Aidez moi svp Trojan horse Dropper.Agent.IIP

-Lin- -  
 -Lin- -
Bonjour,
J'ai un Trojan horse Dropper.Agent.IIP
et je ne sais pas comment m'en débarrasser
j'ai AVG Free
merci d'avance a ceux qui pourrons me donner quelque conseil et m'aider
Configuration: Windows XP
Firefox 2.0.0.14

78 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Un cheval de Troie Dropper.Agent.IIP infecte un système Windows XP et Firefox et la discussion porte sur les méthodes pour s'en débarrasser, avec AVG Free comme antivirus de base. La recommandation principale est d'exécuter une analyse complète avec Malwarebytes Anti-Malware et de supprimer les éléments détectés, puis de vérifier le rapport final pour assurer l'élimination du dropped payload. D'autres pistes utiles incluent l'utilisation de ComboFix avec un fichier CFScript et l'examen des rapports, tout en restant prudent et en évitant des manipulations risquées sans guide. En cas d'infection persistante, vérifier les paramètres de sécurité et envisager un nettoyage hors ligne, car des composants peuvent persister même après un premier passage, et les scénarios varient selon l'état du système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    Bonjour,

    Télécharge HijackThis
    http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    Installe le à la racine de ton disque dur
    Lance HijackThis en double-cliquant sur l'icône HijackThis
    Clique sur Do a system Scan only and Save a Logfile
    Un rapport sera généré dans le bloc-note (le rapport est également situé ici : C:\hijackthis.log)
    Copie/colle le rapport dans ton prochain message.
    0
    1. -Lin-
       
      Mais quand tu dis "a la racine de ton disque dur" c'est a dire ? par defaut ?
      0
  2. Utilisateur anonyme
     
    Ok, j'attends le rapport alors.
    0
  3. Utilisateur anonyme
     
    L'endroit (à la racine du DD ou par défaut) importe peu, ce qu'il faut c'est qu'il ne soit pas dans un dossier temp par exemple.

    Par défaut ce doit être, C:\Program Files\TrendMicro\HijackThis\HijackThis
    Donc c'est bon oui
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. -Lin-
     
    Voila le rapport :

    Running processes:
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Aspire Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\D-Link\D-Link Wireless G DWA-610\AirGCFG.exe
    D:\Logiciels\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Logiciels\Program Files\ICQ 6\ICQ6\ICQ.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: ContextProgram - {E4D1D56C-3EC9-2F5D-FAA3-4112CCDD61DC} - C:\Program Files\ContextProgram\ContextProgram-2.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-610] C:\Program Files\D-Link\D-Link Wireless G DWA-610\AirGCFG.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Logiciels\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "D:\Logiciels\Program Files\Msn\Msn 2008\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ICQ] "D:\Logiciels\Program Files\ICQ 6\ICQ6\ICQ.exe" silent
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Logiciels\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Logiciels\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Logiciels\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Logiciels\Program Files\ICQ 6\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Logiciels\Program Files\ICQ 6\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecorporate.com/bin/tol9inst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    0
  6. Utilisateur anonyme
     
    # Télécharge GenProc sur ton bureau
    http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
    # Dézippe-le (clique-droit > Extraire ici)
    # Ouvre le nouveau dossier crée et clique sur genproc.bat
    # Copie/colle le rapport
    Aide en images :
    http://www.alt-shift-return.org/Info/GenProc-HowTo.html
    0
  7. -Lin-
     
    Voila le rapport :

    Rapport GenProc 1.968 [1] effectué le 01/06/2008 à 18:02:31.06 - Windows XP

    # Etape 1/ Télécharge :

    - CCleaner https://www.ccleaner.com/ccleaner/download
    Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

    - rustbfix.exe (ejvindh) http://www.uploads.ejvindh.net/rustbfix.exe et sauvegarde-le sur ton Bureau.

    Double clique sur rustbfix.exe afin de lancer l'outil.
    Si une infection Rustock.b est détectée, une invite t'indiquera qu'il est nécessaire de redémarrer l'ordi. Ce redémarrage pourrait être plus long que d'habitude, et il est possible que deux redémarrages soient requis. Tout cela se fera automatiquement.
    Suite au(x) redémarrage(s), deux rapports s'ouvriront : (C:\avenger.txt & C:\rustbfix\pelog.txt).
    Poste le contenu de ces deux rapports, ainsi qu'un rapport HijackThis http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe
    0
  8. -Lin-
     
    =S euh je suis un peu perdu il faut faire se qu'il y a d'écrit ?
    0
  9. -Lin-
     
    J'ai lancer le 2eme
    mais il me met des messages :
    fatal error : cloud not create services key

    Error code :0
    error logged to errorlog.txt Aborting now

    quesque je doit faire ?
    0
  10. Utilisateur anonyme
     
    On le fera après ça.

    Fais ce que je te demande pour l'instant.
    0
  11. Utilisateur anonyme
     
    Tout dépend le nombre de fichiers à analyser, si tu fais quelque chose d'autres en même temps etc...
    0
  12. -Lin-
     
    voila le rapport :

    Malwarebytes' Anti-Malware 1.14
    Database version: 800

    19:24:07 01/06/2008
    mbam-log-6-1-2008 (19-24-07).txt

    Scan type: Full Scan (C:\|D:\|E:\|F:\|)
    Objects scanned: 114091
    Time elapsed: 43 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 21
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 5
    Files Infected: 18

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\contextprogram.precachebrowserhost (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4c1aff62-c4fb-dc22-f1dd-20f26a27ec12} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{926ea0f6-080a-0778-9569-cac35c7f03b8} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e4d1d56c-3ec9-2f5d-faa3-4112ccdd61dc} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4d1d56c-3ec9-2f5d-faa3-4112ccdd61dc} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\contextprogram.precachebrowserhost.1 (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\contextprogram.browserwatcher (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\contextprogram.browserwatcher.1 (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\contextprogram.pornpro_bho (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\contextprogram.pornpro_bho.1 (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{018fe159-4a56-8237-0211-989634717eb4} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2f560603-a26f-c7e9-5e30-08dba79699c4} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{bf798913-adc2-4304-2b4e-876f60917aab} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{9f009604-ac89-957d-19a5-5815b478e169} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{e2010c89-dc4c-e7bf-aa56-e826b40072a0} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\ContextProgram (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\ContextProgram.DLL (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContextProgram (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\webHancer (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\ContextProgram (AdWare.Agent) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\ContextProgram\ContextProgram-2.dll (AdWare.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\clem\Local Settings\Temp\updC.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\clem\Local Settings\Temp\tem3C.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\clem\Local Settings\Temp\tem40.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\clem\Local Settings\Temp\tem44.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\clem\Local Settings\Temp\upd3.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\wbhshare.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\whieshm.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\ContextProgram\pcre3.dll (AdWare.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\ContextProgram\uninstall.exe (AdWare.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\ContextProgram\ContextProgram.dat (AdWare.Agent) -> Quarantined and deleted successfully.
    0
  13. Utilisateur anonyme
     
    Poste un nouveau rapport HijackThis stp.

    Comment va le PC ?
    0
  • 1
  • 2
  • 3
  • 4