Sujet Précédent Sujet Suivant

Probleme trojan downloader .VBS.BL

Decibel -  
 Utilisateur anonyme -
Bonjour,

Voila j'ai un trojan.downloader.BLS.BL et voici le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:08, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\DOCUME~1\UTILIS~1.UTI\LOCALS~1\Tempboome20.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bitdefender.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} - C:\WINDOWS\gktxaspm.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KvmSecure.exe] C:\Program Files\KvmSecure\KvmSecure.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chocolateraphotos.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecampus.com/bin/tol9inst.cab
O16 - DPF: {A66AC08A-ECD9-4031-A058-618E2756705F} (UploadPhoto.IconeaAX) - http://www.iconea.fr/apps/IconeaX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.fr/clients/uploader_v2.1.0.56.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/activeX/SpeedUploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: gnowmebk - {17B5CE74-26E1-47FE-8A78-06226E879C41} - C:\WINDOWS\gnowmebk.dll
O21 - SSODL: pxgdslro - {D3E72B6A-030F-4846-BF3E-3C13807A490E} - C:\WINDOWS\pxgdslro.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Merci de m'aider.
A voir également:

23 réponses

  • 1
  • 2
Réponse 1 / 23
Utilisateur anonyme
 
Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.
0
Réponse 2 / 23
Decibel
 
Je suis en train de faire l'analyse mais ca dure longtemps.
0
Réponse 3 / 23
Utilisateur anonyme
 
ça depend de l espace disque
0
Réponse 4 / 23
Decibel
 
Voici le rapport en 2 fois :

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 779

Type de recherche: Examen complet (C:\|)
Eléments examinés: 221289
Temps écoulé: 2 hour(s), 1 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 38
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 37
Fichier(s) infecté(s): 127

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\opnnkIxW.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wqhmigil.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fccaBRIc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\pxgdslro.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\gnowmebk.dll (Trojan.FakeAlert) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a89690b-8287-4c2b-93d0-3c03ece88d73} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6a89690b-8287-4c2b-93d0-3c03ece88d73} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3f8febf0-4a50-4420-904c-52b90054223e} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a825b3f7-6d09-4e4b-89a3-0dc05c0121fe} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{46633232-ceae-4e9d-a0b7-37dcecbb97c6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9b19a112-5f7e-4549-bdc1-9462ddc7d0b9} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{6a219592-3d06-46a5-b3ff-cbc8eb6fff2b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{09a78b33-c7f6-465d-9cca-98d5b98b78cb} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09a78b33-c7f6-465d-9cca-98d5b98b78cb} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccabric (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> No action taken.
HKEY_CURRENT_USER\Software\KvmSecure (Rogue.KVMSecure) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d3e72b6a-030f-4846-bf3e-3c13807a490e} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0683b6a6-0ff9-4c6c-9240-b71ca010d48f} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0683b6a6-0ff9-4c6c-9240-b71ca010d48f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2ab0ca27-95e4-437a-8093-fadf3a2fac42} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ab0ca27-95e4-437a-8093-fadf3a2fac42} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{17b5ce74-26e1-47fe-8a78-06226e879c41} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e3e0b55c-e276-4141-b903-227d4a5a3234} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\gktxaspm.bpew (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\gktxaspm.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9474628b (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{09a78b33-c7f6-465d-9cca-98d5b98b78cb} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pxgdslro (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gnowmebk (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f} (Trojan.FakeAlert) -> No action taken.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 23
Decibel
 
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnkixw -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnkixw

Dossier(s) infecté(s):
C:\Program Files\webHancer (Adware.Webhancer) -> No action taken.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> No action taken.
C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Free (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\5.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\5.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> No action taken.
C:\Program Files\WinFixer 2005 (Rogue.WinFixer) -> No action taken.
C:\Program Files\Save (Adware.WhenUSave) -> No action taken.
C:\Program Files\Accoona (Adware.Accoona) -> No action taken.
C:\Program Files\Montorgueil (Diler) -> No action taken.
C:\Program Files\Montorgueil\alize_nue_plage (Diler) -> No action taken.
C:\Program Files\Montorgueil\FanClara (Diler) -> No action taken.
C:\Program Files\Montorgueil\FanParis (Diler) -> No action taken.
C:\Program Files\Montorgueil\FanPriscilla (Diler) -> No action taken.
C:\Program Files\AXVenore (Trojan.Downloader) -> No action taken.
C:\Program Files\PECarlin (Trojan.Downloader) -> No action taken.
C:\Program Files\KvmSecure (Rogue.KVMSecure) -> No action taken.
C:\Program Files\KvmSecure\Infected (Rogue.KVMSecure) -> No action taken.
C:\Program Files\KvmSecure\Suspicious (Rogue.KVMSecure) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\opnnkIxW.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\WxIknnpo.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\WxIknnpo.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wqhmigil.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ligimhqw.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fccaBRIc.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Papa Maman.UTILISAT-36A5D1\Local Settings\Temporary Internet Files\Content.IE5\1U8TZSX5\redir[1].dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Utilisateur.UTILISAT-36A5D1\Local Settings\Temp\dllsvr32.exe.bak (Trojan.FakeAlert) -> No action taken.
C:\Program Files\mIRC\mirc.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP511\A0163746.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP511\A0163747.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP511\A0163748.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP511\A0163749.dll (Trojan.FalkeAlert) -> No action taken.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP511\A0163750.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP511\A0163751.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP511\A0163755.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP552\A0173078.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP553\A0173153.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\elsq.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> No action taken.
C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> No action taken.
C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> No action taken.
C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> No action taken.
C:\Program Files\DriveCleaner Free\manual.url (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Free\pv.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Free\support.url (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Free\UDC6V.url (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Free\updater.dat (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\MyWebSearch\bar\5.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\5.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\5.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\5.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0001ECFB (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0002454C (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0002AB0B.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00033DA6 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0003EF33 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0004C281 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0004E22E (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0004E73F (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0004E8D6.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0004E9DF.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0004EAE9.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0004EC21.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0005F92C (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\000AD3BA (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\000C621A.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\000C6343.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\000C644D.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\005306B3 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0123F12E.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0123F42C.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0123F536.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\006563FE.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> No action taken.
C:\Program Files\Accoona\icon-a.ico (Adware.Accoona) -> No action taken.
C:\Program Files\Accoona\INSTALL1.LOG (Adware.Accoona) -> No action taken.
C:\Program Files\Accoona\quiesce.exe (Adware.Accoona) -> No action taken.
C:\Program Files\Accoona\tbquiesce.exe (Adware.Accoona) -> No action taken.
C:\Program Files\Accoona\UNWISE.EXE (Adware.Accoona) -> No action taken.
C:\Program Files\Montorgueil\14.05048 (Diler) -> No action taken.
C:\Program Files\Montorgueil\alize_nue_plage\alize_nue_plage.ico (Diler) -> No action taken.
C:\Program Files\Montorgueil\FanClara\FanClara.ico (Diler) -> No action taken.
C:\Program Files\Montorgueil\FanParis\FanParis.ico (Diler) -> No action taken.
C:\Program Files\Montorgueil\FanPriscilla\FanPriscilla.ico (Diler) -> No action taken.
C:\Program Files\AXVenore\Uninstall.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\PECarlin\Uninstall.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\KvmSecure\KvmSecure.exe (Rogue.KVMSecure) -> No action taken.
C:\Program Files\KvmSecure\vscan.tsi (Rogue.KVMSecure) -> No action taken.
C:\Program Files\KvmSecure\zlib.dll (Rogue.KVMSecure) -> No action taken.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\pxgdslro.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\nldfmtapndk.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\nldfmtapnvb.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\mdtgkswr.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\gnowmebk.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\gktxaspm.dll (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Fichiers communs\Yazzle1220OinUninstaller.exe (Adware.PurityScan) -> No action taken.
C:\Documents and Settings\Utilisateur.UTILISAT-36A5D1\Application Data\Microsoft\Internet Explorer\Quick Launch\KvmSecure.lnk (Rogue.KVMSecure) -> No action taken.
C:\Documents and Settings\Utilisateur.UTILISAT-36A5D1\Local Settings\Tempboome20.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Utilisateur.UTILISAT-36A5D1\Local Settings\Temp\msprint.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Papa Maman.UTILISAT-36A5D1\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Aurelie\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Papa Maman.UTILISAT-36A5D1\Bureau\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Aurelie\Bureau\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Papa Maman.UTILISAT-36A5D1\Bureau\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Aurelie\Bureau\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Utilisateur.UTILISAT-36A5D1\Favoris\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Papa Maman.UTILISAT-36A5D1\Favoris\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Aurelie\Favoris\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Utilisateur.UTILISAT-36A5D1\Favoris\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Papa Maman.UTILISAT-36A5D1\Favoris\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Aurelie\Favoris\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Utilisateur.UTILISAT-36A5D1\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Papa Maman.UTILISAT-36A5D1\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Aurelie\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
0
Réponse 6 / 23
Utilisateur anonyme
 
No action taken.

fau supprimer la selection

ensuite envoi le rapport qui le confirme
0
Réponse 7 / 23
Utilisateur anonyme
 
cf post 6
0
Réponse 8 / 23
Decibel
 
Comment je supprime la selection ?
0
Réponse 9 / 23
Utilisateur anonyme
 
IL te le propose a la fin du scan

si t as fermé maleware byte

va falloir recommencer

courage....
0
Réponse 10 / 23
Decibel
 
A oui j'ai tout supprime a la fin quand maleware me l'a demande donc c'est bon. J'ai plus de fenetres intempestives qui s'ouvrent donc je pense que sa a marche !
0
Réponse 11 / 23
Utilisateur anonyme
 
REGARDE dans rapport /log

il doit y avoir un deuxieme rapport

qui confirme la suprression
ensoi le moi
0
Réponse 12 / 23
Decibel
 
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 779

Type de recherche: Examen complet (C:\|)
Eléments examinés: 221289
Temps écoulé: 2 hour(s), 1 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 38
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 37
Fichier(s) infecté(s): 127

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\opnnkIxW.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wqhmigil.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\fccaBRIc.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\pxgdslro.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\gnowmebk.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a89690b-8287-4c2b-93d0-3c03ece88d73} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6a89690b-8287-4c2b-93d0-3c03ece88d73} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{3f8febf0-4a50-4420-904c-52b90054223e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a825b3f7-6d09-4e4b-89a3-0dc05c0121fe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{46633232-ceae-4e9d-a0b7-37dcecbb97c6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9b19a112-5f7e-4549-bdc1-9462ddc7d0b9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{6a219592-3d06-46a5-b3ff-cbc8eb6fff2b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09a78b33-c7f6-465d-9cca-98d5b98b78cb} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09a78b33-c7f6-465d-9cca-98d5b98b78cb} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccabric (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\KvmSecure (Rogue.KVMSecure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d3e72b6a-030f-4846-bf3e-3c13807a490e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0683b6a6-0ff9-4c6c-9240-b71ca010d48f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0683b6a6-0ff9-4c6c-9240-b71ca010d48f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ab0ca27-95e4-437a-8093-fadf3a2fac42} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ab0ca27-95e4-437a-8093-fadf3a2fac42} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{17b5ce74-26e1-47fe-8a78-06226e879c41} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e3e0b55c-e276-4141-b903-227d4a5a3234} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gktxaspm.bpew (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gktxaspm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9474628b (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{09a78b33-c7f6-465d-9cca-98d5b98b78cb} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pxgdslro (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gnowmebk (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnkixw -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnkixw -> Delete on reboot

Dossier(s) infecté(s):
C:\Program Files\webHancer (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\WinFixer 2005 (Rogue.WinFixer) -> Quarantined and deleted successfully.
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Accoona (Adware.Accoona) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil (Diler) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\alize_nue_plage (Diler) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\FanClara (Diler) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\FanParis (Diler) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\FanPriscilla (Diler) -> Quarantined and deleted successfully.
C:\Program Files\AXVenore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\PECarlin (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\KvmSecure (Rogue.KVMSecure) -> Quarantined and deleted successfully.
C:\Program Files\KvmSecure\Infected (Rogue.KVMSecure) -> Quarantined and deleted successfully.
C:\Program Files\KvmSecure\Suspicious (Rogue.KVMSecure) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\opnnkIxW.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\WxIknnpo.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\WxIknnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wqhmigil.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ligimhqw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccaBRIc.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Papa Maman.UTILISAT-36A5D1\Local Settings\Temporary Internet Files\Content.IE5\1U8TZSX5\redir[1].dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur.UTILISAT-36A5D1\Local Settings\Temp\dllsvr32.exe.bak (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\mIRC\mirc.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP511\A0163746.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP511\A0163747.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP511\A0163748.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP511\A0163749.dll (Trojan.FalkeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP511\A0163750.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP511\A0163751.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP511\A0163755.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP552\A0173078.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4B79715-65B0-420C-A4AA-AF87F276FBB1}\RP553\A0173153.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\elsq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\manual.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\pv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\support.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\UDC6V.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\updater.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\5.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\5.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\5.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\5.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0001ECFB (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0002454C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0002AB0B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00033DA6 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0003EF33 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0004C281 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0004E22E (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0004E73F (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0004E8D6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0004E9DF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0004EAE9.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0004EC21.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0005F92C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000AD3BA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000C621A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000C6343.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000C644D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\005306B3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0123F12E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0123F42C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0123F536.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\006563FE.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Accoona\icon-a.ico (Adware.Accoona) -> Quarantined and deleted successfully.
C:\Program Files\Accoona\INSTALL1.LOG (Adware.Accoona) -> Quarantined and deleted successfully.
C:\Program Files\Accoona\quiesce.exe (Adware.Accoona) -> Quarantined and deleted successfully.
C:\Program Files\Accoona\tbquiesce.exe (Adware.Accoona) -> Quarantined and deleted successfully.
C:\Program Files\Accoona\UNWISE.EXE (Adware.Accoona) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\14.05048 (Diler) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\alize_nue_plage\alize_nue_plage.ico (Diler) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\FanClara\FanClara.ico (Diler) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\FanParis\FanParis.ico (Diler) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\FanPriscilla\FanPriscilla.ico (Diler) -> Quarantined and deleted successfully.
C:\Program Files\AXVenore\Uninstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\PECarlin\Uninstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\KvmSecure\KvmSecure.exe (Rogue.KVMSecure) -> Quarantined and deleted successfully.
C:\Program Files\KvmSecure\vscan.tsi (Rogue.KVMSecure) -> Quarantined and deleted successfully.
C:\Program Files\KvmSecure\zlib.dll (Rogue.KVMSecure) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\pxgdslro.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\nldfmtapndk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\nldfmtapnvb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mdtgkswr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\gnowmebk.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\gktxaspm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Yazzle1220OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur.UTILISAT-36A5D1\Application Data\Microsoft\Internet Explorer\Quick Launch\KvmSecure.lnk (Rogue.KVMSecure) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur.UTILISAT-36A5D1\Local Settings\Tempboome20.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur.UTILISAT-36A5D1\Local Settings\Temp\msprint.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Papa Maman.UTILISAT-36A5D1\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Papa Maman.UTILISAT-36A5D1\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Papa Maman.UTILISAT-36A5D1\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur.UTILISAT-36A5D1\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Papa Maman.UTILISAT-36A5D1\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur.UTILISAT-36A5D1\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Papa Maman.UTILISAT-36A5D1\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur.UTILISAT-36A5D1\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Papa Maman.UTILISAT-36A5D1\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

et voila
0
Réponse 13 / 23
Utilisateur anonyme
 
tres grosse infection....

Important redémarre le pc

ensuite réouvre malewarebyte
va sur quarantaine
supprime tout

ensuite fais ceci :

Télécharge Clean:

-> http://www.malekal.com/download/clean.zip

-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914
0
Réponse 14 / 23
Decibel
 
C:\WINDOWS\System32\bdod.bin -->23/05/2008 21:06:38
C:\WINDOWS\System32\wpa.dbl -->23/05/2008 20:46:48
C:\WINDOWS\System32\bdss.log -->23/05/2008 20:46:25
C:\WINDOWS\System32\WxIknnpo.ini -->23/05/2008 20:43:17
C:\WINDOWS\System32\WxIknnpo.ini2 -->23/05/2008 20:43:14
C:\WINDOWS\System32\wqhmigil.dll -->23/05/2008 20:42:14
C:\WINDOWS\System32\fccaBRIc.dll -->23/05/2008 20:42:14
C:\WINDOWS\System32\opnnkIxW.dll -->23/05/2008 20:42:13
C:\WINDOWS\System32\clkcnt.txt -->23/05/2008 18:34:00
C:\WINDOWS\System32\PnkBstrB.exe -->20/05/2008 17:49:27
C:\WINDOWS\System32\xfcodec.dll -->14/05/2008 03:29:30
C:\WINDOWS\System32\MRT.exe -->09/05/2008 23:35:04
C:\WINDOWS\System32\perfh00C.dat -->08/05/2008 15:15:50
C:\WINDOWS\System32\perfh009.dat -->08/05/2008 15:15:50
C:\WINDOWS\System32\perfc00C.dat -->08/05/2008 15:15:50
C:\WINDOWS\System32\perfc009.dat -->08/05/2008 15:15:50
C:\WINDOWS\System32\PerfStringBackup.INI -->08/05/2008 15:15:49
C:\WINDOWS\System32\nvapps.xml -->23/04/2008 14:05:42
C:\WINDOWS\System32\FNTCACHE.DAT -->09/04/2008 13:01:35
C:\WINDOWS\System32\PnkBstrA.exe -->06/04/2008 16:28:56
C:\WINDOWS\System32\mswstr10.dll -->25/03/2008 06:51:09
C:\WINDOWS\System32\msjint40.dll -->25/03/2008 06:51:08
C:\WINDOWS\System32\msxbde40.dll -->25/03/2008 06:50:58
C:\WINDOWS\System32\mswdat10.dll -->25/03/2008 06:50:57
C:\WINDOWS\System32\mstext40.dll -->25/03/2008 06:50:55

C:\WINDOWS\0.log -->23/05/2008 20:46:31
C:\WINDOWS\wiaservc.log -->23/05/2008 20:46:28
C:\WINDOWS\wiadebug.log -->23/05/2008 20:46:26
C:\WINDOWS\bootstat.dat -->23/05/2008 20:45:57
C:\WINDOWS\SchedLgU.Txt -->23/05/2008 20:44:42
C:\WINDOWS\WindowsUpdate.log -->23/05/2008 20:44:36
C:\WINDOWS\pxgdslro.dll -->23/05/2008 20:42:17
C:\WINDOWS\gnowmebk.dll -->23/05/2008 20:42:17
C:\WINDOWS\win.ini -->22/05/2008 19:19:03
C:\WINDOWS\eavx.exe -->22/05/2008 18:45:52
C:\WINDOWS\BM97475117.txt -->22/05/2008 17:14:42
C:\WINDOWS\BM97475117.xml -->22/05/2008 13:40:00
C:\WINDOWS\NeroDigital.ini -->21/05/2008 14:08:24
C:\WINDOWS\FISHUI.INI -->22/04/2008 11:48:30
C:\WINDOWS\game.ini -->06/04/2008 16:25:20

et un autre rapport :

C:\WINDOWS\System32\PnkBstrB.exe -->20/05/2008 17:49:27
C:\WINDOWS\System32\MRT.exe -->09/05/2008 23:35:04
C:\WINDOWS\System32\PnkBstrA.exe -->06/04/2008 16:28:56
C:\WINDOWS\eavx.exe -->22/05/2008 18:45:52
C:\WINDOWS\System32\wqhmigil.dll -->23/05/2008 20:42:14
C:\WINDOWS\System32\fccaBRIc.dll -->23/05/2008 20:42:14
C:\WINDOWS\System32\opnnkIxW.dll -->23/05/2008 20:42:13
C:\WINDOWS\System32\xfcodec.dll -->14/05/2008 03:29:30
C:\WINDOWS\System32\mswstr10.dll -->25/03/2008 06:51:09
C:\WINDOWS\System32\msjint40.dll -->25/03/2008 06:51:08
C:\WINDOWS\System32\msxbde40.dll -->25/03/2008 06:50:58
C:\WINDOWS\System32\mswdat10.dll -->25/03/2008 06:50:57
C:\WINDOWS\System32\mstext40.dll -->25/03/2008 06:50:55
C:\WINDOWS\pxgdslro.dll -->23/05/2008 20:42:17
C:\WINDOWS\gnowmebk.dll -->23/05/2008 20:42:17
0
Réponse 15 / 23
Utilisateur anonyme
 
réouvre clean
passe l option 2

pui senvoi le rapport stp
0
Réponse 16 / 23
Decibel
 
y a pas de rapport qui s'ouvre ou qui s'enregistre apres l'action 2
0
Réponse 17 / 23
Utilisateur anonyme
 
ok tans pis

refais un scan hijackthis et poste le rapport stp
0
Réponse 18 / 23
Decibel
 
en fait c'est bon j'ai du faire l'action 2 fois en voyant que aucun fichier ne c'etait ouvert, j'espere que cela ne va pas influencer les resultats

Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 23/05/2008 a 21:29:13,89

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\bdod.bin

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
0
Réponse 19 / 23
Utilisateur anonyme
 
un rapport hijackthis stp
0
Réponse 20 / 23
Decibel
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:08, on 23/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bitdefender.fr/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chocolateraphotos.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecampus.com/bin/tol9inst.cab
O16 - DPF: {A66AC08A-ECD9-4031-A058-618E2756705F} (UploadPhoto.IconeaAX) - http://www.iconea.fr/apps/IconeaX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.fr/clients/uploader_v2.1.0.56.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/activeX/SpeedUploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses