Virus : reported insecure browsing

Résolu
LaYS -  
 albialboalbu -
Bonjour,
j'utilise internet explorer 7.0 et à chaque fois que j'utilise mon navigateur et que je tappe le nom d'un moteur de recherche j'ai ce message d'erreur qui s'affiche
Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register KvmSecure.
We recommend you to protect your PC now and continue safe Internet browsing.
Click here to get full advanced real-time protection and continue browsing.
Continue to this website unprotected (not recommended).

mon fond d'ecran est devenu bleu et il y a un message d'erreur d'ecrit qui dit : warning , spyware detected on your computer
j'ai pourtant kaspersky comme anti virus et j'ai fait une analyse avec spybot
quelqun pourrait il me guider pour l'analyse hijackthis ??
A voir également:

48 réponses

Réponse 1 / 48
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
salut fait un scan complet avec malwarbyte http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware a l'installation tu coche mise a jour et lançement du programme et poste le rapport
0
Réponse 2 / 48
a.M
 
malware est en cour d'execution je posterais le rapport des que je finis
ca ne cesse de s'agraver puisque je ne retrouve plus mes disques locaux et que virus alert est marqué devant l'horloge
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
si sa s'agrave trop tu redemmare on mode sans echec tu desinstalle kapersky que tu reinstallera plus tard s'il te conviend et a la plaçe tu installe antivir http://www.commentcamarche.net/telecharger/telecharger 55 antivir personal et tu fait un scan complet
0
Réponse 3 / 48
laYS
 
voici mon résultat du test malwarebytes



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc7a758b-8ca3-4fb5-987d-f6147daa28c6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\atfxqogp.bxpr (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\atfxqogp.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysSetup (Trojan.Clicker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ChkSetup (Trojan.Clicker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\KernelAlrt (Trojan.Clicker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0b9928ca-2b38-43c8-be19-a4a6386de417} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vltdfabw (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vregfwlx (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-643-9914694-23737) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (92318-600-9914694-23737) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> No action taken.

Dossier(s) infecté(s):
C:\WINDOWS\system32\673351 (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\818646 (Trojan.BHO) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\Resources\SysSetup.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\Resources\ChkSetup.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\Resources\KernelAlrt.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\byXRkkkj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ddcaayvW.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ddcCULcd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\geBtQgGA.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\geBtSJdB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqopmLB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqQkjkk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xxyaxWMC.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\rbnpsrv.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\khfDvVLC.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\xmpstean.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\boqnrwdmfrp.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\printsrv32.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\nyps4.exe (Trojan.Agent) -> No action taken.
0
Réponse 4 / 48
laYS
 
j'ai pas tout copié dsl


Malwarebytes' Anti-Malware 1.14
Version de la base de données: 800

12:12:17 30/05/2008
mbam-log-5-30-2008 (12-12-13).txt

Type de recherche: Examen rapide
Eléments examinés: 53372
Temps écoulé: 10 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 12
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 26

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\Resources\SysSetup.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\Resources\ChkSetup.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\Resources\KernelAlrt.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\boqnrwdmfrp.dll (Trojan.FakeAlert) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{df5bd84e-c13f-4b06-8395-f9be408652eb} (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bae42be9-6097-4e4c-86be-21dca22cfb22} (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cd97a9d3-3ce3-44d7-8fab-762b02369aa4} (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54192079-8e8a-43d8-bcbc-3874916159af} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54192079-8e8a-43d8-bcbc-3874916159af} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{570ee2a3-039b-4e5f-ae6a-d7949f9d356b} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{570ee2a3-039b-4e5f-ae6a-d7949f9d356b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0b9928ca-2b38-43c8-be19-a4a6386de417} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b9928ca-2b38-43c8-be19-a4a6386de417} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cc7a758b-8ca3-4fb5-987d-f6147daa28c6} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc7a758b-8ca3-4fb5-987d-f6147daa28c6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\atfxqogp.bxpr (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\atfxqogp.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysSetup (Trojan.Clicker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ChkSetup (Trojan.Clicker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\KernelAlrt (Trojan.Clicker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0b9928ca-2b38-43c8-be19-a4a6386de417} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vltdfabw (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vregfwlx (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-643-9914694-23737) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (92318-600-9914694-23737) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> No action taken.

Dossier(s) infecté(s):
C:\WINDOWS\system32\673351 (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\818646 (Trojan.BHO) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\Resources\SysSetup.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\Resources\ChkSetup.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\Resources\KernelAlrt.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\byXRkkkj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ddcaayvW.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ddcCULcd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\geBtQgGA.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\geBtSJdB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqopmLB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqQkjkk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xxyaxWMC.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\rbnpsrv.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\khfDvVLC.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\xmpstean.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\boqnrwdmfrp.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\printsrv32.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\nyps4.exe (Trojan.Agent) -> No action taken.
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
salut je voit que ta du monde au balcon commence deja avec sa et tu repostera un rapport http://www.clubic.com/telecharger-fiche25107-vundofix.html
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
la prochaine fois tu fait 1 scan complet pas scan rapide avec malwarbyte
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 48
laYS
 
on me dit no files were found !!
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
va içi et suis toute les etape bien sur tu scanne on mode sans echec commençe avec sa http://www.spywareinfo.dk/download/mwav.exe
0
Réponse 6 / 48
laYS
 
vundofix ne me trouve rien
quand au scan détaillé dé malware le voici en mode sans echec


lwarebytes' Anti-Malware 1.14
Version de la base de données: 800

13:08:58 30/05/2008
mbam-log-5-30-2008 (13-08-58).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 67570
Temps écoulé: 8 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 12
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 28

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54192079-8e8a-43d8-bcbc-3874916159af} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54192079-8e8a-43d8-bcbc-3874916159af} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{570ee2a3-039b-4e5f-ae6a-d7949f9d356b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{570ee2a3-039b-4e5f-ae6a-d7949f9d356b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b9928ca-2b38-43c8-be19-a4a6386de417} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b9928ca-2b38-43c8-be19-a4a6386de417} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bae42be9-6097-4e4c-86be-21dca22cfb22} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cd97a9d3-3ce3-44d7-8fab-762b02369aa4} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df5bd84e-c13f-4b06-8395-f9be408652eb} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc7a758b-8ca3-4fb5-987d-f6147daa28c6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc7a758b-8ca3-4fb5-987d-f6147daa28c6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\atfxqogp.bxpr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\atfxqogp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0b9928ca-2b38-43c8-be19-a4a6386de417} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ChkSetup (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\KernelAlrt (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysSetup (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vltdfabw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vregfwlx (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-643-9914694-23737) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (92318-600-9914694-23737) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\673351 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\818646 (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\User\Local Settings\Temp\rbnpsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC779E17-2CCA-455A-8580-37D33B791008}\RP3\A0000010.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Resources\ChkSetup.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\Resources\KernelAlrt.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\Resources\SysSetup.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXRkkkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcaayvW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCULcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBtQgGA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBtSJdB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqopmLB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqQkjkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyaxWMC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\khfDvVLC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\xmpstean.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\boqnrwdmfrp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\printsrv32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN22.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\nyps4.exe (Trojan.Agent) -> Quarantined and deleted successfully.


merci encore pour ton aide
0
Réponse 7 / 48
laYS
 
je dois aussi signaler une anomalie au niveau de mon post de travail ou je ne retrouve plus mes disque locaux(c;d)
j'y accede en executant c :/ dans le menu démarrer
0
Réponse 8 / 48
laYS
 
up
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
re j'etais sur l'autre becane tu afait suprimer a la fin du scan de malwarbyte sinon refait le scan et suprime les infections et tu suprime se qu'il y'a on quarantaine apres on passe a A-squared http://www.commentcamarche.net/telecharger/telecharger 224 a squared free
0
Réponse 9 / 48
a.M Messages postés 26 Statut Membre
 
j'ai en effet supprimé les infections trouvées par malware
je poste le rapport squareed des ke je finis
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
sa va tu debrouille bien on va y'a arriver doucement mais surement
0
Réponse 10 / 48
a.M Messages postés 26 Statut Membre
 
est ce normal que je ne puisse pas me connecter en mode sans echec ( meme si j'ai activé la connexion réseau au démarrage)
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
oui c normal parce-que le mode sans echec ne charge que se quest necessaire pour desinffecter
0
Réponse 11 / 48
a.M Messages postés 26 Statut Membre
 
voici mon rapport a2scan


Version - a-squared Free 3.5
Dernière mise à jour : 30/05/2008 14:08:56

Paramètres des balayages :

Éléments : Mémoire, Traces, Cookies, C:\, D:\
Balaye dans les archives : Marche
Analyse heuristique : Marche
Balaye dans les ADS : Marche

Début du balayage : 30/05/2008 14:36:52

Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AlertStyle(0) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AppearOfflineHotKey Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AppearOfflineModifier Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AwayHotKey Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AwayModifier Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> BusyHotKey Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> BusyModifier Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> ClipboardHotKey Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> ClipboardModifier Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> CloseAlert(0) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> elO(0) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> GroupChoice Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> OnlineHotKey Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> OnlineModifier Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> OpenSensitivity(0) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup0 Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup1 Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup10 Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup2 Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup3 Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup4 Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup5 Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup6 Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup7 Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup8 Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup9 Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> RSOTime Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(13) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(2) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(22) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(37) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(44) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(7) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Slider Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Slider1 Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> SpeechSpeed Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> SpeechVolume Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Time_Format Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(1) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(11) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(16) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(6) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(9) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MDLCap Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> Menu1 Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> Menu2 Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(0) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(1) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(2) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(3) Objets détectés : Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> WLMCaption Objets détectés : Trace.Registry.DiscoveryLive
Key: HKEY_CURRENT_USER\software\install Objets détectés : Trace.Registry.AdClicker
Value: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run --> ares Objets détectés : Trace.Registry.Ares
C:\Documents and Settings\User\Cookies\user@advertising[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@atdmt[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@commentcamarche[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@specificclick[2].txt Objets détectés : Trace.TrackingCookie

Analysé

Fichiers : 45010
Traces : 182458
Cookies : 53
Processus : 12

Objets trouvés

Fichiers : 0
Traces : 53
Cookies : 5
Processus : 0
Clés de Registre : 0

Fin du balayage : 30/05/2008 14:49:55
Temps du balayage : 0:13:03

C:\Documents and Settings\User\Cookies\user@advertising[1].txt Quarantaine Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@atdmt[1].txt Quarantaine Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@commentcamarche[1].txt Quarantaine Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt Quarantaine Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@specificclick[2].txt Quarantaine Trace.TrackingCookie
Value: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run --> ares Quarantaine Trace.Registry.Ares
Key: HKEY_CURRENT_USER\software\install Quarantaine Trace.Registry.AdClicker
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AlertStyle(0) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AppearOfflineHotKey Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AppearOfflineModifier Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AwayHotKey Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> AwayModifier Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> BusyHotKey Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> BusyModifier Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> ClipboardHotKey Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> ClipboardModifier Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> CloseAlert(0) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> elO(0) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> GroupChoice Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> OnlineHotKey Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> OnlineModifier Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> OpenSensitivity(0) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup0 Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup1 Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup10 Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup2 Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup3 Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup4 Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup5 Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup6 Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup7 Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup8 Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup9 Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> RSOTime Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(13) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(2) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(22) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(37) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(44) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(7) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Slider Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Slider1 Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> SpeechSpeed Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> SpeechVolume Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Time_Format Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(1) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(11) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(16) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(6) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> GlobalSetting(9) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MDLCap Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> Menu1 Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> Menu2 Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(0) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(1) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(2) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> MouseGesture(3) Quarantaine Trace.Registry.DiscoveryLive
Value: HKEY_CURRENT_USER\Software\Matt Holwood\MessengerDiscovery Live --> WLMCaption Quarantaine Trace.Registry.DiscoveryLive

Quarantaine

Fichiers : 0
Traces : 53
Cookies : 5
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
re kapersky tu le desinstalle le mais avant telecharge antivir et tu fait un scan complet http://www.commentcamarche.net/telecharger/telecharger 55 antivir personal tu le reinstalera plus tard si ton est content
0
Réponse 12 / 48
Utilisateur anonyme
 
Bonjours tout le monde

suite a la demande en mp de LaYS


laYS :


Télécharge HijackThis ici :

-> https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
salut a toi je te passe la main tu est entre de bonne main avec chiquitine je vous suis on arriere plan et bon courage
0
a.M Messages postés 26 Statut Membre > benurrr Messages postés 9766 Statut Contributeur sécurité
 
c'est tres gentil de m'avoir aidé , merci bcp
0
Réponse 13 / 48
a.M Messages postés 26 Statut Membre
 
voici mon resultat hijackthis en attendant de telecharger l'antivirus

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:29, on 30/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\User\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B9928CA-2B38-43C8-BE19-A4A6386DE417} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {41032A04-F693-4D0B-A251-8CF28A2210CC} - C:\WINDOWS\system32\wvUljIaW.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
O2 - BHO: (no name) - {570EE2A3-039B-4E5F-AE6A-D7949F9D356B} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {99972D1B-964E-49EC-92F4-1EB39F4810A5} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CC7A758B-8CA3-4FB5-987D-F6147DAA28C6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: atfxqogp - {23649E36-60C6-4433-880A-9DF59FC27342} - C:\WINDOWS\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\User\LOCALS~1\Temp\rbnpsrv.exe/r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: NameServer = 196.20.77.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{94D9AA5F-2EEF-418B-8646-76AA128D016E}: NameServer = 193.251.169.165 196.20.77.165
O17 - HKLM\System\CS1\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: NameServer = 196.20.77.165
O17 - HKLM\System\CS2\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: NameServer = 196.20.77.165
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: ljJDwTKE - ljJDwTKE.dll (file missing)
O20 - Winlogon Notify: mlJYQGvU - C:\WINDOWS\
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\
O21 - SSODL: SysSetup - {df5bd84e-c13f-4b06-8395-f9be408652eb} - (no file)
O21 - SSODL: vltdfabw - {75F2813F-E26C-4085-B9D7-8D9EF835579B} - C:\WINDOWS\vltdfabw.dll (file missing)
O21 - SSODL: vregfwlx - {0449BD2C-CF2A-4CC4-B1B2-49A8DC58AFCF} - C:\WINDOWS\vregfwlx.dll (file missing)
O21 - SSODL: ChkSetup - {bae42be9-6097-4e4c-86be-21dca22cfb22} - (no file)
O21 - SSODL: KernelAlrt - {cd97a9d3-3ce3-44d7-8fab-762b02369aa4} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
0
Réponse 14 / 48
Utilisateur anonyme
 
laisse l antivirus de coté pour l instant ( d ailleurs le tient est tres bien)


Télécharge sur le bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
=> Double clic sur SmitfraudFix

=> Choisir Option 1
=> poste le rapport
0
Réponse 15 / 48
a.M Messages postés 26 Statut Membre
 
le lien ne marche pas chez moi ;-( , je vais essayer de le telecharger ailleurs
0
Réponse 16 / 48
Utilisateur anonyme
 
question : t habites en algérie ????
0
Réponse 17 / 48
a.M Messages postés 26 Statut Membre
 
yess!! ca pourrait ne pas marcher chez moi ?
0
Réponse 18 / 48
Utilisateur anonyme
 
si si c était pour savoir au cas ou .....
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
resalut chiquitine t serieux on disant qu'il habite l'algerie
0
Utilisateur anonyme > benurrr Messages postés 9766 Statut Contributeur sécurité
 
oui serieux

regarde le lignes 017 de hijackthis
0
Réponse 19 / 48
Utilisateur anonyme
 
essai ici :


http://www.revioo.com/download/dld95.html
0
Réponse 20 / 48
a.M Messages postés 26 Statut Membre
 
voila je l'ai eu à une autre adresse
voici le rapport
SmitFraudFix v2.323

Rapport fait à 15:38:27,18, 30/05/2008
Executé à partir de C:\Documents and Settings\User\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 193.251.169.165
DNS Server Search Order: 196.20.77.165

Description: Carte Fast Ethernet compatible VIA #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 196.20.77.165

HKLM\SYSTEM\CCS\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: NameServer=196.20.77.165
HKLM\SYSTEM\CCS\Services\Tcpip\..\{94D9AA5F-2EEF-418B-8646-76AA128D016E}: NameServer=193.251.169.165 196.20.77.165
HKLM\SYSTEM\CS1\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: NameServer=196.20.77.165
HKLM\SYSTEM\CS1\Services\Tcpip\..\{94D9AA5F-2EEF-418B-8646-76AA128D016E}: NameServer=193.251.169.165 196.20.77.165
HKLM\SYSTEM\CS2\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{354995C7-8438-4DD3-960C-59CBA617D681}: NameServer=196.20.77.165
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses