Sujet Précédent Sujet Suivant

PC infecté par Antispyware Master

keg7373 Messages postés 100 Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour à tous,

Voilà j'ai mon PC qui a été infecté par le fameux Antispyware Master.. Je sais que pour commencer il faut faire un scan avec HijackThis, mais ensuite je ne sais pas interpreté l'analyse qu'il fait pour savoir d'où vient l'erreur. Je voulais donc savoir si quelqu'un peut m'aider si je poste mon scan..

Merci d'avance,

Keg.
A voir également:

38 réponses

  • 1
  • 2
Réponse 1 / 38
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

Télécharge hijackthis : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

-une fois installé, le renommer scan.exe
-Double-clic dessus
- Clic sur "Do a system scan and save the log"
- copier le rapport, le coller dans la réponse
0
Réponse 2 / 38
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ensuite :

Option 1 - Recherche :

télécharger smitfraudfix : http://telechargement.zebulon.fr/smitfraudfix.html

Dézipper la totalité de l'archive smitfraudfix.zip.

Double cliquer sur smitfraudfix.cmd
Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

copier/coller le rapport dans la réponse.
0
Réponse 3 / 38
keg7373 Messages postés 100 Statut Membre 7
 
Voilà pour le rapport de HijackThis...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:18, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Documents and Settings\karima\Application Data\F?nts\?ttrib.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\DOCUME~1\karima\APPLIC~1\STEM32~1\javaw.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Documents and Settings\karima\Bureau\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {2f73b0e0-5fef-4ba2-993b-77ef7c168766} - C:\WINDOWS\system32\dcrxif.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {6E35CAC6-840B-4ABA-B5C7-FEF2867FA344} - C:\WINDOWS\system32\byXRjijH.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {9C28EAFB-FF50-4F42-8D39-A006129CC907} - C:\WINDOWS\system32\nnnkLbxu.dll
O2 - BHO: (no name) - {A438B841-24DC-2A28-F73D-71A2E6994CB6} - C:\WINDOWS\system32\krjcw.dll
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [wa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe" -c
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [d481f6ac] rundll32.exe "C:\WINDOWS\system32\bcrkcpan.dll",b
O4 - HKLM\..\Run: [BMd7b2c530] Rundll32.exe "C:\WINDOWS\system32\mlvybjnx.dll",s
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe" -c
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Dkjxtky] "C:\Documents and Settings\karima\Application Data\F?nts\?ttrib.exe"
O4 - HKCU\..\Run: [Heth] "C:\DOCUME~1\karima\APPLIC~1\STEM32~1\javaw.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4} - http://es6-scripts.dlv4.com/binaries/egauth4/egauth4_1052_FR_XP.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer = 192.168.1.1
O20 - Winlogon Notify: nnnkLbxu - C:\WINDOWS\SYSTEM32\nnnkLbxu.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 4 / 38
keg7373 Messages postés 100 Statut Membre 7
 
Et voici pour le rapport de smitfraudfix :

SmitFraudFix v2.328

Rapport fait à 14:18:00,20, 01/07/2008
Executé à partir de C:\Documents and Settings\karima\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\uniq PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\accesss.exe PRESENT !
C:\WINDOWS\astctl32.ocx PRESENT !
C:\WINDOWS\avpcc.dll PRESENT !
C:\WINDOWS\clrssn.exe PRESENT !
C:\WINDOWS\cpan.dll PRESENT !
C:\WINDOWS\default.htm PRESENT !
C:\WINDOWS\iexplorer.exe PRESENT !
C:\WINDOWS\loader.exe PRESENT !
C:\WINDOWS\mtwirl32.dll PRESENT !
C:\WINDOWS\notepad32.exe PRESENT !
C:\WINDOWS\olehelp.exe PRESENT !
C:\WINDOWS\systeem.exe PRESENT !
C:\WINDOWS\systemcritical.exe PRESENT !
C:\WINDOWS\time.exe PRESENT !
C:\WINDOWS\users32.exe PRESENT !
C:\WINDOWS\waol.exe PRESENT !
C:\WINDOWS\win32e.exe PRESENT !
C:\WINDOWS\win64.exe PRESENT !
C:\WINDOWS\winajbm.dll PRESENT !
C:\WINDOWS\window.exe PRESENT !
C:\WINDOWS\winmgnt.exe PRESENT !
C:\WINDOWS\x.exe PRESENT !
C:\WINDOWS\xplugin.dll PRESENT !
C:\WINDOWS\xxxvideo.hta PRESENT !
C:\WINDOWS\y.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\karima

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\karima\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\karima\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuyszv.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 38
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok maintenant :

Option 2 - Nettoyage :

Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage).

Double cliquer sur smitfraudfix.cmd

Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

Redémarrer en mode normal et poster le rapport.

ensuite :

télécharge rogueremover à cette adresse : http://www.malwarebytes.org/rogueremover/free/rr-free-setup.exe

C est un programme en anglais, Si aucune mise à jour n'est disponible le message There are no program updates available apparaît.

Si d'éventuelles mises à jour pour la base de données est disponible, le message There is a newer version of the databases available, please select Download apparaît.
Cliquez sur le bouton OK.

Cliquez sur le bouton Download de la nouvelle fenêtre.

La mise à jour se télécharge et s'installe, une fois terminée, la popup Database update complete apparaît.
Cliquez sur le bouton OK.
Le menu Scan lance un scanne de l'ordinateur

Programs Targeted ouvre la liste des programmes visés par RogueRemover
Exclude List permet d'exclure des programmes à supprimer par RogueRemover
Check for updates à droite permet de mettre à jour le logiciel.

Le scan donne sous forme de liste les éléments néfastes détectés.

Ces derniers sont automatiquement coché.

Il suffit de cliquer sur le bouton Remove Selected pour procéder à la suppression.

Une popup vous demande si vous désirez envoyer le résultat d'analyse à RogueNET. Aucune information personnelle n'est envoyée.
Cliquez sur Yes pour accepter, No pour refuser.

Une fois la suppression effectuée, une fenêtre vous indique qu'un rapport a été généré.
Ce dernier est placé dans le dossier RogueRemover, par défaut C:\Program Files\RogueRemover
Une fois le nettoyage terminé, un rapport va s'ouvrir sur le Bloc-Note.

Copier/coller le rapport dans la réponse

et ensuite :

Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread

= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection

un rapport s'ouvre le copier et le coller dans la réponse

Puis redémarrer le pc !!

Et refais un nouveau rapport hijackthis stp
0
Réponse 6 / 38
keg7373 Messages postés 100 Statut Membre 7
 
Désolé pour le temps que cela a prit, mais voici, comme demandé le 2ème rapport de smitfraudfix :

SmitFraudFix v2.328

Rapport fait à 16:03:34,64, 01/07/2008
Executé à partir de C:\Documents and Settings\karima\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\uniq supprimé
C:\WINDOWS\accesss.exe supprimé
C:\WINDOWS\astctl32.ocx supprimé
C:\WINDOWS\avpcc.dll supprimé
C:\WINDOWS\clrssn.exe supprimé
C:\WINDOWS\cpan.dll supprimé
C:\WINDOWS\default.htm supprimé
C:\WINDOWS\iexplorer.exe supprimé
C:\WINDOWS\loader.exe supprimé
C:\WINDOWS\mtwirl32.dll supprimé
C:\WINDOWS\notepad32.exe supprimé
C:\WINDOWS\olehelp.exe supprimé
C:\WINDOWS\systeem.exe supprimé
C:\WINDOWS\systemcritical.exe supprimé
C:\WINDOWS\time.exe supprimé
C:\WINDOWS\users32.exe supprimé
C:\WINDOWS\waol.exe supprimé
C:\WINDOWS\win32e.exe supprimé
C:\WINDOWS\win64.exe supprimé
C:\WINDOWS\winajbm.dll supprimé
C:\WINDOWS\window.exe supprimé
C:\WINDOWS\winmgnt.exe supprimé
C:\WINDOWS\x.exe supprimé
C:\WINDOWS\xplugin.dll supprimé
C:\WINDOWS\xxxvideo.hta supprimé
C:\WINDOWS\y.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Puis maintenant le rapport de RogueRemover :

Malwarebytes' RogueRemover
Malwarebytes ©2007 https://www.malwarebytes.com/
6246 total fingerprints loaded.

Loading database ...
Expanding environmental variables ...

Scanning files ... [ 100% ].
Scanning folders ... [ 100% ].
Scanning registry keys ... [ 100% ].
Scanning registry values ... [ 100% ].

RogueRemover has detected rogue antispyware components! Results below...

Type: File
Vendor: WinAntiVirus 2006
Location: C:\WINDOWS\system32\av.cpl
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\WINDOWS\system32\stera.job
Selected for removal: Yes

Type: File
Vendor: Rogue.Misc
Location: C:\WINDOWS\loader.exe
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\WinAntiVirus Pro 2007\WinAV.xml
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\WapCHK.dll
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\atl71.dll
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\err.log
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mfc71.dll
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcp71.dll
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcr71.dll
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\SpOrder.dll
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\WAPChk.dll
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\activator_info.txt
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\avtasks.dat
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\CookieList.dat
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\history.db
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\PGE.dat
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\Activate.log
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\trfilter.log
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\update.log
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\CustomerEmail
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\CustomerName
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\OID
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\PCID
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Suspicious
Selected for removal: Yes

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\WinAntiVirus Pro 2007\WinAV.xml
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\WapCHK.dll
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\atl71.dll
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\err.log
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mfc71.dll
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcp71.dll
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcr71.dll
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\SpOrder.dll
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\WAPChk.dll
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\activator_info.txt
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\avtasks.dat
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\CookieList.dat
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\history.db
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\PGE.dat
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\Activate.log
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\trfilter.log
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\update.log
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
Selected for removal: No

Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
Selected for removal: No

Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Program Files\WinAntiVirus Pro 2007
Selected for removal: Yes

Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006
Selected for removal: Yes

Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007
Selected for removal: Yes

Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007
Selected for removal: Yes

Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs
Selected for removal: No

Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
Selected for removal: Yes

Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
Selected for removal: Yes

Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data
Selected for removal: No

Type: Folder
Vendor: WinAntiVirus 2007
Location: C:\Program Files\WinAntiVirus Pro 2007
Selected for removal: No

Type: Folder
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006
Selected for removal: No

Type: Folder
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007
Selected for removal: No

Type: Folder
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007
Selected for removal: No

Type: Folder
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs
Selected for removal: No

Type: Folder
Vendor: AntiSpyStorm
Location: C:\Program Files\AntispyStorm
Selected for removal: Yes

Type: Folder
Vendor: BestsellerAntivirus
Location: C:\Documents and Settings\All Users\Application Data\SalesMonitor
Selected for removal: Yes

Type: Folder
Vendor: AntiSpywareMaster
Location: C:\Program Files\AntiSpywareMaster
Selected for removal: Yes

Type: Registry Key
Vendor: WinAntiVirus 2007
Location: HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2007
Selected for removal: Yes

RogueRemover has found the objects above.

Je fais maintenant la suite que je poste dans quelques instants.
0
Réponse 7 / 38
keg7373 Messages postés 100 Statut Membre 7
 
Et voici le rapport Anti Malware :

Malwarebytes' Anti-Malware 1.19
Version de la base de données: 911
Windows 5.1.2600 Service Pack 2

17:39:27 01/07/2008
mbam-log-7-1-2008 (17-39-17).txt

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|)
Eléments examinés: 271048
Temps écoulé: 50 minute(s), 57 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 51
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 115

Processus mémoire infecté(s):
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\karima\Application Data\??stem32\javaw.exe (Adware.PurityScan) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\bcrkcpan.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byXRjijH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nnnkLbxu.dll (Backdoor.Agent) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f111ecc-2144-45a5-8de3-c1ab096d53b8} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4f111ecc-2144-45a5-8de3-c1ab096d53b8} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\uwap7.pcheck.1 (Rogue.WinAntivirus) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6f520be0-9b54-4558-816f-224e67997df3} (Rogue.WinAntivirus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2a5c2e6d-864b-4f2c-9542-8b272741d78b} (Rogue.WinAntivirus) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{459f4226-1aab-43b6-9dc1-b6313ef83749} (Rogue.WinAntivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{e49a9fcb-faa9-4c1f-a1c1-54920da2cca4} (Adware.EGDAccess) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a438b841-24dc-2a28-f73d-71a2e6994cb6} (Adware.ClickSpring) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a438b841-24dc-2a28-f73d-71a2e6994cb6} (Adware.ClickSpring) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> No action taken.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnklbxu (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> No action taken.
HKEY_CLASSES_ROOT\as_ie_monitor.ie_monitor (Rogue.AntispyStorm) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d481f6ac (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd7b2c530 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Desktop) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxrjijh -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\iftuyszv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxrjijh -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\Outerinfo (Adware.Outerinfo) -> No action taken.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> No action taken.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> No action taken.
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> No action taken.
C:\Program Files\InetGet2 (Trojan.Downloader) -> No action taken.
C:\Program Files\MailSkinner (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\msskinner (Adware.EGDAccess) -> No action taken.
C:\Program Files\SpyMaxx (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\logs (Rogue.SpyMaxx) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\byXRjijH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\HjijRXyb.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\HjijRXyb.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bcrkcpan.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\napckrcb.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wgbmhruw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wurhmbgw.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\karima\Application Data\??stem32\javaw.exe (Adware.PurityScan) -> No action taken.
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll (Rogue.WinAntivirus) -> No action taken.
C:\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe (Adware.PurityScan) -> No action taken.
C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP640\A0438904.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446956.exe (Adware.PurityScan) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446957.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446959.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446967.exe (AdWare.CommAd) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446972.exe (Trojan.DNSChanger) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446985.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446988.exe (Rogue.AntiSpyMaster) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452001.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452009.dll (AdWare.CommAd) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452010.exe (AdWare.CommAd) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452011.exe (Trojan.DNSChanger) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0453019.exe (Adware.PurityScan) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0454009.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0455009.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0455022.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP642\A0455348.exe (Rogue.AntiSpyMaster) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP642\A0456876.cpl (Rogue.WinAntivirus) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP642\A0456886.dll (Rogue.WinAntivirus) -> No action taken.
C:\WINDOWS\b152.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\b155.exe (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\krjcw.dll (Adware.ClickSpring) -> No action taken.
C:\WINDOWS\system32\pRI\kscomdll3.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> No action taken.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> No action taken.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> No action taken.
C:\Program Files\MailSkinner\anim_0.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\MailSkinner\anim_help.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\SpyMaxx\ignoreregbase.bin (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\stat.bin (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\uninstall.exe (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\uninstall.log (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\logs\06.26.08_20_49_56.log (Rogue.SpyMaxx) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\WINDOWS\explore.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\x.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\y.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> No action taken.
C:\WINDOWS\default.htm (Trojan.Agent) -> No action taken.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\loader.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\internet.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\svcp.csv (Malware.Trace) -> No action taken.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\mlvybjnx.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\atmtd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\nnnkLbxu.dll (Backdoor.Agent) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\winsub.xml (Malware.Trace) -> No action taken.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> No action taken.
C:\WINDOWS\Downloaded Program Files\EGDAccess.inf (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\Downloaded Program Files\EGDAccess_ASPIV4.inf (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\Downloaded Program Files\sysiasvc32.inf (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> No action taken.
0
Réponse 8 / 38
keg7373 Messages postés 100 Statut Membre 7
 
Désolée, en fait voici le bon rapport après avoir supprimé la sélection :

Malwarebytes' Anti-Malware 1.19
Version de la base de données: 911
Windows 5.1.2600 Service Pack 2

17:45:27 01/07/2008
mbam-log-7-1-2008 (17-45-27).txt

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|)
Eléments examinés: 271048
Temps écoulé: 50 minute(s), 57 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 51
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 115

Processus mémoire infecté(s):
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Documents and Settings\karima\Application Data\??stem32\javaw.exe (Adware.PurityScan) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\bcrkcpan.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\byXRjijH.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\nnnkLbxu.dll (Backdoor.Agent) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f111ecc-2144-45a5-8de3-c1ab096d53b8} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4f111ecc-2144-45a5-8de3-c1ab096d53b8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\uwap7.pcheck.1 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6f520be0-9b54-4558-816f-224e67997df3} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2a5c2e6d-864b-4f2c-9542-8b272741d78b} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{459f4226-1aab-43b6-9dc1-b6313ef83749} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{e49a9fcb-faa9-4c1f-a1c1-54920da2cca4} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a438b841-24dc-2a28-f73d-71a2e6994cb6} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a438b841-24dc-2a28-f73d-71a2e6994cb6} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Backdoor.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Backdoor.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnklbxu (Backdoor.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\as_ie_monitor.ie_monitor (Rogue.AntispyStorm) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d481f6ac (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd7b2c530 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Backdoor.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxrjijh -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\iftuyszv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxrjijh -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MailSkinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\msskinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\byXRjijH.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\HjijRXyb.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\HjijRXyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bcrkcpan.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\napckrcb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wgbmhruw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wurhmbgw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\karima\Application Data\??stem32\javaw.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP640\A0438904.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446956.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446957.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446959.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446967.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446972.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446985.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446988.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452001.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452009.dll (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452010.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452011.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0453019.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0454009.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0455009.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0455022.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP642\A0455348.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP642\A0456876.cpl (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP642\A0456886.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\b152.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\b155.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krjcw.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pRI\kscomdll3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\MailSkinner\anim_0.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MailSkinner\anim_help.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\ignoreregbase.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\stat.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\uninstall.exe (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\uninstall.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs\06.26.08_20_49_56.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svcp.csv (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlvybjnx.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnkLbxu.dll (Backdoor.Agent) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsub.xml (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\EGDAccess.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\EGDAccess_ASPIV4.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\sysiasvc32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully.
0
Réponse 9 / 38
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok...redémarre ton pc, si ce n est pas déjà fait, pour terminer la suppression de malwarebytes..

ensuite refais un nouveau rapport hijackthis pour vérifier stp
0
Réponse 10 / 38
keg7373 Messages postés 100 Statut Membre 7
 
Le rapport de Hijack This après le redémarrage du PC donne ça :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:52, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Documents and Settings\karima\Application Data\F?nts\?ttrib.exe
C:\DOCUME~1\karima\APPLIC~1\STEM32~1\javaw.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Documents and Settings\karima\Bureau\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {2f73b0e0-5fef-4ba2-993b-77ef7c168766} - C:\WINDOWS\system32\dcrxif.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [wa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe" -c
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe" -c
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Dkjxtky] "C:\Documents and Settings\karima\Application Data\F?nts\?ttrib.exe"
O4 - HKCU\..\Run: [Heth] "C:\DOCUME~1\karima\APPLIC~1\STEM32~1\javaw.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer = 192.168.1.1
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 11 / 38
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok...il t en reste pas mal :

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 12 / 38
keg7373 Messages postés 100 Statut Membre 7
 
Ok, je vais essayer de faire ça, en tout cas merci beaucoup pour votre aide..!!

Je poste dans ma prochaine réponse le rapport en question!!
0
Réponse 13 / 38
keg7373 Messages postés 100 Statut Membre 7
 
Désolée, c'est encore moi...

En fait je n'arrive pas à Exécuter ComboFix car il me dit que la version est dépassée, j'ai donc essayer de chercher une mise à jour mais je ne trouve pas, et j'ai bien suivit le tutorial, mais ça ne change rien...

Si vous avez une solution, merci d'avance!!
0
Réponse 14 / 38
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
essais celui ci : https://forospyware.com
0
Réponse 15 / 38
keg7373 Messages postés 100 Statut Membre 7
 
Pareil avec celui-ci, sauf que l'erreur est que certains fichiers sont corrupt..
0
Réponse 16 / 38
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
oui je sais :s

ca fait 15 min que je fais des recherches pour retrouver une version à jour mais sans succes..je te tiens au courant des que je trouve..@+
0
Réponse 17 / 38
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
bon apparement il n y a pas de nouvelle version pour le moment...on va essayer autrement :

télécharger sur le bureau Navilog1 : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Si votre antivirus s'affole , le désactiver
=sous vista : Clic-droit sur le raccourci Navilog1 présent sur le bureau et choisis "Exécuter en tant qu'administrateur
sous XP :

= double-clic dessus pour l'installer et le lancer
Quand installé
= taper F
= Appuyer sur une touche jusqu' arriver aux options
= Choisir Recherche ( = taper 1 )
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

un rapport : fixnavi.txt
dans ==> C :
le copier et le coller dans la réponse
0
Réponse 18 / 38
keg7373 Messages postés 100 Statut Membre 7
 
Et voilà le rapport :

Search Navipromo version 3.6.0 commencé le 02/07/2008 à 16:29:07,32

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "karima"

Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\karima\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\azdin\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\karima\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\azdin\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\karima\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\azdin\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\karima\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\azdin\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\Downloaded Program Files\egaccess4.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\karima\locals~1\applic~1" :

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\azdin\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 02/07/2008 à 17:07:41,45 ***
0
Réponse 19 / 38
geoffrey5
 
Salut keg7373 !!

Dsl de te répondre si tard mais je n étais pas chez moi ces deux derniers jours :s

on continue??

- Double-Clic navilog1
- Choisir cette fois option 2 taper 2
note : le bureau disparaît
-Redémarrage du PC en mode normal

- mettre le rapport dans la réponse

ensuite refais un nouveau rapport hijackthis stp
0
Réponse 20 / 38
keg7373 Messages postés 100 Statut Membre 7
 
Salut Geoffrey5...

Désolée de répondre que maintenant mais en fait comme je n'avais pas de réponse je suis restée comme ça, parce qu'il y avait déjà pas mal de choses qui ont été enlevé// Alors je te remercie pour ton aide!!
0