Tazebama

Résolu
HBH Messages postés 19 Date d'inscription   Statut Membre Dernière intervention   -  
 zikass bogana -
Bonjour, j'utilise nod32 , c'est trés eficasse mais je suis infecté par tazebama.dll et nod 32 ne peut rien faire ...
aidez moi s.v.p

63 réponses

Précédent
Réponse 41 / 63
osm2
 
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1087
Windows 5.1.2600 Service Pack 2

13:28:01 26/08/2008
mbam-log-08-26-2008 (13-27-48).txt

Type de recherche: Examen rapide
Eléments examinés: 38429
Temps écoulé: 12 minute(s), 39 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
C:\Documents and Settings\tazebama.dl_ (Worm.Mabezat) -> No action taken.

Module(s) mémoire infecté(s):
C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> No action taken.
C:\WINDOWS\Temp\IcnOvrly.dll (Trojan.FakeAlert) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{ea3775f2-28be-11d3-9c8d-00105a24ed29} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ea3775f2-28be-11d3-9c8d-00105a24ed29} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> No action taken.
C:\WINDOWS\Temp\IcnOvrly.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\FACEBACK1001186.del (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\drivers\NNRRNVZR.SYS.del (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\NUQQOVTR.SYS.del (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm;mmmmmmmmmmmmmmmmmmmmmmmmmmmmm;mmmmmmmmmmmmmmmmmmmmmmmmmmmmmm (Worm.Mabezat) -> No action taken.
C:\Documents and Settings\tazebama.dl_ (Worm.Mabezat) -> No action taken.
C:\Documents and Settings\hook.dl_ (Worm.Mabezat) -> No action taken.
C:\Documents and Settings\Administrateur\Application Data\tazebama\zPharaoh.dat (Worm.Mabezat) -> No action taken.
C:\zPharaoh.exe (Worm.Mabezat) -> No action taken.
0
Réponse 42 / 63
HaytheM
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:50, on 05/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60220
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60220
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60220
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll (file missing)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [poke mp3 cdrom meta] C:\Documents and Settings\All Users.WINDOWS\Application Data\Jump Poll Poke Mp3\View Idol.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [filmchin] C:\DOCUME~1\MAHBOOLR.R\APPLIC~1\ANTEBI~1\file army plan.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: SATARAID5.lnk = C:\Program Files\Silicon Image\3114 SATARAID5\sam.jar
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 43 / 63
papyber Messages postés 6406 Date d'inscription   Statut Contributeur sécurité Dernière intervention   257
 
sujet clos
créer un topic en cliquant sur "nouvelle discussion"
0
Réponse 44 / 63
hic
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:29, on 8/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\helper.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Documents and Settings\hic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\CCleaner\CCleaner.exe
D:\Documents and Settings\tazebama.dl_
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Real\RealPlayer\RecordingManager.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] D:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] D:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SVCHOST] D:\WINDOWS\MDM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows] D:\WINDOWS\system32\helper.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\hic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RemoveIT Pro v7Ent] D:\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe
O4 - HKCU\..\Run: [Shareaza] "D:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] D:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] D:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - S-1-5-18 Startup: Démarrage .exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: RadioTV.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Démarrage .exe (User 'Default user')
O4 - .DEFAULT Startup: RadioTV.exe (User 'Default user')
O4 - .DEFAULT User Startup: Démarrage .exe (User 'Default user')
O4 - .DEFAULT User Startup: FloppyDiskPartion.exe (User 'Default user')
O4 - Global Startup: Démarrage .exe
O4 - Global Startup: Lock Folder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - D:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Unknown owner - D:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe (file missing)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 63
hic
 
VOICI LE RAPPORT merci
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1616
Windows 5.1.2600 Service Pack 2

8/01/2009 2:18:00
mbam-log-2009-01-08 (02-17-45).txt

Type de recherche: Examen complet (D:\|)
Eléments examinés: 116156
Temps écoulé: 1 hour(s), 21 minute(s), 47 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 133

Processus mémoire infecté(s):
D:\Documents and Settings\tazebama.dl_ (Worm.Mabezat) -> No action taken.

Module(s) mémoire infecté(s):
D:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
D:\Program Files\3wPlayer (Trojan.Downloader) -> No action taken.

Fichier(s) infecté(s):
D:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP204\A0119557.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP204\A0119716.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP204\A0119747.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP205\A0120129.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP205\A0120218.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP205\A0120187.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP206\A0120276.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP206\A0120313.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP207\A0121228.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP208\A0121235.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP209\A0122009.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP209\A0122047.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP210\A0122237.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP210\A0123009.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP210\A0123039.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP211\A0123513.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP211\A0123549.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP212\A0129514.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP212\A0129580.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP212\A0131513.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP212\A0130513.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP212\A0130522.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP212\A0131556.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP212\A0131566.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP212\A0131662.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP212\A0132661.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP212\A0132670.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP212\A0133670.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP214\A0135670.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP214\A0135798.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP214\A0135817.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP214\A0135797.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP214\A0135818.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP215\A0136894.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP215\A0136895.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP215\A0137894.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP215\A0137895.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP215\A0135897.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP215\A0138894.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP215\A0138895.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP216\A0139909.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP216\A0138909.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP216\A0138910.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP216\A0139910.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP216\A0139923.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP216\A0139931.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP216\A0139932.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP217\A0139945.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP217\A0139946.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP218\A0140945.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP218\A0140946.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP220\A0140964.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP220\A0140965.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP220\A0141964.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP221\A0142964.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP221\A0142965.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP184\A0077701.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP185\A0082830.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP185\A0083830.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP185\A0085830.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP185\A0086830.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP185\A0087891.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP186\A0090805.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP186\A0090868.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP186\A0091805.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP186\A0091846.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP187\A0093638.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP187\A0094348.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP187\A0094400.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP188\A0094430.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP188\A0094534.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP188\A0094585.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP189\A0099340.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP189\A0101534.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP189\A0101578.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP190\A0107590.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP191\A0109189.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP191\A0109194.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP191\A0109240.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP191\A0110398.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP191\A0110419.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP191\A0111108.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP191\A0111160.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP192\A0115235.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP193\A0115249.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP194\A0115434.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP194\A0115455.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP194\A0115507.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP194\A0115605.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP194\A0115662.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP194\A0115797.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP194\A0115818.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP194\A0115829.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP194\A0116829.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP194\A0116873.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP194\A0117829.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP194\A0117884.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP194\A0118404.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP194\A0118433.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP195\A0118557.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP196\A0118688.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP197\A0118717.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP198\A0118967.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP199\A0118972.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP200\A0119184.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP201\A0119376.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP201\A0119435.dll (Worm.Mabezat) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP201\A0119469.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP202\A0119522.EXE (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8AD25502-D2BF-4376-8619-1B0984CBE12A}\RP203\A0119536.EXE (Trojan.Downloader) -> No action taken.
D:\WINDOWS\system32\helper.exe (Trojan.Agent) -> No action taken.
D:\Documents and Settings\All Users\Application Data\Application Data .exe (Trojan.Lop.H) -> No action taken.
D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\Dr Watson .exe (Trojan.Agent) -> No action taken.
D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\NokiaN73Tools.exe (Trojan.Agent) -> No action taken.
D:\WINDOWS\MDM.EXE (Backdoor.Bot) -> No action taken.
D:\Documents and Settings\tazebama.dl_ (Worm.Mabezat) -> No action taken.
D:\Documents and Settings\hook.dl_ (Worm.Mabezat) -> No action taken.
D:\autorun.inf (Worm.Mabezat) -> No action taken.
D:\zPharaoh.exe (Worm.Mabezat) -> No action taken.
D:\Documents and Settings\All Users\Application Data\Google\Google .exe (Trojan.FakeAlert) -> No action taken.
D:\Documents and Settings\All Users\Application Data\Google\MakeUrOwnFamilyTree.exe (Trojan.FakeAlert) -> No action taken.
D:\Documents and Settings\hic\Application Data\Application Data .exe (Trojan.Lop.H) -> No action taken.
D:\Documents and Settings\Default User\Application Data\Application Data .exe (Trojan.Lop.H) -> No action taken.
D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Temporary Internet Files .exe (Trojan.Agent) -> No action taken.
D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Win98compatibleXP.exe (Trojan.Agent) -> No action taken.
D:\Documents and Settings\SYSTEM\Application Data\tazebama\zPharaoh.dat (Worm.Mabezat) -> No action taken.
D:\Documents and Settings\hic\Application Data\tazebama\zPharaoh.dat (Worm.Mabezat) -> No action taken.
D:\Documents and Settings\Default User\Cookies\Cookies .exe (Fake.Dropped.Malware) -> No action taken.
D:\Documents and Settings\Default User\Cookies\WinrRarSerialInstall.exe (Fake.Dropped.Malware) -> No action taken.
D:\Documents and Settings\hic\Application Data\Google\Google .exe (Trojan.FakeAlert) -> No action taken.
D:\Documents and Settings\hic\Application Data\Google\KasperSky6.0 Key.doc.exe (Trojan.FakeAlert) -> No action taken.
D:\WINDOWS\SVCHOST.INI (Heuristics.Reserved.Word.Exploit) -> No action taken.
0
Réponse 46 / 63
antihack
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:35, on 17/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.ma/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.menara.ma/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1598242F-FD71-4E20-9E35-0D0E33EFC60B}: NameServer = 62.251.231.242 212.217.1.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{1598242F-FD71-4E20-9E35-0D0E33EFC60B}: NameServer = 62.251.231.242 212.217.1.17
0
Réponse 47 / 63
rabah anis
 
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2135
Windows 5.1.2600 Service Pack 2

16/05/2009 11:29:59
mbam-log-2009-05-16 (11-29-54).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 89483
Temps écoulé: 6 minute(s), 33 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
C:\Documents and Settings\tazebama.dl_ (Worm.Mabezat) -> No action taken.

Module(s) mémoire infecté(s):
C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> No action taken.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> No action taken.
C:\Documents and Settings\tazebama.dll.ren (Worm.Mabezat) -> No action taken.
C:\Documents and Settings\tazebama.dl_ (Worm.Mabezat) -> No action taken.
C:\Documents and Settings\hook.dl_ (Worm.Mabezat) -> No action taken.
C:\Documents and Settings\Administrateur\Application Data\tazebama\zPharaoh.dat (Worm.Mabezat) -> No action taken.
C:\autorun.inf (Worm.Mabezat) -> No action taken.
C:\zPharaoh.exe (Worm.Mabezat) -> No action taken.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:32, on 16/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Documents and Settings\tazebama.dl_
C:\Program Files\Trend Micro\HijackThis\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA1E1A84-586C-4F0E-B849-728FA25C7535}: NameServer = 4.2.2.6 4.2.2.5
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 48 / 63
jOxic
 
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2297
Windows 5.1.2600 Service Pack 2

26/06/2009 18:52:17
mbam-log-2009-06-26 (18-52-14).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 117616
Temps écoulé: 19 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> No action taken.
c:\program files\pc-cleaner\Backup (Rogue.PC-Cleaner) -> No action taken.
c:\program files\pc-cleaner\Log (Rogue.PC-Cleaner) -> No action taken.

Fichier(s) infecté(s):
c:\program files\pc-cleaner\PCCleaner.exe (Rogue.PC-Cleaner) -> No action taken.
c:\program files\pc-cleaner\unins000.dat (Rogue.PC-Cleaner) -> No action taken.
c:\program files\pc-cleaner\unins000.exe (Rogue.PC-Cleaner) -> No action taken.
C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> No action taken.
C:\autorun.inf (Worm.Mabezat) -> No action taken.
C:\zPharaoh.exe (Worm.Mabezat) -> No action taken.
c:\documents and settings\sidi mohammed\Bureau\PC-Cleaner_1.0.Patch.bagie.tPORt.zip (Rogue.PC-Cleaner) -> No action taken.
0
Réponse 49 / 63
athomforce Messages postés 45 Date d'inscription   Statut Membre Dernière intervention   64
 
bonjour,

j'ai un probleme d'ouverture de regedit.exe et taskmgr.exe et je ne sais pas si tazemba qui le responsable de cette catastrophe ou d'autre virus
donc j'ai analyse mon pc par Hijackthis comme vous l'avez demande et voilà le rapport que j'ai eu:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:13:54, on 13/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hvey.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fhbdv.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxuued.exe
E:\Ahead\Néro\Nero ControlCenter 4\ncc.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Multi-Boot Recovery and boot cd\multi boot\BOOTCD\WINTOOLS\AUTORUN.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HIJACK.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\TEMP\VRTAC.tmp
C:\WINDOWS\TEMP\VRTAD.tmp
C:\WINDOWS\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2700C1B9-1A61-4ACA-9BF0-BA7A0F95C4CC}: NameServer = 62.251.229.237 62.251.229.223
O17 - HKLM\System\CS1\Services\Tcpip\..\{2700C1B9-1A61-4ACA-9BF0-BA7A0F95C4CC}: NameServer = 62.251.229.237 62.251.229.223
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0
Réponse 50 / 63
A LAIDE
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:50:26, on 04/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RegCure\RegCure.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Documents and Settings\Administrateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\f5e130584527e4a78dce0e643217\update\update.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Uniblue\RegistryBooster 2009\RegistryBooster.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Administrateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UniblueRegistryBooster] C:\Program Files\Uniblue\RegistryBooster 2009\RegistryBooster.exe -minimize
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
0
Réponse 51 / 63
kamel
 
salut tt le monde voila le rapport alors dis moi c que je dois faire mnt papyber ^^ é merci d'avance :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:29:50, on 19/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\kamelovishe\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\kamelovishe\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C83174CB-C13B-425A-B935-2C996FA339E1}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
0
Réponse 52 / 63
atlantis21 Messages postés 35 Date d'inscription   Statut Membre Dernière intervention  
 
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3703
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

13/02/2010 18:36:27
mbam-log-2010-02-13 (18-36-20).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 153893
Temps écoulé: 1 hour(s), 8 minute(s), 47 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 31

Processus mémoire infecté(s):
C:\Documents and Settings\tazebama.dl_ (Worm.Mabezat) -> No action taken.

Module(s) mémoire infecté(s):
C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> No action taken.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> No action taken.
C:\Documents and Settings\mohamed\Bureau\Super Fast Shutdown\shutdown.exe (HackTool.Shutdown) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP46\A0009777.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP47\A0009945.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP47\A0010453.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP47\A0011453.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP48\A0011650.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP48\A0012650.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP48\A0013262.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP49\A0014262.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP49\A0014579.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP49\A0014808.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP50\A0015805.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP50\A0016095.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP51\A0016804.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP51\A0017803.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP52\A0017948.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP52\A0017944.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP52\A0020898.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP56\A0021197.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP56\A0021581.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP58\A0022589.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP59\A0022809.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP59\A0022912.dll (Worm.Mabezat) -> No action taken.
C:\System Volume Information\_restore{A4BBF58B-DA7E-439A-A12C-0BFEC0C7165A}\RP59\A0023912.dll (Worm.Mabezat) -> No action taken.
C:\Documents and Settings\mohamed\Application Data\tazebama\zPharaoh.dat (Worm.Mabezat) -> No action taken.
C:\Documents and Settings\SYSTEM\Application Data\tazebama\zPharaoh.dat (Worm.Mabezat) -> No action taken.
C:\Documents and Settings\hook.dl_ (Worm.Mabezat) -> No action taken.
C:\Documents and Settings\tazebama.dl_ (Worm.Mabezat) -> No action taken.
C:\autorun.inf (Worm.Mabezat) -> No action taken.
C:\zPharaoh.exe (Worm.Mabezat) -> No action taken.
0
Réponse 53 / 63
atlantis21 Messages postés 35 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:10, on 13/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Menara\dslmon.exe
C:\Documents and Settings\tazebama.dl_
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.menara.ma/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Autorun-inf.lnk = C:\Program Files\Prg Chris\Anti-Autorun.inf\Anti-Autorun.inf.exe
O4 - Startup: _uninstall_setup_9.0.0.722_10.01.2010_15-21.bat
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_2_0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37F398C8-0B0E-4AD3-A231-3892785B6457}: NameServer = 62.251.229.223 62.251.229.237
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
0
Réponse 54 / 63
atlantis21 Messages postés 35 Date d'inscription   Statut Membre Dernière intervention  
 
pour moi j'ai essyer un scan avec avg 9.0 et tout est disparu
0
Réponse 55 / 63
maddd
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:23:35, on 17/04/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Unlocker\Unlocker.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\glalel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\winver.exe
C:\Documents and Settings\tazebama.dl_
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E1D1490-F29F-4572-9075-FFD35AAEEB30}: NameServer = 62.251.229.223 62.251.229.237
0
Réponse 56 / 63
maddd
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:35:14, on 17/04/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Unlocker\Unlocker.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\glalel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\winver.exe
C:\Documents and Settings\tazebama.dl_
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E1D1490-F29F-4572-9075-FFD35AAEEB30}: NameServer = 62.251.229.223 62.251.229.237
0
Réponse 57 / 63
skitiwi
 
salut tt le monde, g un TAZEBAMA et un HOOK sur mon PC. j'ai effectué un scan avec COMBOFIX mais il n'arrive pas à les supprimer. Voici le RApport de scan. HELP!!!:


ComboFix 10-04-18.04 - skitiwi 19/04/2010 23:59:05.4.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.535 [GMT 0:00]
Lancé depuis: d:\documents and settings\skitiwi\Mes documents\Téléchargements\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\zPharaoh.exe
D:\autorun.inf
d:\documents and settings.\hook.dl_
d:\documents and settings.\tazebama.dl_
d:\documents and settings.\tazebama.dll
d:\documents and settings\skitiwi\Application Data\msn.exe
d:\documents and settings\skitiwi\Application Data\tazebama
d:\documents and settings\skitiwi\Application Data\tazebama\tazebama.log
d:\documents and settings\skitiwi\Application Data\tazebama\zPharaoh.dat
d:\windows\system32\winxp.exe
D:\zPharaoh.exe
d:\documents and settings.\hook.dl_ . . . . impossible à supprimer
d:\documents and settings.\tazebama.dl_ . . . . impossible à supprimer
d:\documents and settings.\tazebama.dll . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-20 au 2010-04-20 ))))))))))))))))))))))))))))))))))))
.

2010-04-20 00:16 . 2010-04-20 00:18 155531 --sh--r- D:\zPharaoh.exe
2010-04-20 00:16 . 2010-04-20 00:18 -------- d-----w- d:\documents and settings\skitiwi\Application Data\tazebama
2010-04-19 17:09 . 2010-04-19 17:09 -------- d-----w- d:\windows\Sun
2010-04-19 17:06 . 2010-04-19 17:06 -------- d-----w- d:\program files\Fichiers communs\Java
2010-04-19 17:06 . 2010-04-19 17:06 503808 ----a-w- d:\documents and settings\skitiwi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46c81c77-n\msvcp71.dll
2010-04-19 17:06 . 2010-04-19 17:06 499712 ----a-w- d:\documents and settings\skitiwi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46c81c77-n\jmc.dll
2010-04-19 17:06 . 2010-04-19 17:06 348160 ----a-w- d:\documents and settings\skitiwi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46c81c77-n\msvcr71.dll
2010-04-19 17:06 . 2010-04-19 17:06 61440 ----a-w- d:\documents and settings\skitiwi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6801415c-n\decora-sse.dll
2010-04-19 17:06 . 2010-04-19 17:06 12800 ----a-w- d:\documents and settings\skitiwi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6801415c-n\decora-d3d.dll
2010-04-19 17:05 . 2010-04-19 17:05 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-04-19 17:05 . 2010-04-19 17:05 -------- d-----w- d:\program files\Java
2010-04-19 16:50 . 2010-04-20 00:16 32768 ----a-w- d:\documents and settings\tazebama.dll
2010-04-19 15:14 . 2008-09-26 18:01 621056 ----a-w- d:\windows\system32\drivers\mod7700.sys
2010-04-19 15:14 . 2008-09-26 18:01 113664 ----a-w- d:\windows\system32\drivers\ewusbnet.sys
2010-04-19 15:14 . 2008-09-26 18:01 101376 ----a-w- d:\windows\system32\drivers\ewusbmdm.sys
2010-04-19 15:14 . 2008-09-26 18:00 24448 ----a-w- d:\windows\system32\drivers\ewdcsc.sys
2010-04-19 14:38 . 2004-08-05 12:00 46592 -c--a-w- d:\windows\system32\dllcache\svcext51.dll
2010-04-19 14:37 . 2004-08-05 12:00 229439 -c--a-w- d:\windows\system32\dllcache\multibox.dll
2010-04-19 14:36 . 2004-08-05 12:00 10129408 -c--a-w- d:\windows\system32\dllcache\hwxkor.dll
2010-04-19 14:35 . 2004-08-05 12:00 24064 -c--a-w- d:\windows\system32\dllcache\compfilt.dll
2010-04-19 14:34 . 2004-08-05 12:00 68608 -c--a-w- d:\windows\system32\dllcache\isatq.dll
2010-04-19 14:31 . 2004-08-05 12:00 16384 -c--a-w- d:\windows\system32\dllcache\isignup.exe
2010-04-19 13:45 . 2004-08-05 12:00 24661 -c--a-w- d:\windows\system32\dllcache\spxcoins.dll
2010-04-19 13:45 . 2004-08-05 12:00 24661 ----a-w- d:\windows\system32\spxcoins.dll
2010-04-19 13:45 . 2004-08-05 12:00 13312 -c--a-w- d:\windows\system32\dllcache\irclass.dll
2010-04-19 13:45 . 2004-08-05 12:00 13312 ----a-w- d:\windows\system32\irclass.dll
2010-04-17 21:44 . 2010-04-17 21:44 -------- d-----w- d:\program files\SuperCopier
2010-04-16 18:44 . 2008-11-26 17:21 1236208 ----a-w- d:\windows\system32\aswBoot.exe
2010-04-06 20:53 . 2010-04-16 17:40 -------- d-----w- d:\documents and settings\All Users\Application Data\Alwil Software
2010-04-06 17:16 . 2010-04-19 21:56 664 ----a-w- d:\windows\system32\d3d9caps.dat
2010-04-06 16:11 . 2010-04-19 15:14 -------- d-----w- d:\program files\Internet Mobile+
2010-04-05 20:15 . 2010-04-09 14:04 -------- d-----w- d:\documents and settings\skitiwi\Local Settings\Application Data\Temp
2010-04-05 20:14 . 2010-04-09 14:02 -------- d-----w- d:\documents and settings\skitiwi\Local Settings\Application Data\Google
2010-04-05 12:07 . 2010-04-05 12:07 -------- d-----w- d:\program files\MSECache
2010-04-03 22:23 . 2010-04-19 16:55 -------- d-----w- d:\documents and settings\skitiwi\Application Data\vlc
2010-04-03 21:39 . 2010-04-19 16:51 2081503 ----a-w- d:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-04-03 21:15 . 2010-04-03 21:15 -------- d-----w- d:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-04-03 21:15 . 2010-04-03 21:15 -------- d-----w- d:\documents and settings\All Users\Application Data\McAfee
2010-04-03 21:15 . 2010-04-06 21:47 -------- d-----w- d:\program files\McAfee Security Scan
2010-04-03 21:14 . 2010-04-19 16:51 1182519 ----a-w- d:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-04-03 21:14 . 2010-04-04 12:20 -------- d-----w- d:\documents and settings\All Users\Application Data\NOS
2010-04-03 16:48 . 2010-04-03 16:48 -------- d-----w- d:\program files\Microsoft
2010-04-03 16:47 . 2010-04-03 16:48 -------- d-----w- d:\program files\Windows Live
2010-04-03 16:09 . 2006-10-26 19:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-03 16:09 . 2006-10-26 19:56 32592 ----a-w- d:\windows\system32\msonpmon.dll
2010-04-03 16:08 . 2010-04-03 16:08 -------- d-----w- d:\program files\Microsoft Works
2010-04-03 16:07 . 2010-04-03 16:07 -------- d-----w- d:\program files\MSBuild
2010-04-03 16:03 . 2010-04-03 16:07 -------- d--h--w- d:\windows\ShellNew
2010-04-03 16:02 . 2010-04-03 16:02 -------- d-----w- d:\documents and settings\skitiwi\Local Settings\Application Data\Microsoft Help
2010-04-03 16:02 . 2010-04-05 12:06 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-03 16:02 . 2010-04-03 16:02 -------- d-----r- D:\MSOCache
2010-04-03 15:31 . 2010-04-20 00:16 -------- d-----w- d:\documents and settings\skitiwi\Tracing
2010-04-03 15:30 . 2010-04-03 15:30 -------- d-----w- d:\program files\Windows Live SkyDrive
2010-04-03 15:18 . 2010-04-03 15:18 -------- d-----w- d:\program files\MagicISO
2010-04-03 15:17 . 2010-04-07 11:29 -------- d-----w- d:\documents and settings\skitiwi\Local Settings\Application Data\Adobe
2010-04-03 14:49 . 2010-04-03 14:49 -------- d-----w- d:\program files\Fichiers communs\Adobe
2010-04-03 14:48 . 2010-04-03 14:48 -------- d-----w- d:\program files\VideoLAN
2010-04-03 14:22 . 2010-04-03 14:22 -------- d-----w- d:\program files\Fichiers communs\Windows Live
2010-04-03 13:44 . 2010-04-03 13:44 -------- d-----w- d:\program files\ltmoh
2010-04-03 13:44 . 2005-05-03 13:10 68096 ----a-w- d:\windows\agrsmdel.exe
2010-04-03 13:44 . 2010-04-03 13:44 -------- d-----w- d:\windows\Options
2010-04-03 13:42 . 2010-04-19 16:51 267119 ----a-w- d:\windows\system32\cselect.exe
2010-04-03 13:42 . 2005-10-15 15:29 88203 ----a-w- d:\windows\agrsmmsg.exe
2010-04-03 13:42 . 2003-12-05 01:48 77824 ----a-w- d:\windows\system32\tosmreg.exe
2010-04-03 13:42 . 2003-10-31 19:59 45056 ----a-w- d:\windows\system32\csellang.dll
2010-04-03 13:42 . 2005-11-15 18:00 1122656 ----a-w- d:\windows\system32\drivers\AGRSM.sys
2010-04-03 13:34 . 2010-04-19 23:31 -------- d--h--w- d:\windows\$hf_mig$
2010-04-03 13:33 . 2010-04-03 13:33 81920 ----a-w- d:\windows\ALCFDRTM.EXE
2010-04-03 13:14 . 2010-04-19 15:03 68464 ----a-w- d:\documents and settings\skitiwi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-03 13:06 . 2010-04-03 13:06 -------- d-----w- d:\windows\system32\Lang

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 14:50 . 2004-08-05 12:00 71686 ----a-w- d:\windows\system32\perfc00C.dat
2010-04-19 14:50 . 2004-08-05 12:00 458886 ----a-w- d:\windows\system32\perfh00C.dat
2010-04-19 14:30 . 2010-04-03 12:18 23032 ----a-w- d:\windows\system32\emptyregdb.dat
2010-04-16 18:44 . 2010-04-06 20:53 -------- d-----w- d:\program files\Alwil Software
2010-04-13 21:06 . 2010-04-03 12:56 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-04-13 21:04 . 2010-04-13 21:04 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-04-09 18:46 . 2010-04-09 14:07 -------- d-----w- d:\program files\MetaTrader - Alpari UK
2010-04-06 21:47 . 2010-04-06 21:47 -------- d-----w- d:\documents and settings\LocalService\Application Data\McAfee
2010-04-04 14:11 . 2010-04-03 12:21 86331 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-03 15:17 . 2010-04-03 12:56 -------- d-----w- d:\program files\Fichiers communs\InstallShield
2010-04-03 12:58 . 2010-04-03 12:58 663552 ----a-w- d:\windows\system32\NETw5c32.dll
2010-04-03 12:58 . 2010-04-03 12:58 4202496 ----a-w- d:\windows\system32\drivers\NETw5x32.sys
2010-04-03 12:58 . 2010-04-03 12:58 2756608 ----a-w- d:\windows\system32\NETw5r32.dll
2010-04-03 12:58 . 2010-04-03 12:58 0 ----a-w- d:\windows\nsreg.dat
2010-04-03 12:56 . 2010-04-03 12:56 -------- d-----w- d:\program files\Realtek
2010-04-03 12:55 . 2010-04-03 12:56 86016 ----a-w- d:\windows\SoundMan.exe
2010-04-03 12:55 . 2010-04-03 12:56 364544 ----a-w- d:\windows\RtlUpd.exe
2010-04-03 12:55 . 2010-04-03 12:56 9709568 ----a-w- d:\windows\RTLCPL.exe
2010-04-03 12:55 . 2010-04-03 12:56 4271616 ----a-w- d:\windows\system32\drivers\RtkHDAud.sys
2010-04-03 12:55 . 2010-04-03 12:56 16206848 ----a-w- d:\windows\RTHDCPL.exe
2010-04-03 12:55 . 2010-04-03 12:56 69632 ----a-w- d:\windows\Alcmtr.exe
2010-04-03 12:55 . 2010-04-03 12:56 2808832 ----a-w- d:\windows\alcwzrd.exe
2010-04-03 12:55 . 2010-04-03 12:56 2158592 ----a-w- d:\windows\MicCal.exe
2010-04-03 12:55 . 2010-04-03 12:57 176 ----a-w- d:\windows\system32\drivers\RTHDAEQ1.dat
2010-04-03 12:55 . 2010-04-03 12:57 176 ----a-w- d:\windows\system32\drivers\RTHDAEQ0.dat
2010-04-03 12:55 . 2010-04-03 12:57 40960 ----a-w- d:\windows\system32\ChCfg.exe
2010-04-03 12:31 . 2010-04-03 12:31 -------- d-----w- d:\program files\HSDPA USB MODEM
2010-04-03 12:22 . 2010-04-03 12:22 -------- d-----w- d:\program files\microsoft frontpage
2010-04-03 12:20 . 2010-04-03 12:20 -------- d-----w- d:\program files\Services en ligne
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-19 4040383]
"Google Update"="d:\documents and settings\skitiwi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-19 292703]
"SuperCopier.exe"="d:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="d:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="d:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-04-19 1109295]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-03 16206848]
"SunJavaUpdateSched"="d:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-04-19 404567]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="d:\windows\system32\tscupgrd.exe" [2004-08-05 44544]

d:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
McAfee Security Scan Plus.lnk - d:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;d:\windows\system32\drivers\cmusbser.sys [03/04/2010 12:31 97408]
.
Contenu du dossier 'Tâches planifiées'

2010-04-18 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-115176313-725345543-1003Core.job
- d:\documents and settings\skitiwi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-09 16:56]

2010-04-19 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-115176313-725345543-1003UA.job
- d:\documents and settings\skitiwi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-09 16:56]
.
.
------- Examen supplémentaire -------
.
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {BD73D52F-2C8D-498A-9E90-EC8C55648D81} = 154.15.199.142 8.8.8.8
FF - ProfilePath - d:\documents and settings\skitiwi\Application Data\Mozilla\Firefox\Profiles\vgimt42x.default\
FF - plugin: d:\documents and settings\skitiwi\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- PARAMETRES FIREFOX ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-explo - d:\documents and settings\skitiwi\Application Data\msn.exe
HKLM-Run-regdiit - d:\windows\system32\winxp.exe
ActiveSetup-{14DY8H0U-61A8-2HPH-7865-156WH8P06461} - d:\documents and settings\skitiwi\Application Data\msn.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 00:17
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2860)
d:\windows\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\wbem\wmiapsrv.exe
d:\windows\AGRSMMSG.exe
d:\windows\RTHDCPL.EXE
d:\documents and settings\tazebama.dl_
.
**************************************************************************
.
Heure de fin: 2010-04-20 00:23:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-20 00:23
ComboFix2.txt 2010-04-03 15:13

Avant-CF: 31 798 509 568 octets libres
Après-CF: 32 699 805 696 octets libres

- - End Of File - - 3F94FE516A05188C0676989D8DEB7B5A
0
Réponse 58 / 63
mordjana
 
je t'es suivi et voici le rapport que j'ai trouvé:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:04, on 26/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\bendellali\Mes documents\Spycheck\Spycheck AntiSpyware\spycheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\bendellali\Mes documents\Téléchargements\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.gdark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.gdark.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.gdark.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.gdark.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.gdark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.gdark.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O17 - HKLM\System\CCS\Services\Tcpip\..\{B80800C6-7EA6-416A-95A2-0AAC2DDC75D8}: NameServer = 208.67.222.222 194.2.0.50
0
Réponse 59 / 63
babounedadi Messages postés 1 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:39:06, on 04/07/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Internet Mobile+\Internet Mobile+.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O8 - Extra context menu item: Tout télécharger avec BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_1_0_3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E6A6FF8-5ECD-4E45-80E4-BD60899DF78F}: NameServer = 154.15.199.142 8.8.8.8
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
0
Réponse 60 / 63
dedo
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:42:26, on 07/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\IObit\Advanced SystemCare 3\AutoSweep.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\HSPA USB MODEM\ModemListener.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\DeviceHelper\DeviceManager.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windxbgua.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS.0\system32\taskmgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\tazebama.dl_
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS.0\system32\ntvdm.exe
C:\WINDOWS.0\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrateur\Mes documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par 01net.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {7757CBCC-0975-4b79-A519-90B142CA3A23} - C:\Program Files\IObitBar\toolbar\1.bin\i0SrcAs.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Toolbar BHO - {EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Program Files\IObitBar\toolbar\1.bin\i0bar.dll
O3 - Toolbar: IObit Toolbar - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Program Files\IObitBar\toolbar\1.bin\i0bar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [ModemListener] C:\Program Files\HSPA USB MODEM\ModemListener.exe start
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Rechercher - http://edits.myway.com/...
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: DeviceManager - Unknown owner - C:\Program Files\Fichiers communs\DeviceHelper\DeviceManager.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IObit Toolbar Service (IObitBarService) - IObit - C:\PROGRA~1\IObitBar\toolbar\1.bin\i0barsvc.exe
0
dedo
 
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Version de la base de données: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/12/2010 01:40:46
mbam-log-2010-12-07 (01-39-59).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 241966
Temps écoulé: 41 minute(s), 27 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 88

Processus mémoire infecté(s):
c:\documents and settings\tazebama.dl_ (Worm.Mabezat) -> 3020 -> No action taken.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Documents and Settings\Administrateur\Local Settings\Temp\windxbgua.exe (Backdoor.Agent) -> No action taken.
c:\documents and settings\tazebama.dll1 (Worm.Mabezat) -> No action taken.
c:\documents and settings\admin\yeawl.exe (Heuristics.Shuriken) -> No action taken.
c:\documents and settings\admin\Bureau\~$vis pc chp mediatgb.doc .exe (Trojan.Extension.Exploit) -> No action taken.
c:\documents and settings\admin\Bureau\devis pc chp mediatgb.doc .exe (Trojan.Extension.Exploit) -> No action taken.
c:\documents and settings\administrateur\local settings\Temp\wf6f7a.exe (Backdoor.Agent) -> No action taken.
d:\USB\bon de livraison mci novembre 2010 (2).doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\USB\facture mci novembre 2010 (2).doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\2007.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\bordereau d²envoi-cheque.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\bordereau-cheque.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\ind 2006.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\indemnité de caisse.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\quittanciers 2008.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\royaume du maroc modèle n.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\z06.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\z07.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\Bureau\2007.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\Bureau\bordereau d²envoi-cheque.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\Bureau\bordereau-cheque.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\Bureau\ind 2006.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\Bureau\indemnité de caisse.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\Bureau\quittanciers 2008.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\anlyse des indicateurs de processus.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\avis d'appel d'offre.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\b.c.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\bon.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\centre hospitalier préfectoral.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\delegation.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\doc3.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\effectif du personnel.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\quittus reglement le 18.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\rapport.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\royaume du maroc.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\cheque versse au tresor.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\commentaire.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\complications et deces maternels.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\complications et deces neonatals.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\etat de produits.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\evaluation ressources 98à2003.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\ind 2006.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\koulil ismail.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\platre.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\preparation au plan de secours.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\remarques au sujet.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\royaume du maro1.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\royaume du maroc mohammedi1.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\royaume du maroc mohammedia.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\situation des recettes.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\zahhh.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\nazha\~$d 2006.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\avis d'appel d'offre.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\doc1.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\définition.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\effectif du personnel.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\etat de produits.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\platre.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\preparation au plan de secours.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\quittus reglement le 18.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\remarques au sujet.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\royaume du maro1.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\royaume du maroc mohammedi1.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\royaume du maroc mohammedia.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\royaume du maroc.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\stratégie nationale de lutte contre.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\tabac3 pk.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\stuation des marches.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\tabac1 cons.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\tabac2 fem.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\tabac4 statis.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\zahra\regie\transmission du virus.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\devis reseau\devis biomedical 2010 de sante.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\devis reseau\devis biomedical 2010 de sante_2.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\devis reseau\devis mci novembre 2010 (2).doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\devis reseau\devis mci novembre 2010 (2)[1].doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\devis reseau\devis pc chp mediatgb.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\DEVIS PC\devis mci novembre 2010 (2)[1]_2.doc .exe (Trojan.Extension.Exploit) -> No action taken.
d:\DEVIS PC\tilalsolution[1]444.doc .exe (Trojan.Extension.Exploit) -> No action taken.
c:\documents and settings\admin\application data\addons.dat (Bifrose.Trace) -> No action taken.
c:\documents and settings\admin\application data\tazebama\zPharaoh.dat (Worm.Mabezat) -> No action taken.
c:\documents and settings\administrateur\application data\tazebama\zPharaoh.dat (Worm.Mabezat) -> No action taken.
c:\documents and settings\SYSTEM\application data\tazebama\zPharaoh.dat (Worm.Mabezat) -> No action taken.
c:\documents and settings\hook.dl_ (Worm.Mabezat) -> No action taken.
c:\documents and settings\tazebama.dl_ (Worm.Mabezat) -> No action taken.
c:\documents and settings\tazebama.dll (Worm.Mabezat) -> No action taken.
c:\program files\MSN\MSN.exe (Trojan.Agent) -> No action taken.
c:\zPharaoh.exe (Worm.Mabezat) -> No action taken.
0