Grosse infection

Résolu
juliensan -  
cedric241 Messages postés 3380 Statut Membre -
Bonjour,

mon PC est infecté depuis quelque temps et j'ai découvert sur votre forum qu'on pouvait faire lire et analyser un rapport Hijack.
Est-il possible de m'aider sachant que je suis un néophyte complet et que je ne pourrais pas comprendre sans pédagogie et patience.

Merci
Configuration: Windows XP
Internet Explorer 6.0

28 réponses

  • 1
  • 2
Résumé de la discussion

Infection détectée sur un PC sous Windows XP avec Internet Explorer 6, et la discussion porte sur l’analyse d’un rapport HijackThis pour comprendre les éléments suspects et obtenir de l’aide pédagogique.
Plusieurs intervenants proposent d’utiliser HijackThis en mode log, puis de copier le log sur des plateformes en ligne comme HijackThis.de/fr pour identifier les éléments indésirables et, le cas échéant, poster le rapport.
D’autres réponses évoquent des démarches complémentaires ou alternatives, notamment l’emploi d’un antispyware comme Malwarebytes, et la nécessité de redémarrer ou de sauvegarder le rapport pour faciliter l’analyse.
Certaines interventions montrent que l’interprétation du log peut être technique et que partager le fichier complet aide à éviter les interprétations erronées et à cibler rapidement les éléments malveillants.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. MisterDidi
     
    Alors télécharge Hijackthis (http://download.hijackthis.eu/hijackthis_199.zip
    Extrait le zip dans un dossier. Execute le programme avec le mode qui sauve un log. Ouvre le Log et copie le dans cette page web
    http://www.hijackthis.de/fr

    Si ce site trouve rien met ton log sur le forum.
    1
  2. MisterDidi
     
    Tu as plein de merde
    Met ton log dans le site: http://www.hijackthis.de/fr
    1
  3. jeyteck Messages postés 194 Statut Membre 15
     
    tu est sur l'ordinateur infecté la ?? si oui va sur www.telecharger.com et cherche un antivirus et lance une analyse sinon fais pareille mais redémarre en mode sans échec f8 au démarrage
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. jeyteck Messages postés 194 Statut Membre 15
     
    elle est bonne aussi ma réponse :s mdr
    0
  6. cedric241 Messages postés 3380 Statut Membre 119
     
    Désolé quand j ai posté y avait pas de réponses

    on a du envoyer en meme temps lol
    0
  7. jeyteck Messages postés 194 Statut Membre 15
     
    oui je sait lol pas grave
    0
  8. cedric241 Messages postés 3380 Statut Membre 119
     
    jeyteck a l avenir donne des lien qui fonctionne et direct

    de plus tu lui propose de telecharger un AV sans savoir si il en a un et lequel .....................

    je pense que tu peux mieux faire non ??
    0
  9. jeyteck Messages postés 194 Statut Membre 15
     
    si si desoler j'aurais du demander avant
    0
  10. juliensan
     
    Merci de votre intéret, voici le Log (ç'est coome ça qu'on dit je crois)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:15:12, on 09/04/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\WgaTray.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\braviax.exe
    C:\Program Files\PROMT5\INTEGRAL\pinmenu.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Ssenzy\Bureau\test.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: etlrlws - {FD858878-29E2-4129-831C-06A61C344E15} - C:\DOCUME~1\Ssenzy\LOCALS~1\Temp\ac8zt2\etlrlws.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [userinit] C:\WINDOWS\System32\ntos.exe
    O4 - HKCU\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\System32\ntos.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
    O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
    O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
    O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://xscanner.spyshredderscanner.com/setup/webinst_fr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA817DCC-F7D2-44D2-BDB6-D99B25B38613}: NameServer = 85.255.116.164,85.255.112.81
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
    O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
    O20 - Winlogon Notify: wlctrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
    O21 - SSODL: bokpkov - {2681DB94-6BAC-4722-8790-19BCC9C61D54} - C:\WINDOWS\bokpkov.dll (file missing)
    O21 - SSODL: altvxvm - {2578C9B9-8161-4377-BAD5-FEAB6F376E20} - C:\WINDOWS\altvxvm.dll (file missing)
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:exe.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    0
  11. cedric241 Messages postés 3380 Statut Membre 119
     
    ok juliensan

    j attend le rapport
    0
  12. MisterDidi
     
    C koi ce bug ke kan je poste il y a aucune réponse et que 10 minutes plus tard il y a des réponses intercalées ?
    0
    1. juliensan
       
      Si je met mon jog ou tu me dis, qu'est ce que ça va faire
      0
  13. juliensan
     
    Btfix s'ouvre dans izarc et je n'arrive pas à l'utiliser
    0
  14. MisterDidi Messages postés 42 Statut Membre 2
     
    Pk tu fais pas ce que je te dit ???
    0
  15. cedric241 Messages postés 3380 Statut Membre 119
     
    ok laisse tomber fais ça a la place :

    Fais un scan avec cet antispyware :

    Telecharge malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.
    0
    1. juliensan
       
      Ce que tu m'as dit de faire est en cours, et je dois dire que j'apprécie ta clart' et ta précision
      0
    2. juliensan
       
      J'ai suivi l'ordre de ce que tu m'as dit et je ne vois plus le rapport...
      0
    3. juliensan
       
      En fait j'ai vu le rapport avant de redémarrer et maintenant je ne le vois plus
      0
  16. cedric241 Messages postés 3380 Statut Membre 119
     
    pour misterdidi

    qu est ce que tu veux faire ?

    lui faire supprimer les lignes infecté ??

    ça ne supprimera pas l infection ...............
    0
  17. cedric241 Messages postés 3380 Statut Membre 119
     
    clic sur rapport/log

    il est la
    0
    1. juliensan
       
      Effectivement,

      Malwarebytes' Anti-Malware 1.11
      Version de la base de données: 603

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 69640
      Temps écoulé: 21 minute(s), 37 second(s)

      Processus mémoire infecté(s): 1
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 45
      Valeur(s) du Registre infectée(s): 8
      Elément(s) de données du Registre infecté(s): 1
      Dossier(s) infecté(s): 8
      Fichier(s) infecté(s): 78

      Processus mémoire infecté(s):
      C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Unloaded process successfully.

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{ffffffff-f538-4f86-abaf-e9d94d5c007c} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\msram.tchongabho (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{b3a00219-19d4-4966-aecd-8ed34ab9ef7a} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\spyshredder.webinstall (Rogue.Installer) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\spyshredder.webinstall.1 (Rogue.Installer) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\msvps.msvpsapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{864c6115-9fb8-46f9-9e8c-157f4f6fcca3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\etlrlws.bnfx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\etlrlws.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{fd858878-29e2-4129-831c-06a61c344e15} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{66d31a70-9e07-41cd-9482-2f819b9be7cb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{8edd9c3f-7aab-4a50-9f7e-2de6f3e293c7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{04e35bad-037c-4287-a819-359d7b178d8d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{e926522d-eaf3-4100-b2ee-d16c7409f261} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{d6e34d79-6cee-4cb0-885a-70f79e31b87e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{d2436533-33f9-495c-9cd9-daf21e67ffeb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{c03fd59d-9104-44b7-929a-9eaa0ba05211} (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\AppID\{4a3d609a-43b8-4406-b793-84f244246325} (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WLCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\riode32 (Rootkit.Srizbi) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\partnershipreg (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\IQSoftware (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\msram.TCHONGABHO (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\AppID\webinst.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.bnfx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.Fakealert) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{fd858878-29e2-4129-831c-06a61c344e15} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\altvxvm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\bokpkov (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Backdoor.Bot) -> Quarantined and deleted successfully.
      HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Backdoor.Bot) -> Delete on reboot.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.

      Dossier(s) infecté(s):
      C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
      C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\iDlo01 (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ssenzy\Local Settings\Temp\NI.UGA6P_0001_N122M2802 (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\mxuxc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JSGD0OZU\sdferw[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UZ8VKNAR\sdferw[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ssenzy\Local Settings\Temp\429E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ssenzy\Local Settings\Temp\desktop_background.zip (Trojan.Fakealert) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ssenzy\Local Settings\Temp\outerinfo.ico (Malware.Trace) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ssenzy\Local Settings\Temp\rasesnet.exe (Rogue.Installer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ssenzy\Local Settings\Temp\winvsnet.exe (Rogue.Installer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ssenzy\Local Settings\Temporary Internet Files\Content.IE5\8ZIV2LI1\mzznre[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ssenzy\Local Settings\Temporary Internet Files\Content.IE5\AB8RMPWB\Installer2[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ssenzy\Local Settings\Temporary Internet Files\Content.IE5\OZ2ZEXID\plmzrevwn[1].txt (Trojan.DownLoader) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{0E5C442A-6AF2-47D6-9E0D-F330AA768446}\RP124\A0059836.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{0E5C442A-6AF2-47D6-9E0D-F330AA768446}\RP130\A0060942.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{0E5C442A-6AF2-47D6-9E0D-F330AA768446}\RP131\A0060953.old (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{0E5C442A-6AF2-47D6-9E0D-F330AA768446}\RP131\A0061010.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{0E5C442A-6AF2-47D6-9E0D-F330AA768446}\RP131\A0061012.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{0E5C442A-6AF2-47D6-9E0D-F330AA768446}\RP131\A0061014.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\atmtd.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4D6R8HUF\ddos[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CL23GPA7\hiiaar[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\iDlo01\iDlo011065.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN11.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN14.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN15.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN16.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN17.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN19.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN1B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN1F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN2.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN21.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN23.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN8.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BNA.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BNB.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BND.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BNF.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ssenzy\Local Settings\Temp\NI.UGA6P_0001_N122M2802\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ssenzy\Local Settings\Temp\NI.UGA6P_0001_N122M2802\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ssenzy\Local Settings\Temp\NI.UGA6P_0001_N122M2802\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
      C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
      C:\flciijjq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\Cursors\werasqlp.cur (Rootkit.Rustok) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\pharma.txt (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\other.txt (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\finance.txt (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\adult.txt (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\zalpqbj.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\winpfz37.sys (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\lt.res (Malware.Trace) -> Quarantined and deleted successfully.
      C:\syssslw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
      C:\WINDOWS\Temp\304bf0fhpbf0f0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ssenzy\Local Settings\Temp\snapsnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ssenzy\Local Settings\Temp\wavvsnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      0
  18. cedric241 Messages postés 3380 Statut Membre 119
     
    ouvre malawarebyte

    va sur rapport/log

    ouvre le/les rapport

    fais copier/coller

    poste les
    0
  • 1
  • 2