Zhpdiag ->gen hackman..

Résolu
zanu Messages postés 1175 Date d'inscription   Statut Membre Dernière intervention   -  
 Utilisateur anonyme -
Bonjour gen hackman,

voici mon zhpdiag d'une machine malade. merci pour ton aide.

http://www.cijoint.fr/cjlink.php?file=cj201104/cijUXMqhwy.txt



A voir également:

71 réponses

Précédent
Réponse 21 / 71
zanu Messages postés 1175 Date d'inscription   Statut Membre Dernière intervention   38
 
http://www.cijoint.fr/cjlink.php?file=cj201104/cij4kPTOKT.txt
0
Réponse 22 / 71
Utilisateur anonyme
 
▶ Télécharge ici : USBFIX sur ton bureau

branche tous tes periphériques sans les ouvrir

/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur l'icône Usbfix située sur ton Bureau.
Sur la page, clique sur le bouton :

▶ choisi l option Suppression

▶ UsbFix scannera ton pc , laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

0
Réponse 23 / 71
zanu Messages postés 1175 Date d'inscription   Statut Membre Dernière intervention   38
 
############################## | UsbFix 7.027 | [Suppression]

Utilisateur: Administrateur (Administrateur) # SDRP-SRAPT-1 [ ]
Mis à jour le 28/09/10 par El Desaparecido / C_XX
Lancé à 15:39:47 | 15/04/2011
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU 2: Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 6.0.2900.5512

Antivirus: AVG Anti-Virus Free Edition 2011 10.0 [Enabled | Updated]
RAM -> 446 Mo
C:\ (%systemdrive%) -> Disque fixe # 49 Go (28 Go libre(s) - 57%) [] # NTFS
D:\ -> CD-ROM
G:\ -> Disque fixe # 26 Go (25 Go libre(s) - 100%) [datas] # NTFS

################## | Éléments infectieux |


Supprimé! C:\WINDOWS\system32\com.run
Supprimé! C:\WINDOWS\system32\dp1.fne
Supprimé! C:\WINDOWS\system32\eAPI.fne
Supprimé! C:\WINDOWS\system32\internet.fne
Supprimé! C:\WINDOWS\system32\krnln.fnr
Supprimé! C:\WINDOWS\system32\og.dll
Supprimé! C:\WINDOWS\system32\og.edt
Supprimé! C:\WINDOWS\system32\shell.fne
Supprimé! C:\WINDOWS\system32\spec.fne
Supprimé! C:\WINDOWS\system32\ul.dll
Supprimé! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP

################## | Registre |


################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\C
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{05037378-4574-11e0-91ea-0019db2e6fa4}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{1ad8628a-4a25-11dc-b9bd-806d6172696f}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{1f16a141-65d9-11e0-84d4-806d6172696f}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{258da340-8d6b-11de-8f39-0019db2e6fa4}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{3aab47a0-3b79-11e0-91e4-0019db2e6fa4}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{3c402fd2-e620-11de-8faa-0019db2e6fa4}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{783a5f49-feb4-11df-9186-0019db2e6fa4}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{bb51a991-5f5b-11e0-9216-0019db2e6fa4}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{f86fe853-4e92-11de-8ee4-0019db2e6fa4}

################## | Listing |

[10/03/2011 - 10:12:48 | HD ] C:\$AVG
[11/12/2009 - 13:54:31 | HD ] C:\$AVG8.VAULT$
[27/10/2009 - 12:55:26 | D ] C:\3553691e492371a25a2233ab2112
[03/03/2011 - 17:58:19 | D ] C:\35ede87b96e4c2fc82ce3a203e1c
[03/03/2011 - 18:32:45 | D ] C:\80703d05c904453426
[11/11/2009 - 18:44:28 | D ] C:\840f6b980f610a39ac1c4ff852
[27/10/2009 - 12:56:00 | D ] C:\9c97b39462d1d7476919705995
[12/04/2011 - 19:55:27 | A | 11550] C:\Ad-Report-CLEAN[2].txt
[13/04/2011 - 13:55:13 | A | 7552] C:\Ad-Report-CLEAN[3].txt
[03/03/2011 - 17:43:41 | A | 5736] C:\Ad-Report-SCAN[1].txt
[03/03/2011 - 18:44:00 | RASHD ] C:\Autorun.inf
[14/12/2009 - 14:12:26 | ASH | 216] C:\boot.ini
[05/08/2004 - 04:00:00 | RASH | 4952] C:\Bootfont.bin
[11/02/2010 - 13:48:33 | D ] C:\CAF
[07/06/2010 - 15:02:09 | D ] C:\CANON PRINTER DVR
[12/12/2008 - 03:48:02 | D ] C:\compaq
[13/04/2011 - 14:28:02 | SHD ] C:\Config.Msi
[03/03/2011 - 18:33:53 | D ] C:\db4cda403cc7c5ebfd193f13
[21/09/2010 - 18:27:19 | A | 10153] C:\Doc1.docx
[10/08/2010 - 11:15:43 | D ] C:\Documents and Settings
[10/03/2011 - 10:47:59 | SHD ] C:\found.000
[31/03/2011 - 14:58:37 | SHD ] C:\found.001
[08/05/2009 - 06:35:23 | D ] C:\HUAWEI
[14/08/2007 - 15:08:41 | D ] C:\i386
[14/12/2009 - 12:55:56 | D ] C:\idm
[05/02/2009 - 04:08:33 | RASH | 0] C:\IO.SYS
[14/12/2009 - 11:09:28 | D ] C:\KAV
[05/02/2009 - 04:08:33 | RASH | 0] C:\MSDOS.SYS
[14/08/2007 - 07:16:07 | RHD ] C:\MSOCache
[18/11/2010 - 13:26:42 | D ] C:\Norton_update
[05/08/2004 - 04:00:00 | ASH | 47564] C:\ntdetect.com
[13/11/2009 - 11:25:24 | ASH | 252240] C:\ntldr
[15/04/2011 - 15:37:08 | ASH | 704643072] C:\pagefile.sys
[03/01/2010 - 19:30:47 | D ] C:\PESTICIDE
[14/10/2010 - 10:20:10 | D ] C:\PRINTER
[13/04/2011 - 16:53:19 | RD ] C:\Program Files
[06/01/2010 - 18:42:23 | D ] C:\PR_ZAPATA
[16/12/2009 - 14:04:33 | A | 70656] C:\recevabilité (renouvellement TRICAL 250 OL).doc
[12/04/2010 - 13:07:57 | SHD ] C:\RECYCLER
[14/12/2009 - 13:06:29 | D ] C:\rsit
[13/04/2011 - 15:24:07 | A | 929] C:\SeafLog.txt
[02/12/2009 - 08:47:42 | D ] C:\spoolerlogs
[14/12/2009 - 14:41:47 | D ] C:\Sun
[18/02/2011 - 14:09:37 | SHD ] C:\System Volume Information
[14/08/2007 - 07:13:05 | AHD ] C:\system.sav
[05/02/2009 - 02:42:22 | D ] C:\temp
[15/04/2011 - 14:44:19 | D ] C:\thierry
[17/11/2010 - 19:29:01 | D ] C:\Toc
[15/04/2011 - 15:42:03 | D ] C:\UsbFix
[15/04/2011 - 15:42:03 | A | 1267] C:\UsbFix.txt
[03/03/2011 - 18:44:27 | A | 45539051] C:\UsbFix_Upload_Me_SDRP-SRAPT-1.zip
[14/04/2011 - 11:19:37 | D ] C:\WINDOWS
[15/04/2011 - 15:42:03 | SHD ] G:\RECYCLER
[13/04/2011 - 16:31:14 | SHD ] G:\System Volume Information

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
0
Réponse 24 / 71
Utilisateur anonyme
 
il sort d'ou cet usbfix ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 71
zanu Messages postés 1175 Date d'inscription   Statut Membre Dernière intervention   38
 
c'est un ancien que j'avais dans la machine, le tiens ne s'exécute pas.
0
Réponse 26 / 71
Utilisateur anonyme
 
explique , précise

le tiens ne s'exécute pas.
0
Réponse 27 / 71
zanu Messages postés 1175 Date d'inscription   Statut Membre Dernière intervention   38
 
ok, j'ai retelechargé, c'est bon le voila

############################## | UsbFix 7.043 | [Suppression]

Utilisateur: Administrateur (Administrateur) # SDRP-SRAPT-1 [ ]
Mis à jour le 12/04/2011 par TeamXscript
Lancé à 16:23:49 | 15/04/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU 2: Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 6.0.2900.5512

Pare-feu Windows: Activé
Antivirus: AVG Anti-Virus Free Edition 2011 10.0 [Enabled | Updated]
RAM -> 446 Mo
C:\ (%systemdrive%) -> Disque fixe # 49 Go (26 Go libre(s) - 53%) [] # NTFS
D:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque fixe # 26 Go (25 Go libre(s) - 100%) [datas] # NTFS

################## | Éléments infectieux |


Supprimé! C:\Documents and Settings\Administrateur\Administrateur1
Supprimé! C:\Recycler\S-1-5-21-1476244350-0329512473-796650249-5324
Supprimé! C:\Recycler\S-1-5-21-163273837-1565519680-2310801610-500
Supprimé! C:\Recycler\S-1-5-21-7807284956-6111136276-531088951-2055
Supprimé! G:\Recycler\S-1-5-21-163273837-1565519680-2310801610-500

################## | Registre |


################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\C
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{05037378-4574-11e0-91ea-0019db2e6fa4}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{1ad8628a-4a25-11dc-b9bd-806d6172696f}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{1f16a141-65d9-11e0-84d4-806d6172696f}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{258da340-8d6b-11de-8f39-0019db2e6fa4}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{3aab47a0-3b79-11e0-91e4-0019db2e6fa4}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{3c402fd2-e620-11de-8faa-0019db2e6fa4}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{783a5f49-feb4-11df-9186-0019db2e6fa4}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{bb51a991-5f5b-11e0-9216-0019db2e6fa4}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{f86fe853-4e92-11de-8ee4-0019db2e6fa4}

################## | Listing |

[10/03/2011 - 10:12:48 | D ] C:\$AVG
[11/12/2009 - 13:54:31 | D ] C:\$AVG8.VAULT$
[27/10/2009 - 12:55:26 | D ] C:\3553691e492371a25a2233ab2112
[03/03/2011 - 17:58:19 | D ] C:\35ede87b96e4c2fc82ce3a203e1c
[03/03/2011 - 18:32:45 | D ] C:\80703d05c904453426
[11/11/2009 - 18:44:28 | D ] C:\840f6b980f610a39ac1c4ff852
[27/10/2009 - 12:56:00 | D ] C:\9c97b39462d1d7476919705995
[12/04/2011 - 19:55:27 | N | 11550] C:\Ad-Report-CLEAN[2].txt
[13/04/2011 - 13:55:13 | N | 7552] C:\Ad-Report-CLEAN[3].txt
[03/03/2011 - 17:43:41 | N | 5736] C:\Ad-Report-SCAN[1].txt
[15/04/2011 - 15:42:12 | RASHD ] C:\Autorun.inf
[14/12/2009 - 14:12:26 | N | 216] C:\boot.ini
[05/08/2004 - 04:00:00 | N | 4952] C:\Bootfont.bin
[11/02/2010 - 13:48:33 | D ] C:\CAF
[07/06/2010 - 15:02:09 | D ] C:\CANON PRINTER DVR
[12/12/2008 - 03:48:02 | D ] C:\compaq
[13/04/2011 - 14:28:02 | D ] C:\Config.Msi
[03/03/2011 - 18:33:53 | D ] C:\db4cda403cc7c5ebfd193f13
[21/09/2010 - 18:27:19 | N | 10153] C:\Doc1.docx
[10/08/2010 - 11:15:43 | D ] C:\Documents and Settings
[10/03/2011 - 10:47:59 | D ] C:\found.000
[31/03/2011 - 14:58:37 | D ] C:\found.001
[08/05/2009 - 06:35:23 | D ] C:\HUAWEI
[14/08/2007 - 15:08:41 | D ] C:\i386
[14/12/2009 - 12:55:56 | D ] C:\idm
[05/02/2009 - 04:08:33 | N | 0] C:\IO.SYS
[14/12/2009 - 11:09:28 | D ] C:\KAV
[05/02/2009 - 04:08:33 | N | 0] C:\MSDOS.SYS
[14/08/2007 - 07:16:07 | RHD ] C:\MSOCache
[18/11/2010 - 13:26:42 | D ] C:\Norton_update
[05/08/2004 - 04:00:00 | N | 47564] C:\ntdetect.com
[13/11/2009 - 11:25:24 | N | 252240] C:\ntldr
[15/04/2011 - 15:45:22 | ASH | 704643072] C:\pagefile.sys
[03/01/2010 - 19:30:47 | D ] C:\PESTICIDE
[14/10/2010 - 10:20:10 | D ] C:\PRINTER
[13/04/2011 - 16:53:19 | D ] C:\Program Files
[06/01/2010 - 18:42:23 | D ] C:\PR_ZAPATA
[16/12/2009 - 14:04:33 | N | 70656] C:\recevabilité (renouvellement TRICAL 250 OL).doc
[15/04/2011 - 16:26:21 | SHD ] C:\RECYCLER
[14/12/2009 - 13:06:29 | D ] C:\rsit
[13/04/2011 - 15:24:07 | N | 929] C:\SeafLog.txt
[02/12/2009 - 08:47:42 | D ] C:\spoolerlogs
[14/12/2009 - 14:41:47 | D ] C:\Sun
[18/02/2011 - 14:09:37 | SHD ] C:\System Volume Information
[14/08/2007 - 07:13:05 | D ] C:\system.sav
[05/02/2009 - 02:42:22 | D ] C:\temp
[15/04/2011 - 16:15:11 | D ] C:\thierry
[17/11/2010 - 19:29:01 | D ] C:\Toc
[15/04/2011 - 16:26:21 | D ] C:\UsbFix
[15/04/2011 - 16:26:21 | A | 1254] C:\UsbFix.txt
[15/04/2011 - 15:44:00 | D ] C:\UsbFix_Upload_Me
[15/04/2011 - 15:44:36 | N | 45539417] C:\UsbFix_Upload_Me_SDRP-SRAPT-1.zip
[14/04/2011 - 11:19:37 | D ] C:\WINDOWS
[15/04/2011 - 15:42:12 | RASHD ] G:\Autorun.inf
[15/04/2011 - 16:26:21 | SHD ] G:\RECYCLER
[13/04/2011 - 16:31:14 | SHD ] G:\System Volume Information

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
G:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_SDRP-SRAPT-1.zip
http://www.teamxscript.org/Upload.php
Merci de votre contribution.

################## | E.O.F |
0
Réponse 28 / 71
Utilisateur anonyme
 
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.


▶ Télécharge ici :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0
Réponse 29 / 71
zanu Messages postés 1175 Date d'inscription   Statut Membre Dernière intervention   38
 
bonjour gen,

stp y a t il pas un moyen de contourner ce malwarebyte? ça fait trois jour que j'essaie d'avoir un rapport, rien. il tourne, après 3h de scan il trouve 5 elements infectieux détectés,mais n'arrete pas de tourner. je n'ai donc finalement aucun rapport.
0
Réponse 30 / 71
zanu Messages postés 1175 Date d'inscription   Statut Membre Dernière intervention   38
 
j'ai travaillé en mode sans echec, voici le résultat


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6388

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

20/04/2011 09:40:08
mbam-log-2011-04-20 (09-40-08).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 199816
Temps écoulé: 23 minute(s), 52 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 50
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 41

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TrustWarrior (Rogue.TrustWarrior) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ahnsd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alerter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwcl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_findviru.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MRXCLS (Rootkit.TmpHider) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MRXNET (Rootkit.TmpHider) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxCls (Rootkit.TmpHider) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxNet (Rootkit.TmpHider) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{BD344AF4-67AB-4E19-A630-7435587D320B} (Spyware.OnlineGames) -> Value: {BD344AF4-67AB-4E19-A630-7435587D320B} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{BD344AF4-67AB-4E19-A630-7435587D320B} (Spyware.OnlineGames) -> Value: {BD344AF4-67AB-4E19-A630-7435587D320B} -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Local Page (Hijack.Homepage) -> Bad: (http://i.-k-f-.j-z-0-3-0-u-u-x-f-1l-3-l-h-w-b-q-z-u-5-n-l-l-m-s-5-v-s-z-g.info/7-7-w-5-m-2-r-1-4-7-1- Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Local Page (Hijack.Homepage) -> Bad: (http://c-y-0-d-2-t-a-b-1-2-f-7-z-s-g-9-o-9-.6-3-t-i-.5-b-e-n-t-f-p-p-7-1-1-0-7-c-q-0-3-00-6-u-7-t-1-n-y-q-u-f-u.info/1-q-3-e-h-8-b-0-9-l-k-u-7-0-5-y-4-i-l-j-d-5-c-v-1-8-h-3-s-3-a-s-s-u-z-1-8-w-0-7-f-e-x-v-b-x-f-5-x-i-5-j-i-2-5-6-2-7-7-c-s-1-q-e-0-1-5-r-r-y-c-2-3-7-3-9-7-h-8-k-2-q-r-9-y-1-e-j-4-4-i-0-g-r-4-b-5-z-j-x-1-f-i-t-o-g-d-h-1-5-8- Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\administrateur\doctorweb\quarantine\U7-F555E.EXE (Trojan.FlyStudi.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\doctorweb\quarantine\W66585.EXE (Trojan.FlyStudi.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\doctorweb\quarantine\W7YU85.EXE (Trojan.FlyStudi.Gen) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\eyruu.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\ji83j.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\vgyn6ewc.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cvasds0.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dsoqq.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nodqq.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nodqq0.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\com.run.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\dp1.fne.vir (Worm.Autorun) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\eapi.fne.vir (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\internet.fne.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\krnln.fnr.vir (Worm.Autorun) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\regex.fne.vir (Worm.Autorun) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\shell.fne.vir (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\cnvpe.fne.vir (Worm.Autorun) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\dp1.fne.vir (Worm.Autorun) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\eapi.fne.vir (Worm.Autorun) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\htmlview.fne.vir (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\internet.fne.vir (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\krnln.fnr.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\WINDOWS\system32\com.run.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\WINDOWS\system32\dp1.fne.vir (Worm.Autorun) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\WINDOWS\system32\eapi.fne.vir (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\WINDOWS\system32\internet.fne.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\WINDOWS\system32\krnln.fnr.vir (Worm.Autorun) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\WINDOWS\system32\shell.fne.vir (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\WINDOWS\system32\xp-038885a8.exe.vir (Worm.Autorun) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\WINDOWS\system32\xp-54a800ec.exe.vir (Worm.Autorun) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\E\ji83j.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\RegEx.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\753B13\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\753B13\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\753B13\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\753B13\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\753B13\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\753B13\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\753B13\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
0
Réponse 31 / 71
Utilisateur anonyme
 
refais zhpdiag voir..
0
Réponse 32 / 71
zanu Messages postés 1175 Date d'inscription   Statut Membre Dernière intervention   38
 
bonjour gen,

voici le lien zhpdiag

http://www.cijoint.fr/cjlink.php?file=cj201104/cijZNHHa2S.txt
0
Réponse 33 / 71
Utilisateur anonyme
 
tu as rebranché des cles usb infectées depuis apparement
0
Réponse 34 / 71
zanu Messages postés 1175 Date d'inscription   Statut Membre Dernière intervention   38
 
je sais pas, j'ai AVG mis a jour, et puis il scanne automatiquement lorsqu'on branche une clé, et j'ai pas eu de virus detecté.
0
Réponse 35 / 71
Utilisateur anonyme
 
tu en as donc rebranché infectées

il est impossible de desinfecter ton pc , il est trop mal utilisé
0
Réponse 36 / 71
zanu Messages postés 1175 Date d'inscription   Statut Membre Dernière intervention   38
 
je vois pas comment ça pourrais se reinfecté puisque je les branche nul part ailleurs.
0
Réponse 37 / 71
zanu Messages postés 1175 Date d'inscription   Statut Membre Dernière intervention   38
 
pourquoi mon antivirus ne pare pas ses infections dans le cas où mon DD serait infecté?

merci
0
Réponse 38 / 71
Utilisateur anonyme
 
parce qu un antivirus n'est pas fiable

seulement la maniere dont tu te sers du pc est fiable du moment que tu t''en sers securisé
0
Réponse 39 / 71
zanu Messages postés 1175 Date d'inscription   Statut Membre Dernière intervention   38
 
donc on peut plus rien faire pour moi? :(
0
Réponse 40 / 71
Utilisateur anonyme
 
tant que t'auras 50 personnes qui font n'importe quoi avec le pc non
0

Discussions similaires

a quoi sert vraiment ce logiciel ZHPDIAG
Utilisateur anonyme -
Utilisateur anonyme -

7 réponses
Win64:Malware-gen
ptb35 -
MisteryBean -

3 réponses
Win64 malware gen
jules555 -
bazfile -

1 réponse
Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses