Virus : reported insecure browsing

Résolu
LaYS -  
 albialboalbu -
Bonjour,
j'utilise internet explorer 7.0 et à chaque fois que j'utilise mon navigateur et que je tappe le nom d'un moteur de recherche j'ai ce message d'erreur qui s'affiche
Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register KvmSecure.
We recommend you to protect your PC now and continue safe Internet browsing.
Click here to get full advanced real-time protection and continue browsing.
Continue to this website unprotected (not recommended).

mon fond d'ecran est devenu bleu et il y a un message d'erreur d'ecrit qui dit : warning , spyware detected on your computer
j'ai pourtant kaspersky comme anti virus et j'ai fait une analyse avec spybot
quelqun pourrait il me guider pour l'analyse hijackthis ??
Configuration: Windows XP
Internet Explorer 7.0

48 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Un utilisateur sous Windows XP et Internet Explorer 7.0 est confronté à un message d'erreur 'Insecure Internet activity' et à des avertissements de virus et spyware affichés sur le bureau, accompagné d'un fond bleu. Plusieurs réponses préconisent un diagnostic approfondi et des outils de détection/de-purge, notamment Malwarebytes et CCleaner, puis des analyses plus ciblées avec HijackThis et RegCleaner pour nettoyer le registre et les éléments indésirables. D'autres conseillent d'effectuer un redémarrage en mode sans échec et, après scan et corrections, de vérifier les programmes installés et les services inutiles, puis de nettoyer le registre avec RegCleaner et ToolsCleaner si nécessaire.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. a.M
     
    malware est en cour d'execution je posterais le rapport des que je finis
    ca ne cesse de s'agraver puisque je ne retrouve plus mes disques locaux et que virus alert est marqué devant l'horloge
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      si sa s'agrave trop tu redemmare on mode sans echec tu desinstalle kapersky que tu reinstallera plus tard s'il te conviend et a la plaçe tu installe antivir http://www.commentcamarche.net/telecharger/telecharger 55 antivir personal et tu fait un scan complet
      0
  2. laYS
     
    voici mon résultat du test malwarebytes

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc7a758b-8ca3-4fb5-987d-f6147daa28c6} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\atfxqogp.bxpr (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\atfxqogp.toolbar.1 (Trojan.FakeAlert) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysSetup (Trojan.Clicker) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ChkSetup (Trojan.Clicker) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\KernelAlrt (Trojan.Clicker) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0b9928ca-2b38-43c8-be19-a4a6386de417} (Trojan.Vundo) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vltdfabw (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vregfwlx (Trojan.FakeAlert) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-643-9914694-23737) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (92318-600-9914694-23737) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> No action taken.

    Dossier(s) infecté(s):
    C:\WINDOWS\system32\673351 (Trojan.BHO) -> No action taken.
    C:\WINDOWS\system32\818646 (Trojan.BHO) -> No action taken.

    Fichier(s) infecté(s):
    C:\WINDOWS\Resources\SysSetup.dll (Trojan.Clicker) -> No action taken.
    C:\WINDOWS\Resources\ChkSetup.dll (Trojan.Clicker) -> No action taken.
    C:\WINDOWS\Resources\KernelAlrt.dll (Trojan.Clicker) -> No action taken.
    C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\byXRkkkj.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ddcaayvW.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ddcCULcd.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\geBtQgGA.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\geBtSJdB.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\urqopmLB.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\urqQkjkk.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\xxyaxWMC.dll (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\rbnpsrv.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\khfDvVLC.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\xmpstean.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\boqnrwdmfrp.dll (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\printsrv32.exe (Trojan.Agent) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\nyps4.exe (Trojan.Agent) -> No action taken.
    0
  3. laYS
     
    j'ai pas tout copié dsl

    Malwarebytes' Anti-Malware 1.14
    Version de la base de données: 800

    12:12:17 30/05/2008
    mbam-log-5-30-2008 (12-12-13).txt

    Type de recherche: Examen rapide
    Eléments examinés: 53372
    Temps écoulé: 10 minute(s), 4 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 5
    Clé(s) du Registre infectée(s): 25
    Valeur(s) du Registre infectée(s): 12
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 26

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\Resources\SysSetup.dll (Trojan.Clicker) -> No action taken.
    C:\WINDOWS\Resources\ChkSetup.dll (Trojan.Clicker) -> No action taken.
    C:\WINDOWS\Resources\KernelAlrt.dll (Trojan.Clicker) -> No action taken.
    C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\boqnrwdmfrp.dll (Trojan.FakeAlert) -> No action taken.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{df5bd84e-c13f-4b06-8395-f9be408652eb} (Trojan.Clicker) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{bae42be9-6097-4e4c-86be-21dca22cfb22} (Trojan.Clicker) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{cd97a9d3-3ce3-44d7-8fab-762b02369aa4} (Trojan.Clicker) -> No action taken.
    HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{54192079-8e8a-43d8-bcbc-3874916159af} (Trojan.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54192079-8e8a-43d8-bcbc-3874916159af} (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{570ee2a3-039b-4e5f-ae6a-d7949f9d356b} (Trojan.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{570ee2a3-039b-4e5f-ae6a-d7949f9d356b} (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{0b9928ca-2b38-43c8-be19-a4a6386de417} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b9928ca-2b38-43c8-be19-a4a6386de417} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr (Trojan.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{cc7a758b-8ca3-4fb5-987d-f6147daa28c6} (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc7a758b-8ca3-4fb5-987d-f6147daa28c6} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\atfxqogp.bxpr (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\atfxqogp.toolbar.1 (Trojan.FakeAlert) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysSetup (Trojan.Clicker) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ChkSetup (Trojan.Clicker) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\KernelAlrt (Trojan.Clicker) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0b9928ca-2b38-43c8-be19-a4a6386de417} (Trojan.Vundo) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vltdfabw (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vregfwlx (Trojan.FakeAlert) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-643-9914694-23737) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (92318-600-9914694-23737) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> No action taken.

    Dossier(s) infecté(s):
    C:\WINDOWS\system32\673351 (Trojan.BHO) -> No action taken.
    C:\WINDOWS\system32\818646 (Trojan.BHO) -> No action taken.

    Fichier(s) infecté(s):
    C:\WINDOWS\Resources\SysSetup.dll (Trojan.Clicker) -> No action taken.
    C:\WINDOWS\Resources\ChkSetup.dll (Trojan.Clicker) -> No action taken.
    C:\WINDOWS\Resources\KernelAlrt.dll (Trojan.Clicker) -> No action taken.
    C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\byXRkkkj.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ddcaayvW.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ddcCULcd.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\geBtQgGA.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\geBtSJdB.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\urqopmLB.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\urqQkjkk.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\xxyaxWMC.dll (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\rbnpsrv.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\khfDvVLC.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\xmpstean.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\boqnrwdmfrp.dll (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\printsrv32.exe (Trojan.Agent) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\User\Local Settings\Temp\nyps4.exe (Trojan.Agent) -> No action taken.
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      salut je voit que ta du monde au balcon commence deja avec sa et tu repostera un rapport http://www.clubic.com/telecharger-fiche25107-vundofix.html
      0
    2. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      la prochaine fois tu fait 1 scan complet pas scan rapide avec malwarbyte
      0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. laYS
     
    on me dit no files were found !!
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      va içi et suis toute les etape bien sur tu scanne on mode sans echec commençe avec sa http://www.spywareinfo.dk/download/mwav.exe
      0
  6. laYS
     
    vundofix ne me trouve rien
    quand au scan détaillé dé malware le voici en mode sans echec

    lwarebytes' Anti-Malware 1.14
    Version de la base de données: 800

    13:08:58 30/05/2008
    mbam-log-5-30-2008 (13-08-58).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 67570
    Temps écoulé: 8 minute(s), 11 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 25
    Valeur(s) du Registre infectée(s): 12
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 28

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{54192079-8e8a-43d8-bcbc-3874916159af} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54192079-8e8a-43d8-bcbc-3874916159af} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{570ee2a3-039b-4e5f-ae6a-d7949f9d356b} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{570ee2a3-039b-4e5f-ae6a-d7949f9d356b} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b9928ca-2b38-43c8-be19-a4a6386de417} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b9928ca-2b38-43c8-be19-a4a6386de417} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bae42be9-6097-4e4c-86be-21dca22cfb22} (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cd97a9d3-3ce3-44d7-8fab-762b02369aa4} (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{df5bd84e-c13f-4b06-8395-f9be408652eb} (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cc7a758b-8ca3-4fb5-987d-f6147daa28c6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc7a758b-8ca3-4fb5-987d-f6147daa28c6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\atfxqogp.bxpr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\atfxqogp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0b9928ca-2b38-43c8-be19-a4a6386de417} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ChkSetup (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\KernelAlrt (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysSetup (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vltdfabw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vregfwlx (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-643-9914694-23737) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (92318-600-9914694-23737) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\WINDOWS\system32\673351 (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\818646 (Trojan.BHO) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\User\Local Settings\Temp\rbnpsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AC779E17-2CCA-455A-8580-37D33B791008}\RP3\A0000010.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Resources\ChkSetup.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\WINDOWS\Resources\KernelAlrt.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\WINDOWS\Resources\SysSetup.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXRkkkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcaayvW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcCULcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\geBtQgGA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\geBtSJdB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqopmLB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqQkjkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxyaxWMC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\khfDvVLC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\xmpstean.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\boqnrwdmfrp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\printsrv32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\BN22.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\nyps4.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    merci encore pour ton aide
    0
  7. laYS
     
    je dois aussi signaler une anomalie au niveau de mon post de travail ou je ne retrouve plus mes disque locaux(c;d)
    j'y accede en executant c :/ dans le menu démarrer
    0
  8. a.M Messages postés 26 Statut Membre
     
    j'ai en effet supprimé les infections trouvées par malware
    je poste le rapport squareed des ke je finis
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      sa va tu debrouille bien on va y'a arriver doucement mais surement
      0
  9. a.M Messages postés 26 Statut Membre
     
    est ce normal que je ne puisse pas me connecter en mode sans echec ( meme si j'ai activé la connexion réseau au démarrage)
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      oui c normal parce-que le mode sans echec ne charge que se quest necessaire pour desinffecter
      0
  10. a.M Messages postés 26 Statut Membre
     
    voici mon rapport a2scan

    Version - a-squared Free 3.5
    Dernière mise à jour : 30/05/2008 14:08:56

    Paramètres des balayages :

    Éléments : Mémoire, Traces, Cookies, C:\, D:\
    Balaye dans les archives : Marche
    Analyse heuristique : Marche
    Balaye dans les ADS : Marche

    Début du balayage : 30/05/2008 14:36:52

    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AlertStyle(0) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AppearOfflineHotKey Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AppearOfflineModifier Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AwayHotKey Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AwayModifier Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> BusyHotKey Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> BusyModifier Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> ClipboardHotKey Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> ClipboardModifier Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> CloseAlert(0) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> elO(0) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> GroupChoice Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> OnlineHotKey Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> OnlineModifier Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> OpenSensitivity(0) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup0 Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup1 Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup10 Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup2 Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup3 Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup4 Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup5 Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup6 Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup7 Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup8 Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup9 Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> RSOTime Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(13) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(2) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(22) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(37) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(44) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(7) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Slider Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Slider1 Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> SpeechSpeed Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> SpeechVolume Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Time_Format Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(1) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(11) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(16) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(6) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(9) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MDLCap Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> Menu1 Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> Menu2 Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(0) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(1) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(2) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(3) Objets détectés : Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> WLMCaption Objets détectés : Trace.Registry.DiscoveryLive
    Key: HKEY_CURRENT_USER\software\install Objets détectés : Trace.Registry.AdClicker
    Value: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run --> ares Objets détectés : Trace.Registry.Ares
    C:\Documents and Settings\User\Cookies\user@advertising[1].txt Objets détectés : Trace.TrackingCookie
    C:\Documents and Settings\User\Cookies\user@atdmt[1].txt Objets détectés : Trace.TrackingCookie
    C:\Documents and Settings\User\Cookies\user@commentcamarche[1].txt Objets détectés : Trace.TrackingCookie
    C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt Objets détectés : Trace.TrackingCookie
    C:\Documents and Settings\User\Cookies\user@specificclick[2].txt Objets détectés : Trace.TrackingCookie

    Analysé

    Fichiers : 45010
    Traces : 182458
    Cookies : 53
    Processus : 12

    Objets trouvés

    Fichiers : 0
    Traces : 53
    Cookies : 5
    Processus : 0
    Clés de Registre : 0

    Fin du balayage : 30/05/2008 14:49:55
    Temps du balayage : 0:13:03

    C:\Documents and Settings\User\Cookies\user@advertising[1].txt Quarantaine Trace.TrackingCookie
    C:\Documents and Settings\User\Cookies\user@atdmt[1].txt Quarantaine Trace.TrackingCookie
    C:\Documents and Settings\User\Cookies\user@commentcamarche[1].txt Quarantaine Trace.TrackingCookie
    C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt Quarantaine Trace.TrackingCookie
    C:\Documents and Settings\User\Cookies\user@specificclick[2].txt Quarantaine Trace.TrackingCookie
    Value: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run --> ares Quarantaine Trace.Registry.Ares
    Key: HKEY_CURRENT_USER\software\install Quarantaine Trace.Registry.AdClicker
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AlertStyle(0) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AppearOfflineHotKey Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AppearOfflineModifier Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AwayHotKey Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AwayModifier Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> BusyHotKey Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> BusyModifier Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> ClipboardHotKey Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> ClipboardModifier Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> CloseAlert(0) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> elO(0) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> GroupChoice Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> OnlineHotKey Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> OnlineModifier Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> OpenSensitivity(0) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup0 Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup1 Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup10 Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup2 Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup3 Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup4 Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup5 Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup6 Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup7 Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup8 Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup9 Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> RSOTime Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(13) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(2) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(22) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(37) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(44) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(7) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Slider Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Slider1 Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> SpeechSpeed Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> SpeechVolume Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Time_Format Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(1) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(11) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(16) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(6) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(9) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MDLCap Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> Menu1 Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> Menu2 Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(0) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(1) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(2) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(3) Quarantaine Trace.Registry.DiscoveryLive
    Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> WLMCaption Quarantaine Trace.Registry.DiscoveryLive

    Quarantaine

    Fichiers : 0
    Traces : 53
    Cookies : 5
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      re kapersky tu le desinstalle le mais avant telecharge antivir et tu fait un scan complet http://www.commentcamarche.net/telecharger/telecharger 55 antivir personal tu le reinstalera plus tard si ton est content
      0
  11. Utilisateur anonyme
     
    Bonjours tout le monde

    suite a la demande en mp de LaYS

    laYS :

    Télécharge HijackThis ici :

    -> https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Post le rapport généré ici stp...
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      salut a toi je te passe la main tu est entre de bonne main avec chiquitine je vous suis on arriere plan et bon courage
      0
      1. a.M Messages postés 26 Statut Membre > benurrr Messages postés 9766 Statut Contributeur sécurité
         
        c'est tres gentil de m'avoir aidé , merci bcp
        0
  12. a.M Messages postés 26 Statut Membre
     
    voici mon resultat hijackthis en attendant de telecharger l'antivirus

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:12:29, on 30/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Documents and Settings\User\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0B9928CA-2B38-43C8-BE19-A4A6386DE417} - (no file)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {41032A04-F693-4D0B-A251-8CF28A2210CC} - C:\WINDOWS\system32\wvUljIaW.dll (file missing)
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
    O2 - BHO: (no name) - {570EE2A3-039B-4E5F-AE6A-D7949F9D356B} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {99972D1B-964E-49EC-92F4-1EB39F4810A5} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {CC7A758B-8CA3-4FB5-987D-F6147DAA28C6} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: atfxqogp - {23649E36-60C6-4433-880A-9DF59FC27342} - C:\WINDOWS\atfxqogp.dll (file missing)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\User\LOCALS~1\Temp\rbnpsrv.exe/r
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: NameServer = 196.20.77.165
    O17 - HKLM\System\CCS\Services\Tcpip\..\{94D9AA5F-2EEF-418B-8646-76AA128D016E}: NameServer = 193.251.169.165 196.20.77.165
    O17 - HKLM\System\CS1\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: NameServer = 196.20.77.165
    O17 - HKLM\System\CS2\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: NameServer = 196.20.77.165
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: ljJDwTKE - ljJDwTKE.dll (file missing)
    O20 - Winlogon Notify: mlJYQGvU - C:\WINDOWS\
    O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\
    O21 - SSODL: SysSetup - {df5bd84e-c13f-4b06-8395-f9be408652eb} - (no file)
    O21 - SSODL: vltdfabw - {75F2813F-E26C-4085-B9D7-8D9EF835579B} - C:\WINDOWS\vltdfabw.dll (file missing)
    O21 - SSODL: vregfwlx - {0449BD2C-CF2A-4CC4-B1B2-49A8DC58AFCF} - C:\WINDOWS\vregfwlx.dll (file missing)
    O21 - SSODL: ChkSetup - {bae42be9-6097-4e4c-86be-21dca22cfb22} - (no file)
    O21 - SSODL: KernelAlrt - {cd97a9d3-3ce3-44d7-8fab-762b02369aa4} - (no file)
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    0
  13. Utilisateur anonyme
     
    laisse l antivirus de coté pour l instant ( d ailleurs le tient est tres bien)

    Télécharge sur le bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
    => Double clic sur SmitfraudFix

    => Choisir Option 1
    => poste le rapport
    0
  14. a.M Messages postés 26 Statut Membre
     
    le lien ne marche pas chez moi ;-( , je vais essayer de le telecharger ailleurs
    0
  15. Utilisateur anonyme
     
    question : t habites en algérie ????
    0
  16. a.M Messages postés 26 Statut Membre
     
    yess!! ca pourrait ne pas marcher chez moi ?
    0
  17. Utilisateur anonyme
     
    si si c était pour savoir au cas ou .....
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      resalut chiquitine t serieux on disant qu'il habite l'algerie
      0
      1. Utilisateur anonyme > benurrr Messages postés 9766 Statut Contributeur sécurité
         
        oui serieux

        regarde le lignes 017 de hijackthis
        0
  18. Utilisateur anonyme
     
    essai ici :

    http://www.revioo.com/download/dld95.html
    0
  19. a.M Messages postés 26 Statut Membre
     
    voila je l'ai eu à une autre adresse
    voici le rapport
    SmitFraudFix v2.323

    Rapport fait à 15:38:27,18, 30/05/2008
    Executé à partir de C:\Documents and Settings\User\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: WAN (PPP/SLIP) Interface
    DNS Server Search Order: 193.251.169.165
    DNS Server Search Order: 196.20.77.165

    Description: Carte Fast Ethernet compatible VIA #2 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 196.20.77.165

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: NameServer=196.20.77.165
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{94D9AA5F-2EEF-418B-8646-76AA128D016E}: NameServer=193.251.169.165 196.20.77.165
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: NameServer=196.20.77.165
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{94D9AA5F-2EEF-418B-8646-76AA128D016E}: NameServer=193.251.169.165 196.20.77.165
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: NameServer=196.20.77.165
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  • 1
  • 2
  • 3