Fenêtres indésirables IE - log HijackThis
Résolu/Fermé
sandul
Messages postés
3924
Date d'inscription
jeudi 22 mai 2008
Statut
Membre
Dernière intervention
8 octobre 2010
-
22 mai 2008 à 23:45
Utilisateur anonyme - 26 mai 2008 à 15:59
Utilisateur anonyme - 26 mai 2008 à 15:59
A voir également:
- Fenêtres indésirables IE - log HijackThis
- Hijackthis windows 10 - Télécharger - Antivirus & Antimalwares
- Comment faire cesser des appels indésirables sur portable - Guide
- Clavier qui ouvre des fenetres ✓ - Forum Windows Vista
- Liste des numéros de téléphone indésirables 2023 - Guide
- Google payment ie dublin - Forum Réseaux sociaux
7 réponses
Utilisateur anonyme
22 mai 2008 à 23:50
22 mai 2008 à 23:50
bonsoir
Préalable
• Vider la corbeille
• Fermer toutes les applications
================NAVILOG====================
Télécharge ceci http://il.mafioso.pagesperso-orange.fr/Navifix/download.htm
prend navilog1.exe
Choisir option 1 uniquement
Ensuite suit ce tutorial : http://mickael.barroux.free.fr/securite/navilog.php
Et enfin post le rapport du scan navilog
Préalable
• Vider la corbeille
• Fermer toutes les applications
================NAVILOG====================
Télécharge ceci http://il.mafioso.pagesperso-orange.fr/Navifix/download.htm
prend navilog1.exe
Choisir option 1 uniquement
Ensuite suit ce tutorial : http://mickael.barroux.free.fr/securite/navilog.php
Et enfin post le rapport du scan navilog
Utilisateur anonyme
23 mai 2008 à 11:15
23 mai 2008 à 11:15
rien pour le navipromo
y a donc du vundo on va s en occupé apres ça :
Télécharge ceci: (by Moe) :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe
Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.
y a donc du vundo on va s en occupé apres ça :
Télécharge ceci: (by Moe) :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe
Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.
sandul
Messages postés
3924
Date d'inscription
jeudi 22 mai 2008
Statut
Membre
Dernière intervention
8 octobre 2010
722
23 mai 2008 à 11:51
23 mai 2008 à 11:51
OK, voici ce rapport:
=============
# Rapport Lopxp fait le 23.05.2008 r 12:37:43
# Exécuté dans : C:\Program Files\Lopxp
# Version 3.10 - Maj du 11/04/2008
========== Listing des dossiers Application Data
+- C:\Documents and Settings\Administrator\Application Data
2007-08-27 r 10:57:02 - ACD Systems
2007-10-22 r 16:36:30 - ArcSoft
2007-09-01 r 17:57:04 - Big Fish Games
2007-10-19 r 17:49:45 - Creative
2007-10-20 r 21:54:15 - dvdcss
2007-09-02 r 12:05:41 - Help
2007-08-24 r 18:59:12 - Identities
2007-08-25 r 05:55:44 - Macromedia
2007-10-25 r 21:56:10 - Microsoft
2007-10-09 r 20:00:47 - Mozilla
2007-10-17 r 14:57:14 - MSN6
2007-10-09 r 20:00:47 - Netscape
2007-10-03 r 11:49:11 - Panasonic
2007-10-09 r 19:58:23 - Photodex
2007-10-13 r 21:18:33 - Printer Info Cache
2007-10-12 r 17:20:11 - ShoppingReport
2008-03-10 r 20:58:59 - Skype
2007-08-25 r 10:30:09 - Talkback
2007-11-14 r 17:31:47 - U3
2007-11-08 r 18:22:40 - Ulead Systems
2007-08-25 r 21:27:21 - VeniceMysteryData
2007-08-25 r 22:41:33 - vlc
2007-08-25 r 11:28:58 - Yahoo!
+- C:\Documents and Settings\Administrator\Local Settings\Application Data
2007-08-27 r 10:49:46 - ACDSee
2007-09-09 r 14:48:41 - Ahead
2007-11-14 r 12:34:25 - ApplicationHistory
2007-08-26 r 08:59:19 - Google
2007-09-02 r 12:05:41 - Help
2007-08-25 r 10:18:47 - HP
2007-08-25 r 10:18:47 - IsolatedStorage
2007-08-25 r 21:23:15 - JollyBear
2007-10-27 r 11:25:44 - Microsoft
2007-08-25 r 10:29:40 - Mozilla
2007-09-02 r 13:14:30 - MTV Networks
2007-10-28 r 15:01:20 - Winamp Toolbar
2007-09-09 r 17:28:43 - WMTools Downloaded Files
+- C:\Documents and Settings\All Users\Application Data
2008-03-30 r 13:12:24 - ACD Systems
2008-05-20 r 20:00:09 - Apple Computer
2008-04-25 r 15:42:46 - BigFishGamesCache
2008-03-14 r 16:14:03 - BitDefender
2007-12-04 r 20:13:49 - Christmasville
2007-10-03 r 11:55:14 - Creative
2008-03-17 r 20:07:31 - EscapeTheMuseum
2008-03-14 r 16:25:27 - ESET
2007-12-12 r 17:54:39 - Flood Light Games
2008-03-22 r 16:46:32 - Friday's games
2008-03-27 r 16:50:25 - Friends Games
2008-05-22 r 18:28:13 - Google
2008-03-14 r 13:55:07 - Hewlett-Packard
2008-02-12 r 15:02:34 - JollyBear
2008-05-21 r 10:44:57 - Lavasoft
2008-03-29 r 16:39:27 - Meridian93
2007-09-09 r 14:36:19 - Microsoft
2008-03-06 r 12:26:19 - MonteCristo
2007-08-25 r 06:17:31 - MSN6
2008-04-02 r 19:07:31 - Nitro PDF
2008-03-27 r 12:46:33 - PopCap
2008-02-29 r 18:41:54 - Raxco
2008-05-20 r 19:58:16 - Real
2007-08-25 r 10:30:59 - Skype
2007-11-23 r 18:28:13 - SpinTop Games
2008-05-21 r 13:25:45 - Spybot - Search & Destroy
2008-05-19 r 18:55:35 - systemerrorfixer
2008-05-03 r 19:15:39 - TEMP
2008-03-27 r 15:29:33 - Trymedia
2007-11-08 r 18:22:38 - Ulead Systems
2007-09-02 r 12:38:58 - Windows Genuine Advantage
2007-08-25 r 10:36:24 - Yahoo!
2007-12-21 r 15:53:24 - Yahoo! Companion
2008-03-05 r 10:16:32 - Zylom
+- C:\Documents and Settings\Sandu i Nina\Application Data
2008-05-13 r 15:49:10 - Abra Academy2
2008-03-30 r 12:19:04 - ACD Systems
2008-05-20 r 06:55:12 - Adobe
2008-03-10 r 21:32:44 - Big Fish Games
2008-03-10 r 21:32:59 - BloodTies
2008-03-10 r 21:32:43 - cerasus.media
2008-05-01 r 12:48:05 - Creative
2008-03-29 r 11:07:09 - dvdcss
2008-03-14 r 16:26:37 - ESET
2008-03-10 r 21:32:43 - Flood Light Games
2008-03-13 r 11:50:36 - Google
2008-05-15 r 12:47:32 - Help
2008-03-15 r 23:14:27 - Macromedia
2008-03-10 r 21:32:48 - Media Player Classic
2008-05-22 r 16:21:40 - Microsoft
2008-05-21 r 12:32:08 - Mozilla
2008-04-02 r 17:08:05 - Nitro PDF
2008-03-10 r 21:32:48 - Photodex
2008-05-20 r 19:58:16 - Real
2008-05-07 r 14:34:59 - Restorer
2008-05-19 r 21:13:57 - Skype
2008-04-25 r 16:04:27 - SprillBermudeEng
2008-05-22 r 20:48:51 - Sun
2008-05-22 r 20:53:09 - SystemRequirementsLab
2008-04-23 r 13:23:56 - U3
2008-03-10 r 21:32:43 - Ulead Systems
2008-05-15 r 13:59:18 - uTorrent
2008-03-17 r 19:56:50 - VeniceMysteryData
2008-03-24 r 14:12:05 - Wildfire
2008-03-30 r 12:27:28 - Yahoo!
+- C:\Documents and Settings\Sandu i Nina\Local Settings\Application Data
2008-03-30 r 13:13:21 - ACD Systems
2008-03-10 r 21:32:50 - Ahead
2008-05-20 r 19:59:59 - Apple Computer
2008-05-23 r 09:20:43 - ApplicationHistory
2008-04-02 r 17:02:28 - Downloaded Installations
2008-03-14 r 17:04:44 - ESET
2008-05-20 r 18:39:30 - free-downloads.net
2008-04-25 r 19:14:00 - Game Mill Files
2008-03-13 r 11:50:36 - Google
2008-05-15 r 12:47:32 - Help
2007-11-14 r 19:05:39 - HP
2008-05-19 r 12:56:41 - Identities
2007-11-14 r 19:05:42 - IsolatedStorage
2008-02-12 r 15:02:34 - JollyBear
2008-05-22 r 20:08:57 - Microsoft
2007-11-14 r 19:19:41 - Mozilla
2008-03-07 r 18:39:47 - MTV Networks
2007-12-23 r 20:17:05 - Oberon Games
2008-05-20 r 19:58:16 - Real
2007-11-22 r 21:57:50 - WMTools Downloaded Files
========== Listing du dossier Program Files
+- C:\Program Files
2008-03-30 r 13:12:18 - ACD Systems
2008-05-20 r 18:46:29 - ACE Mega CoDecS Pack
2007-08-31 r 14:10:42 - Ace MP3 To WAV Converter
2007-09-06 r 16:43:06 - Ahead
2008-05-20 r 20:09:00 - Alcohol Soft
2007-09-06 r 15:46:54 - AskTBar
2007-11-01 r 19:40:40 - AviSynth 2.5
2008-03-27 r 15:28:05 - BFG
2008-03-04 r 13:45:56 - BitTorrent Fastest Tool
2008-03-25 r 19:56:55 - C-Media 3D Audio
2008-05-22 r 20:49:25 - Common Files
2007-08-24 r 18:50:19 - ComPlus Applications
2007-10-03 r 11:56:46 - Creative
2007-08-25 r 04:58:00 - Dictionary
2008-03-18 r 19:22:18 - eMule
2008-05-22 r 09:33:25 - ESET
2008-04-02 r 18:34:21 - Foxit Software
2008-05-20 r 19:17:28 - free-downloads.net
2007-11-20 r 21:08:59 - Free-Soft
2008-05-22 r 18:28:13 - Google
2008-03-14 r 18:08:59 - GRISOFT
2008-03-14 r 13:55:07 - Hewlett-Packard
2008-05-20 r 18:37:20 - hkSFV
2008-03-14 r 14:03:02 - HP
2008-05-20 r 18:50:29 - InstallShield Installation Information
2008-05-22 r 20:07:38 - Internet Explorer
2008-05-22 r 20:50:12 - Java
2008-05-20 r 17:12:49 - jv16
2008-05-20 r 19:55:21 - K-Lite
2007-10-07 r 18:51:15 - Lavalys
2008-05-21 r 10:43:44 - Lavasoft
2008-05-23 r 09:37:55 - Lopxp
2007-08-26 r 08:20:37 - Messenger
2007-08-24 r 18:54:05 - microsoft frontpage
2007-08-24 r 19:28:54 - Microsoft Office
2007-08-24 r 19:28:43 - Microsoft Visual Studio
2007-08-24 r 19:28:49 - Microsoft Works
2007-08-24 r 19:29:21 - Microsoft.NET
2007-08-25 r 13:11:53 - Movie Maker
2008-05-22 r 20:52:08 - Mozilla Firefox
2008-05-14 r 19:28:35 - MSECACHE
2007-08-24 r 18:50:09 - MSN
2007-08-24 r 18:49:54 - MSN Gaming Zone
2007-08-26 r 07:41:41 - MSXML 4.0
2008-05-21 r 17:58:14 - MSXML 6.0
2007-09-02 r 13:14:15 - MTV Networks
2008-05-23 r 09:03:15 - Navilog1
2008-05-18 r 19:59:58 - NetMeeting
2008-04-02 r 19:07:31 - Nitro PDF
2007-08-24 r 18:52:17 - Online Services
2007-08-26 r 08:01:20 - Outlook Express
2007-10-18 r 14:46:09 - Photodex
2007-10-09 r 20:00:48 - Photodex Presenter
2008-05-20 r 18:24:03 - PrintKey2000
2008-05-20 r 20:00:09 - QuickTimeAlternative
2008-05-15 r 16:00:50 - Raxco
2008-05-20 r 19:58:21 - RealAlternative
2008-05-20 r 16:33:07 - RealVNC
2008-03-07 r 18:13:09 - ReflexiveArcade
2008-05-06 r 18:00:50 - ScreenMates
2008-05-22 r 19:14:51 - Serious Backgammon
2008-05-20 r 19:17:28 - Share_Accelerator_MM
2007-09-10 r 18:55:57 - Sign
2007-08-25 r 10:31:06 - Skype
2008-05-21 r 13:22:42 - Spybot - Search & Destroy
2008-05-20 r 09:03:42 - SystemErrorFixer
2008-05-22 r 20:53:09 - SystemRequirementsLab
2008-05-21 r 14:54:13 - Trend Micro
2007-08-25 r 10:15:33 - Uninstall Information
2008-03-29 r 21:27:05 - uTorrent
2008-05-20 r 19:10:18 - VideoLAN
2008-05-20 r 18:57:33 - Winamp
2008-05-14 r 20:02:26 - Windows Installer Clean Up
2007-09-02 r 12:02:59 - Windows Media Components
2007-09-02 r 12:44:48 - Windows Media Connect 2
2007-09-02 r 12:44:44 - Windows Media Player
2007-08-25 r 13:02:19 - Windows NT
2007-08-25 r 13:38:55 - WindowsUpdate
2008-01-30 r 09:39:44 - WinRAR
2007-08-24 r 18:54:05 - xerox
2007-08-25 r 10:35:17 - Yahoo!
========== Tâches planifiées
Packard Bell Data Secure for Sandu si Nina.job: C:\Program Files\Packard Bell Data Secure\DSMsg.exe 2
========== Clés registre
========== Bloqueur popups Internet Explorer
========== Suggestion ( /!\ Nécessite une interprétation.) ==========
+- Dossiers\Fichiers : Aucune suggestion.
+- Registre : Aucune suggestion.
- Fin du rapport -
===========
=============
# Rapport Lopxp fait le 23.05.2008 r 12:37:43
# Exécuté dans : C:\Program Files\Lopxp
# Version 3.10 - Maj du 11/04/2008
========== Listing des dossiers Application Data
+- C:\Documents and Settings\Administrator\Application Data
2007-08-27 r 10:57:02 - ACD Systems
2007-10-22 r 16:36:30 - ArcSoft
2007-09-01 r 17:57:04 - Big Fish Games
2007-10-19 r 17:49:45 - Creative
2007-10-20 r 21:54:15 - dvdcss
2007-09-02 r 12:05:41 - Help
2007-08-24 r 18:59:12 - Identities
2007-08-25 r 05:55:44 - Macromedia
2007-10-25 r 21:56:10 - Microsoft
2007-10-09 r 20:00:47 - Mozilla
2007-10-17 r 14:57:14 - MSN6
2007-10-09 r 20:00:47 - Netscape
2007-10-03 r 11:49:11 - Panasonic
2007-10-09 r 19:58:23 - Photodex
2007-10-13 r 21:18:33 - Printer Info Cache
2007-10-12 r 17:20:11 - ShoppingReport
2008-03-10 r 20:58:59 - Skype
2007-08-25 r 10:30:09 - Talkback
2007-11-14 r 17:31:47 - U3
2007-11-08 r 18:22:40 - Ulead Systems
2007-08-25 r 21:27:21 - VeniceMysteryData
2007-08-25 r 22:41:33 - vlc
2007-08-25 r 11:28:58 - Yahoo!
+- C:\Documents and Settings\Administrator\Local Settings\Application Data
2007-08-27 r 10:49:46 - ACDSee
2007-09-09 r 14:48:41 - Ahead
2007-11-14 r 12:34:25 - ApplicationHistory
2007-08-26 r 08:59:19 - Google
2007-09-02 r 12:05:41 - Help
2007-08-25 r 10:18:47 - HP
2007-08-25 r 10:18:47 - IsolatedStorage
2007-08-25 r 21:23:15 - JollyBear
2007-10-27 r 11:25:44 - Microsoft
2007-08-25 r 10:29:40 - Mozilla
2007-09-02 r 13:14:30 - MTV Networks
2007-10-28 r 15:01:20 - Winamp Toolbar
2007-09-09 r 17:28:43 - WMTools Downloaded Files
+- C:\Documents and Settings\All Users\Application Data
2008-03-30 r 13:12:24 - ACD Systems
2008-05-20 r 20:00:09 - Apple Computer
2008-04-25 r 15:42:46 - BigFishGamesCache
2008-03-14 r 16:14:03 - BitDefender
2007-12-04 r 20:13:49 - Christmasville
2007-10-03 r 11:55:14 - Creative
2008-03-17 r 20:07:31 - EscapeTheMuseum
2008-03-14 r 16:25:27 - ESET
2007-12-12 r 17:54:39 - Flood Light Games
2008-03-22 r 16:46:32 - Friday's games
2008-03-27 r 16:50:25 - Friends Games
2008-05-22 r 18:28:13 - Google
2008-03-14 r 13:55:07 - Hewlett-Packard
2008-02-12 r 15:02:34 - JollyBear
2008-05-21 r 10:44:57 - Lavasoft
2008-03-29 r 16:39:27 - Meridian93
2007-09-09 r 14:36:19 - Microsoft
2008-03-06 r 12:26:19 - MonteCristo
2007-08-25 r 06:17:31 - MSN6
2008-04-02 r 19:07:31 - Nitro PDF
2008-03-27 r 12:46:33 - PopCap
2008-02-29 r 18:41:54 - Raxco
2008-05-20 r 19:58:16 - Real
2007-08-25 r 10:30:59 - Skype
2007-11-23 r 18:28:13 - SpinTop Games
2008-05-21 r 13:25:45 - Spybot - Search & Destroy
2008-05-19 r 18:55:35 - systemerrorfixer
2008-05-03 r 19:15:39 - TEMP
2008-03-27 r 15:29:33 - Trymedia
2007-11-08 r 18:22:38 - Ulead Systems
2007-09-02 r 12:38:58 - Windows Genuine Advantage
2007-08-25 r 10:36:24 - Yahoo!
2007-12-21 r 15:53:24 - Yahoo! Companion
2008-03-05 r 10:16:32 - Zylom
+- C:\Documents and Settings\Sandu i Nina\Application Data
2008-05-13 r 15:49:10 - Abra Academy2
2008-03-30 r 12:19:04 - ACD Systems
2008-05-20 r 06:55:12 - Adobe
2008-03-10 r 21:32:44 - Big Fish Games
2008-03-10 r 21:32:59 - BloodTies
2008-03-10 r 21:32:43 - cerasus.media
2008-05-01 r 12:48:05 - Creative
2008-03-29 r 11:07:09 - dvdcss
2008-03-14 r 16:26:37 - ESET
2008-03-10 r 21:32:43 - Flood Light Games
2008-03-13 r 11:50:36 - Google
2008-05-15 r 12:47:32 - Help
2008-03-15 r 23:14:27 - Macromedia
2008-03-10 r 21:32:48 - Media Player Classic
2008-05-22 r 16:21:40 - Microsoft
2008-05-21 r 12:32:08 - Mozilla
2008-04-02 r 17:08:05 - Nitro PDF
2008-03-10 r 21:32:48 - Photodex
2008-05-20 r 19:58:16 - Real
2008-05-07 r 14:34:59 - Restorer
2008-05-19 r 21:13:57 - Skype
2008-04-25 r 16:04:27 - SprillBermudeEng
2008-05-22 r 20:48:51 - Sun
2008-05-22 r 20:53:09 - SystemRequirementsLab
2008-04-23 r 13:23:56 - U3
2008-03-10 r 21:32:43 - Ulead Systems
2008-05-15 r 13:59:18 - uTorrent
2008-03-17 r 19:56:50 - VeniceMysteryData
2008-03-24 r 14:12:05 - Wildfire
2008-03-30 r 12:27:28 - Yahoo!
+- C:\Documents and Settings\Sandu i Nina\Local Settings\Application Data
2008-03-30 r 13:13:21 - ACD Systems
2008-03-10 r 21:32:50 - Ahead
2008-05-20 r 19:59:59 - Apple Computer
2008-05-23 r 09:20:43 - ApplicationHistory
2008-04-02 r 17:02:28 - Downloaded Installations
2008-03-14 r 17:04:44 - ESET
2008-05-20 r 18:39:30 - free-downloads.net
2008-04-25 r 19:14:00 - Game Mill Files
2008-03-13 r 11:50:36 - Google
2008-05-15 r 12:47:32 - Help
2007-11-14 r 19:05:39 - HP
2008-05-19 r 12:56:41 - Identities
2007-11-14 r 19:05:42 - IsolatedStorage
2008-02-12 r 15:02:34 - JollyBear
2008-05-22 r 20:08:57 - Microsoft
2007-11-14 r 19:19:41 - Mozilla
2008-03-07 r 18:39:47 - MTV Networks
2007-12-23 r 20:17:05 - Oberon Games
2008-05-20 r 19:58:16 - Real
2007-11-22 r 21:57:50 - WMTools Downloaded Files
========== Listing du dossier Program Files
+- C:\Program Files
2008-03-30 r 13:12:18 - ACD Systems
2008-05-20 r 18:46:29 - ACE Mega CoDecS Pack
2007-08-31 r 14:10:42 - Ace MP3 To WAV Converter
2007-09-06 r 16:43:06 - Ahead
2008-05-20 r 20:09:00 - Alcohol Soft
2007-09-06 r 15:46:54 - AskTBar
2007-11-01 r 19:40:40 - AviSynth 2.5
2008-03-27 r 15:28:05 - BFG
2008-03-04 r 13:45:56 - BitTorrent Fastest Tool
2008-03-25 r 19:56:55 - C-Media 3D Audio
2008-05-22 r 20:49:25 - Common Files
2007-08-24 r 18:50:19 - ComPlus Applications
2007-10-03 r 11:56:46 - Creative
2007-08-25 r 04:58:00 - Dictionary
2008-03-18 r 19:22:18 - eMule
2008-05-22 r 09:33:25 - ESET
2008-04-02 r 18:34:21 - Foxit Software
2008-05-20 r 19:17:28 - free-downloads.net
2007-11-20 r 21:08:59 - Free-Soft
2008-05-22 r 18:28:13 - Google
2008-03-14 r 18:08:59 - GRISOFT
2008-03-14 r 13:55:07 - Hewlett-Packard
2008-05-20 r 18:37:20 - hkSFV
2008-03-14 r 14:03:02 - HP
2008-05-20 r 18:50:29 - InstallShield Installation Information
2008-05-22 r 20:07:38 - Internet Explorer
2008-05-22 r 20:50:12 - Java
2008-05-20 r 17:12:49 - jv16
2008-05-20 r 19:55:21 - K-Lite
2007-10-07 r 18:51:15 - Lavalys
2008-05-21 r 10:43:44 - Lavasoft
2008-05-23 r 09:37:55 - Lopxp
2007-08-26 r 08:20:37 - Messenger
2007-08-24 r 18:54:05 - microsoft frontpage
2007-08-24 r 19:28:54 - Microsoft Office
2007-08-24 r 19:28:43 - Microsoft Visual Studio
2007-08-24 r 19:28:49 - Microsoft Works
2007-08-24 r 19:29:21 - Microsoft.NET
2007-08-25 r 13:11:53 - Movie Maker
2008-05-22 r 20:52:08 - Mozilla Firefox
2008-05-14 r 19:28:35 - MSECACHE
2007-08-24 r 18:50:09 - MSN
2007-08-24 r 18:49:54 - MSN Gaming Zone
2007-08-26 r 07:41:41 - MSXML 4.0
2008-05-21 r 17:58:14 - MSXML 6.0
2007-09-02 r 13:14:15 - MTV Networks
2008-05-23 r 09:03:15 - Navilog1
2008-05-18 r 19:59:58 - NetMeeting
2008-04-02 r 19:07:31 - Nitro PDF
2007-08-24 r 18:52:17 - Online Services
2007-08-26 r 08:01:20 - Outlook Express
2007-10-18 r 14:46:09 - Photodex
2007-10-09 r 20:00:48 - Photodex Presenter
2008-05-20 r 18:24:03 - PrintKey2000
2008-05-20 r 20:00:09 - QuickTimeAlternative
2008-05-15 r 16:00:50 - Raxco
2008-05-20 r 19:58:21 - RealAlternative
2008-05-20 r 16:33:07 - RealVNC
2008-03-07 r 18:13:09 - ReflexiveArcade
2008-05-06 r 18:00:50 - ScreenMates
2008-05-22 r 19:14:51 - Serious Backgammon
2008-05-20 r 19:17:28 - Share_Accelerator_MM
2007-09-10 r 18:55:57 - Sign
2007-08-25 r 10:31:06 - Skype
2008-05-21 r 13:22:42 - Spybot - Search & Destroy
2008-05-20 r 09:03:42 - SystemErrorFixer
2008-05-22 r 20:53:09 - SystemRequirementsLab
2008-05-21 r 14:54:13 - Trend Micro
2007-08-25 r 10:15:33 - Uninstall Information
2008-03-29 r 21:27:05 - uTorrent
2008-05-20 r 19:10:18 - VideoLAN
2008-05-20 r 18:57:33 - Winamp
2008-05-14 r 20:02:26 - Windows Installer Clean Up
2007-09-02 r 12:02:59 - Windows Media Components
2007-09-02 r 12:44:48 - Windows Media Connect 2
2007-09-02 r 12:44:44 - Windows Media Player
2007-08-25 r 13:02:19 - Windows NT
2007-08-25 r 13:38:55 - WindowsUpdate
2008-01-30 r 09:39:44 - WinRAR
2007-08-24 r 18:54:05 - xerox
2007-08-25 r 10:35:17 - Yahoo!
========== Tâches planifiées
Packard Bell Data Secure for Sandu si Nina.job: C:\Program Files\Packard Bell Data Secure\DSMsg.exe 2
========== Clés registre
========== Bloqueur popups Internet Explorer
========== Suggestion ( /!\ Nécessite une interprétation.) ==========
+- Dossiers\Fichiers : Aucune suggestion.
+- Registre : Aucune suggestion.
- Fin du rapport -
===========
Utilisateur anonyme
23 mai 2008 à 11:59
23 mai 2008 à 11:59
pas de cid non plus lol
c est cool
pour vundo ;
télécharge VundoFix à cette adresse: http://www.atribune.org/ccount/click.php?id=4
* Double-clique sur VundoFix.exe
* Clique sur le bouton Scan for Vundo
* Si le programme te demande de supprimer des fichiers, dis oui
* Lorsque le programme a fini de scanner ton pc, il doit être éteint, redémarre le.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt
c est cool
pour vundo ;
télécharge VundoFix à cette adresse: http://www.atribune.org/ccount/click.php?id=4
* Double-clique sur VundoFix.exe
* Clique sur le bouton Scan for Vundo
* Si le programme te demande de supprimer des fichiers, dis oui
* Lorsque le programme a fini de scanner ton pc, il doit être éteint, redémarre le.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt
sandul
Messages postés
3924
Date d'inscription
jeudi 22 mai 2008
Statut
Membre
Dernière intervention
8 octobre 2010
722
23 mai 2008 à 12:28
23 mai 2008 à 12:28
Eeeerf, il ne trouve rien, celui-là:
==================
VundoFix V7.0.5
Scan started at 13:02:56 23.05.2008
Listing files found while scanning....
No infected files were found.
==================
Il est vrai que peut-être Vundo n'est plus "complet": j'avais remarqué hier (avant de commencer à poster sur ce forum) deux .dll bizarres qui étaient lancées au démarrage via rundll32 et j'ai désactivé le lancement avec jv16. Une recherche Google avec le nom des deux DLL ne donnait rien (aucune réponse trouvée), mais en soumettant les fichiers à https://www.virustotal.com/gui/ 7 des 32 programmes antivirus détectaient soit la présence de Vundo soit des trucs suspects. Après la désactivation du lancement avec jv16, j'avais démarré en mode sans échec et supprimé (avec DEL /F) depuis c:\windows\system.32 les deux .dll in cause. Par la suite, jv16 ne liste plus de dll suspect lancée avec rundll32.
En tout cas, l'infection reste (fenêtres indésirables toujours présentes) et ce matin nod32 a supprimé deux fois un Win32/Adware.AVSystemCare (le nom de l'objet étant http://archive.easydownloadsoft.com/antispywaremaster.com/AntiSpywareMaster/install_en.cab preuve que les fenêtres de pub demeurrent et que mon ami a dû accepter le téléchargement (qui était proposé en boucle, si on ne l'acceptait pas, la proposition revenait tout de suite).
Merci encore pour ta patience, Chiquitine.
==================
VundoFix V7.0.5
Scan started at 13:02:56 23.05.2008
Listing files found while scanning....
No infected files were found.
==================
Il est vrai que peut-être Vundo n'est plus "complet": j'avais remarqué hier (avant de commencer à poster sur ce forum) deux .dll bizarres qui étaient lancées au démarrage via rundll32 et j'ai désactivé le lancement avec jv16. Une recherche Google avec le nom des deux DLL ne donnait rien (aucune réponse trouvée), mais en soumettant les fichiers à https://www.virustotal.com/gui/ 7 des 32 programmes antivirus détectaient soit la présence de Vundo soit des trucs suspects. Après la désactivation du lancement avec jv16, j'avais démarré en mode sans échec et supprimé (avec DEL /F) depuis c:\windows\system.32 les deux .dll in cause. Par la suite, jv16 ne liste plus de dll suspect lancée avec rundll32.
En tout cas, l'infection reste (fenêtres indésirables toujours présentes) et ce matin nod32 a supprimé deux fois un Win32/Adware.AVSystemCare (le nom de l'objet étant http://archive.easydownloadsoft.com/antispywaremaster.com/AntiSpywareMaster/install_en.cab preuve que les fenêtres de pub demeurrent et que mon ami a dû accepter le téléchargement (qui était proposé en boucle, si on ne l'acceptait pas, la proposition revenait tout de suite).
Merci encore pour ta patience, Chiquitine.
Utilisateur anonyme
23 mai 2008 à 12:43
23 mai 2008 à 12:43
Fais un scan avec cet antispyware :
Telecharge malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
Telecharge malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
sandul
Messages postés
3924
Date d'inscription
jeudi 22 mai 2008
Statut
Membre
Dernière intervention
8 octobre 2010
722
23 mai 2008 à 15:52
23 mai 2008 à 15:52
Salut,
Voici le résultat après l'enlèvement de tout ce qu'il m'a proposé:
==============
Malwarebytes' Anti-Malware 1.12
Database version: 780
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 129450
Time elapsed: 53 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 33
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 9
Files Infected: 29
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\xxyvuvur.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\iifcASLc.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c140968d-653a-497b-a199-953ecdcc428d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c140968d-653a-497b-a199-953ecdcc428d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SystemErrorFixerDownloader (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifcaslc (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM13324944 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyvuvur -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyvuvur -> Delete on reboot.
Folders Infected:
C:\Documents and Settings\Administrator\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\SystemErrorFixer (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\lesrjigj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jgijrsel.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyvuvur.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ruvuvyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvuvyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\17PHolmes365.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\kit\Ckit ProshovProducer\Cheia-cr-pmk12\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
E:\kit\cr-pmk12\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
E:\kit\Programe noi\Ahead[1].Nero.Burning.ROM.6.6.0.8a\keygen\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\SystemErrorFixer\swupd.log (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\ac (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\em (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\oid (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\SystemErrorFixer.exe.cer (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\user (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lxtdnfqb.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tuvTnKcY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMgeEtS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcYpmlM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtsSkKb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifcASLc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvUlkKAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
==================
Voici le résultat après l'enlèvement de tout ce qu'il m'a proposé:
==============
Malwarebytes' Anti-Malware 1.12
Database version: 780
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 129450
Time elapsed: 53 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 33
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 9
Files Infected: 29
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\xxyvuvur.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\iifcASLc.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c140968d-653a-497b-a199-953ecdcc428d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c140968d-653a-497b-a199-953ecdcc428d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SystemErrorFixerDownloader (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifcaslc (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM13324944 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyvuvur -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyvuvur -> Delete on reboot.
Folders Infected:
C:\Documents and Settings\Administrator\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\SystemErrorFixer (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\lesrjigj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jgijrsel.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyvuvur.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ruvuvyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvuvyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\17PHolmes365.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\kit\Ckit ProshovProducer\Cheia-cr-pmk12\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
E:\kit\cr-pmk12\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
E:\kit\Programe noi\Ahead[1].Nero.Burning.ROM.6.6.0.8a\keygen\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\SystemErrorFixer\swupd.log (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\ac (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\em (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\oid (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\SystemErrorFixer.exe.cer (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\user (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lxtdnfqb.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tuvTnKcY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMgeEtS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcYpmlM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtsSkKb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifcASLc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvUlkKAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
==================
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
23 mai 2008 à 15:57
23 mai 2008 à 15:57
reouvre malewarebyte
va sur quarantaine
supprime tout
puis redémarre le pc
ensuite refais un scan hijackthis et dis moi comment va le pc
va sur quarantaine
supprime tout
puis redémarre le pc
ensuite refais un scan hijackthis et dis moi comment va le pc
sandul
Messages postés
3924
Date d'inscription
jeudi 22 mai 2008
Statut
Membre
Dernière intervention
8 octobre 2010
722
23 mai 2008 à 16:46
23 mai 2008 à 16:46
J'ai repassé un scan malawarebyte et il a encore trouvé des choses, mais pas autant! Voici le rapport, je repasse une troisième fois le scan et s'il est clean je te passe le rapport hijackthis + l'état de santé de ma machine.
============
Malwarebytes' Anti-Malware 1.12
Database version: 780
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 129221
Time elapsed: 48 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\xxyvuvur.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvuvyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvuvyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifcASLc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
=============
============
Malwarebytes' Anti-Malware 1.12
Database version: 780
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 129221
Time elapsed: 48 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\xxyvuvur.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvuvyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvuvyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifcASLc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
=============
Utilisateur anonyme
23 mai 2008 à 16:49
23 mai 2008 à 16:49
avant derfaire le scan
supprime le quarantaine
supprime le quarantaine
sandul
Messages postés
3924
Date d'inscription
jeudi 22 mai 2008
Statut
Membre
Dernière intervention
8 octobre 2010
722
26 mai 2008 à 15:57
26 mai 2008 à 15:57
Merci beaucoup chiquitine. Je n'ai plus réussi à me connecter sur le PC de mon ami, mais au tél il m'a dit que son PC est désormais propre (en tout cas plus aucune trace de malware dans les scan et plus de problème constaté dans les navigateurs).
Je crois que le problème est résolu.
Je crois que le problème est résolu.
23 mai 2008 à 11:09
Merci beaucoup pour la réponse rapide. Il s'agit en fait de l'ordinateur d'un ami et j'essaie de l'aider à distance (d'où la présence de RealVNC). L'infection Vundo a été rapporté par Search & Destroy et j'avais bien essayer de la supprimer, mais apparamment sans succès. Voici le log demandé:
===============
Search Navipromo version 3.5.7 commencé le 23.05.2008 r 11:56:14,33
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Sandu si Nina"
Mise r jour le 11.05.2008 r 18h00 par IL-MAFIOSO
Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.13
Systcme de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\startm~1\programs" ***
*** Recherche dossiers dans "C:\Documents and Settings\Sandu si Nina\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Sandu si Nina\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Sandu si Nina\startm~1\programs" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Sandu si Nina\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Sandu si Nina\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\iQrYJRqr.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\ruvuvyxx.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 23.05.2008 r 12:00:53,15 ***
=============
Encore une fois merci.