully.
C:\Users\i2man\AppData\Local\Temp\~TM6EBF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\i2man\AppData\Local\Temp\yyed.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\i2man\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\i2man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\algdyw32.exe (Trojan.DOwnloader) -> Quarantined and deleted successfully.
C:\Users\i2man\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Users\i2man\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Users\i2man\Documents\Downloads\Speed-Downloading_setup (1).exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\i2man\Documents\Downloads\MyWebFaceSetup2.3.50.56_2.GRman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-08.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\i2man\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\i2man\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Users\i2man\AppData\Local\Temp\veusll.exe (Trojan.Downloader) -> Quarantined and deleted successfully.












Configuration: Windows Vista / Safari 534.3

jlpjlp · Answer

slt malwarebyte a eu du boulot !!!!

encore des soucis avec ton pc?



pour vérifier:


Télécharge OTL de OLDTimer ici :

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

et enregistre le sur ton Bureau.

Double clic sur OTL.exe pour le lancer.

Coche les 2 cases Lop et Purity

Coche la case devant "scan all users"

Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)


Pour me le transmettre clique sur ce lien :

http://www.cijoint.fr/

Clique sur Parcourir et cherche le fichier ci-dessus.

Clique sur Ouvrir.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.

benurrr · Answer

salut a vous

Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C.., 
Mais C.. de penser que ­tu es libre...Merci a australe13

argaz01 · Answer

C bon tout remarche parfaitement comme avant!!

argaz01 · Answer

Je viens de lancer le scan comme indiqué par jlpjlp, par contre ça va prendre du temps!!!
je vous tiens au courant les gars, merci

argaz01 · Answer

Voici les gars le fichier du rapport:  http://www.cijoint.fr/cjlink.php?file=cj201010/cij7jrCtLp.txt en vous remerciant d'avance.

jlpjlp · Answer

analyse ce fichier sur virus total et colle le rapport https://www.virustotal.com/gui/

C:\Users\i2man\AppData\Roaming\cacaoweb\cacaoweb.exe


________________

et
colle un rapport de nettoyage avec ad remover

argaz01 · Answer

virustotal.com me signale 7 résultat et la je vien de télécharger ad remover et j'ai lancé le scan, peux-tu me dire commet tu as fait pour identifier le fichier ci-dessus comme étant à problème? c'est juste pour ma culture général, en te remerciant d'avance. C:\Users\i2man\AppData\Roaming\cacaoweb\cacaoweb.exe

argaz01 · Answer

ci-joint le rapport de Ad remover:  http://www.cijoint.fr/cjlink.php?file=cj201010/cijia20FYM.txt

Et merci

jlpjlp · Answer

slt c'est par habitude que j'ai vu ce fichier comme suspect ...


pour ad remover colle un rapport de nettoyage

argaz01 · Answer

Merci jlpjlp, voici le rapport de nettoyage: http://www.cijoint.fr/cjlink.php?file=cj201010/cijHrGJvl5.txt

en te remerciant pour ton aide et le temps consacré à mon problème.

jlpjlp · Answer

remets un rapport OTL tout neuf

tu as supprimé le fichier analysé sur virus total ?

Rapport analyse de Mawarebytes' Anti Malware

11 réponses

Discussions similaires