Sujet Précédent Sujet Suivant

Grosse infection

Résolu
juliensan -  
cedric241 Messages postés 3380 Statut Membre -
Bonjour,

mon PC est infecté depuis quelque temps et j'ai découvert sur votre forum qu'on pouvait faire lire et analyser un rapport Hijack.
Est-il possible de m'aider sachant que je suis un néophyte complet et que je ne pourrais pas comprendre sans pédagogie et patience.

Merci

28 réponses

  • 1
  • 2
Réponse 1 / 28
MisterDidi
 
Alors télécharge Hijackthis (http://download.hijackthis.eu/hijackthis_199.zip
Extrait le zip dans un dossier. Execute le programme avec le mode qui sauve un log. Ouvre le Log et copie le dans cette page web
http://www.hijackthis.de/fr

Si ce site trouve rien met ton log sur le forum.
1
Réponse 2 / 28
MisterDidi
 
Tu as plein de merde
Met ton log dans le site: http://www.hijackthis.de/fr
1
Réponse 3 / 28
jeyteck Messages postés 194 Statut Membre 15
 
tu est sur l'ordinateur infecté la ?? si oui va sur www.telecharger.com et cherche un antivirus et lance une analyse sinon fais pareille mais redémarre en mode sans échec f8 au démarrage
0
Réponse 4 / 28
cedric241 Messages postés 3380 Statut Membre 119
 
salut telecharge et isntal hijackthis sur ce lien :

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

puis ouvre le et clic sur do a system scan and save a logfile

puis copie colle le rapport du bloc note dans ta prochaine réponse
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
jeyteck Messages postés 194 Statut Membre 15
 
elle est bonne aussi ma réponse :s mdr
0
Réponse 6 / 28
cedric241 Messages postés 3380 Statut Membre 119
 
Désolé quand j ai posté y avait pas de réponses

on a du envoyer en meme temps lol
0
Réponse 7 / 28
jeyteck Messages postés 194 Statut Membre 15
 
oui je sait lol pas grave
0
Réponse 8 / 28
cedric241 Messages postés 3380 Statut Membre 119
 
jeyteck a l avenir donne des lien qui fonctionne et direct

de plus tu lui propose de telecharger un AV sans savoir si il en a un et lequel .....................

je pense que tu peux mieux faire non ??
0
Réponse 9 / 28
jeyteck Messages postés 194 Statut Membre 15
 
si si desoler j'aurais du demander avant
0
Réponse 10 / 28
juliensan
 
Merci de votre intéret, voici le Log (ç'est coome ça qu'on dit je crois)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:12, on 09/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\braviax.exe
C:\Program Files\PROMT5\INTEGRAL\pinmenu.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ssenzy\Bureau\test.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: etlrlws - {FD858878-29E2-4129-831C-06A61C344E15} - C:\DOCUME~1\Ssenzy\LOCALS~1\Temp\ac8zt2\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\System32\ntos.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\System32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://xscanner.spyshredderscanner.com/setup/webinst_fr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA817DCC-F7D2-44D2-BDB6-D99B25B38613}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O20 - Winlogon Notify: wlctrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: bokpkov - {2681DB94-6BAC-4722-8790-19BCC9C61D54} - C:\WINDOWS\bokpkov.dll (file missing)
O21 - SSODL: altvxvm - {2578C9B9-8161-4377-BAD5-FEAB6F376E20} - C:\WINDOWS\altvxvm.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:exe.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
Réponse 11 / 28
cedric241 Messages postés 3380 Statut Membre 119
 
fais ça :

telecharge et instal btfix sur ce lien :

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/40698.html

puis lance la recherche et supprime

poste moi le rapport s il te plait
0
juliensan
 
Merci cédric de t'intéresser à mon problème, je fais ce que tu me dis.
0
Réponse 12 / 28
MisterDidi
 
Tu as 17 éléments dangeureux
0
Réponse 13 / 28
cedric241 Messages postés 3380 Statut Membre 119
 
ok juliensan

j attend le rapport
0
Réponse 14 / 28
MisterDidi
 
C koi ce bug ke kan je poste il y a aucune réponse et que 10 minutes plus tard il y a des réponses intercalées ?
0
juliensan
 
Si je met mon jog ou tu me dis, qu'est ce que ça va faire
0
Réponse 15 / 28
juliensan
 
Btfix s'ouvre dans izarc et je n'arrive pas à l'utiliser
0
Réponse 16 / 28
MisterDidi Messages postés 42 Statut Membre 2
 
Pk tu fais pas ce que je te dit ???
0
Réponse 17 / 28
cedric241 Messages postés 3380 Statut Membre 119
 
ok laisse tomber fais ça a la place :

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.
0
juliensan
 
Ce que tu m'as dit de faire est en cours, et je dois dire que j'apprécie ta clart' et ta précision
0
juliensan
 
J'ai suivi l'ordre de ce que tu m'as dit et je ne vois plus le rapport...
0
juliensan
 
En fait j'ai vu le rapport avant de redémarrer et maintenant je ne le vois plus
0
Réponse 18 / 28
cedric241 Messages postés 3380 Statut Membre 119
 
pour misterdidi

qu est ce que tu veux faire ?

lui faire supprimer les lignes infecté ??

ça ne supprimera pas l infection ...............
0
Réponse 19 / 28
cedric241 Messages postés 3380 Statut Membre 119
 
clic sur rapport/log

il est la
0
juliensan
 
Effectivement,

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 603

Type de recherche: Examen complet (C:\|)
Eléments examinés: 69640
Temps écoulé: 21 minute(s), 37 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 45
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 78

Processus mémoire infecté(s):
C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{ffffffff-f538-4f86-abaf-e9d94d5c007c} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msram.tchongabho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b3a00219-19d4-4966-aecd-8ed34ab9ef7a} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spyshredder.webinstall (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spyshredder.webinstall.1 (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvps.msvpsapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{864c6115-9fb8-46f9-9e8c-157f4f6fcca3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\etlrlws.bnfx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\etlrlws.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fd858878-29e2-4129-831c-06a61c344e15} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{66d31a70-9e07-41cd-9482-2f819b9be7cb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8edd9c3f-7aab-4a50-9f7e-2de6f3e293c7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{04e35bad-037c-4287-a819-359d7b178d8d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e926522d-eaf3-4100-b2ee-d16c7409f261} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d6e34d79-6cee-4cb0-885a-70f79e31b87e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d2436533-33f9-495c-9cd9-daf21e67ffeb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c03fd59d-9104-44b7-929a-9eaa0ba05211} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{4a3d609a-43b8-4406-b793-84f244246325} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WLCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\riode32 (Rootkit.Srizbi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\partnershipreg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IQSoftware (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\msram.TCHONGABHO (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\webinst.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.bnfx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.Fakealert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{fd858878-29e2-4129-831c-06a61c344e15} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\altvxvm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\bokpkov (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Backdoor.Bot) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.

Dossier(s) infecté(s):
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iDlo01 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ssenzy\Local Settings\Temp\NI.UGA6P_0001_N122M2802 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\mxuxc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JSGD0OZU\sdferw[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UZ8VKNAR\sdferw[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ssenzy\Local Settings\Temp\429E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ssenzy\Local Settings\Temp\desktop_background.zip (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ssenzy\Local Settings\Temp\outerinfo.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ssenzy\Local Settings\Temp\rasesnet.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ssenzy\Local Settings\Temp\winvsnet.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ssenzy\Local Settings\Temporary Internet Files\Content.IE5\8ZIV2LI1\mzznre[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ssenzy\Local Settings\Temporary Internet Files\Content.IE5\AB8RMPWB\Installer2[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ssenzy\Local Settings\Temporary Internet Files\Content.IE5\OZ2ZEXID\plmzrevwn[1].txt (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E5C442A-6AF2-47D6-9E0D-F330AA768446}\RP124\A0059836.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E5C442A-6AF2-47D6-9E0D-F330AA768446}\RP130\A0060942.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E5C442A-6AF2-47D6-9E0D-F330AA768446}\RP131\A0060953.old (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E5C442A-6AF2-47D6-9E0D-F330AA768446}\RP131\A0061010.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E5C442A-6AF2-47D6-9E0D-F330AA768446}\RP131\A0061012.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E5C442A-6AF2-47D6-9E0D-F330AA768446}\RP131\A0061014.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4D6R8HUF\ddos[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CL23GPA7\hiiaar[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iDlo01\iDlo011065.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN11.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN14.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN15.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN16.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN17.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN19.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN21.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN23.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNA.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNB.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BND.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNF.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ssenzy\Local Settings\Temp\NI.UGA6P_0001_N122M2802\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ssenzy\Local Settings\Temp\NI.UGA6P_0001_N122M2802\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ssenzy\Local Settings\Temp\NI.UGA6P_0001_N122M2802\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\flciijjq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Cursors\werasqlp.cur (Rootkit.Rustok) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pharma.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\other.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\finance.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adult.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\zalpqbj.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz37.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lt.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\syssslw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\Temp\304bf0fhpbf0f0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ssenzy\Local Settings\Temp\snapsnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ssenzy\Local Settings\Temp\wavvsnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 20 / 28
cedric241 Messages postés 3380 Statut Membre 119
 
ouvre malawarebyte

va sur rapport/log

ouvre le/les rapport

fais copier/coller

poste les
0

Discussions similaires

Grosse infection de spyware
sevete60 -
sevete60 -

13 réponses
infection
gladiator1952 -
gladiator1952 -

6 réponses
Infection pc
Nanie24 -
Nanie24 -

22 réponses
[pnkbstra]infection
swazolie -
billou631 -

9 réponses
infection virus
Utilisateur anonyme -
Utilisateur anonyme -

3 réponses