PC infecté par Antispyware Master
keg7373
Messages postés
100
Statut
Membre
-
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour à tous,
Voilà j'ai mon PC qui a été infecté par le fameux Antispyware Master.. Je sais que pour commencer il faut faire un scan avec HijackThis, mais ensuite je ne sais pas interpreté l'analyse qu'il fait pour savoir d'où vient l'erreur. Je voulais donc savoir si quelqu'un peut m'aider si je poste mon scan..
Merci d'avance,
Keg.
Voilà j'ai mon PC qui a été infecté par le fameux Antispyware Master.. Je sais que pour commencer il faut faire un scan avec HijackThis, mais ensuite je ne sais pas interpreté l'analyse qu'il fait pour savoir d'où vient l'erreur. Je voulais donc savoir si quelqu'un peut m'aider si je poste mon scan..
Merci d'avance,
Keg.
38 réponses
- 1
- 2
Suivant
-
Salut !!
Télécharge hijackthis : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
-une fois installé, le renommer scan.exe
-Double-clic dessus
- Clic sur "Do a system scan and save the log"
- copier le rapport, le coller dans la réponse -
ensuite :
Option 1 - Recherche :
télécharger smitfraudfix : http://telechargement.zebulon.fr/smitfraudfix.html
Dézipper la totalité de l'archive smitfraudfix.zip.
Double cliquer sur smitfraudfix.cmd
Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.
copier/coller le rapport dans la réponse. -
Voilà pour le rapport de HijackThis...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:18, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Documents and Settings\karima\Application Data\F?nts\?ttrib.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\DOCUME~1\karima\APPLIC~1\STEM32~1\javaw.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Documents and Settings\karima\Bureau\scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {2f73b0e0-5fef-4ba2-993b-77ef7c168766} - C:\WINDOWS\system32\dcrxif.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {6E35CAC6-840B-4ABA-B5C7-FEF2867FA344} - C:\WINDOWS\system32\byXRjijH.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {9C28EAFB-FF50-4F42-8D39-A006129CC907} - C:\WINDOWS\system32\nnnkLbxu.dll
O2 - BHO: (no name) - {A438B841-24DC-2A28-F73D-71A2E6994CB6} - C:\WINDOWS\system32\krjcw.dll
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [wa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe" -c
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [d481f6ac] rundll32.exe "C:\WINDOWS\system32\bcrkcpan.dll",b
O4 - HKLM\..\Run: [BMd7b2c530] Rundll32.exe "C:\WINDOWS\system32\mlvybjnx.dll",s
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe" -c
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Dkjxtky] "C:\Documents and Settings\karima\Application Data\F?nts\?ttrib.exe"
O4 - HKCU\..\Run: [Heth] "C:\DOCUME~1\karima\APPLIC~1\STEM32~1\javaw.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4} - http://es6-scripts.dlv4.com/binaries/egauth4/egauth4_1052_FR_XP.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer = 192.168.1.1
O20 - Winlogon Notify: nnnkLbxu - C:\WINDOWS\SYSTEM32\nnnkLbxu.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
-
Et voici pour le rapport de smitfraudfix :
SmitFraudFix v2.328
Rapport fait à 14:18:00,20, 01/07/2008
Executé à partir de C:\Documents and Settings\karima\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
C:\uniq PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\accesss.exe PRESENT !
C:\WINDOWS\astctl32.ocx PRESENT !
C:\WINDOWS\avpcc.dll PRESENT !
C:\WINDOWS\clrssn.exe PRESENT !
C:\WINDOWS\cpan.dll PRESENT !
C:\WINDOWS\default.htm PRESENT !
C:\WINDOWS\iexplorer.exe PRESENT !
C:\WINDOWS\loader.exe PRESENT !
C:\WINDOWS\mtwirl32.dll PRESENT !
C:\WINDOWS\notepad32.exe PRESENT !
C:\WINDOWS\olehelp.exe PRESENT !
C:\WINDOWS\systeem.exe PRESENT !
C:\WINDOWS\systemcritical.exe PRESENT !
C:\WINDOWS\time.exe PRESENT !
C:\WINDOWS\users32.exe PRESENT !
C:\WINDOWS\waol.exe PRESENT !
C:\WINDOWS\win32e.exe PRESENT !
C:\WINDOWS\win64.exe PRESENT !
C:\WINDOWS\winajbm.dll PRESENT !
C:\WINDOWS\window.exe PRESENT !
C:\WINDOWS\winmgnt.exe PRESENT !
C:\WINDOWS\x.exe PRESENT !
C:\WINDOWS\xplugin.dll PRESENT !
C:\WINDOWS\xxxvideo.hta PRESENT !
C:\WINDOWS\y.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\karima
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\karima\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\karima\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuyszv.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
ok maintenant :
Option 2 - Nettoyage :
Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage).
Double cliquer sur smitfraudfix.cmd
Sélectionner 2 pour supprimer les fichiers responsables de l'infection.
A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.
Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
Redémarrer en mode normal et poster le rapport.
ensuite :
télécharge rogueremover à cette adresse : http://www.malwarebytes.org/rogueremover/free/rr-free-setup.exe
C est un programme en anglais, Si aucune mise à jour n'est disponible le message There are no program updates available apparaît.
Si d'éventuelles mises à jour pour la base de données est disponible, le message There is a newer version of the databases available, please select Download apparaît.
Cliquez sur le bouton OK.
Cliquez sur le bouton Download de la nouvelle fenêtre.
La mise à jour se télécharge et s'installe, une fois terminée, la popup Database update complete apparaît.
Cliquez sur le bouton OK.
Le menu Scan lance un scanne de l'ordinateur
Programs Targeted ouvre la liste des programmes visés par RogueRemover
Exclude List permet d'exclure des programmes à supprimer par RogueRemover
Check for updates à droite permet de mettre à jour le logiciel.
Le scan donne sous forme de liste les éléments néfastes détectés.
Ces derniers sont automatiquement coché.
Il suffit de cliquer sur le bouton Remove Selected pour procéder à la suppression.
Une popup vous demande si vous désirez envoyer le résultat d'analyse à RogueNET. Aucune information personnelle n'est envoyée.
Cliquez sur Yes pour accepter, No pour refuser.
Une fois la suppression effectuée, une fenêtre vous indique qu'un rapport a été généré.
Ce dernier est placé dans le dossier RogueRemover, par défaut C:\Program Files\RogueRemover
Une fois le nettoyage terminé, un rapport va s'ouvrir sur le Bloc-Note.
Copier/coller le rapport dans la réponse
et ensuite :
Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread
= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection
un rapport s'ouvre le copier et le coller dans la réponse
Puis redémarrer le pc !!
Et refais un nouveau rapport hijackthis stp -
Désolé pour le temps que cela a prit, mais voici, comme demandé le 2ème rapport de smitfraudfix :
SmitFraudFix v2.328
Rapport fait à 16:03:34,64, 01/07/2008
Executé à partir de C:\Documents and Settings\karima\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\uniq supprimé
C:\WINDOWS\accesss.exe supprimé
C:\WINDOWS\astctl32.ocx supprimé
C:\WINDOWS\avpcc.dll supprimé
C:\WINDOWS\clrssn.exe supprimé
C:\WINDOWS\cpan.dll supprimé
C:\WINDOWS\default.htm supprimé
C:\WINDOWS\iexplorer.exe supprimé
C:\WINDOWS\loader.exe supprimé
C:\WINDOWS\mtwirl32.dll supprimé
C:\WINDOWS\notepad32.exe supprimé
C:\WINDOWS\olehelp.exe supprimé
C:\WINDOWS\systeem.exe supprimé
C:\WINDOWS\systemcritical.exe supprimé
C:\WINDOWS\time.exe supprimé
C:\WINDOWS\users32.exe supprimé
C:\WINDOWS\waol.exe supprimé
C:\WINDOWS\win32e.exe supprimé
C:\WINDOWS\win64.exe supprimé
C:\WINDOWS\winajbm.dll supprimé
C:\WINDOWS\window.exe supprimé
C:\WINDOWS\winmgnt.exe supprimé
C:\WINDOWS\x.exe supprimé
C:\WINDOWS\xplugin.dll supprimé
C:\WINDOWS\xxxvideo.hta supprimé
C:\WINDOWS\y.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Puis maintenant le rapport de RogueRemover :
Malwarebytes' RogueRemover
Malwarebytes ©2007 https://www.malwarebytes.com/
6246 total fingerprints loaded.
Loading database ...
Expanding environmental variables ...
Scanning files ... [ 100% ].
Scanning folders ... [ 100% ].
Scanning registry keys ... [ 100% ].
Scanning registry values ... [ 100% ].
RogueRemover has detected rogue antispyware components! Results below...
Type: File
Vendor: WinAntiVirus 2006
Location: C:\WINDOWS\system32\av.cpl
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\WINDOWS\system32\stera.job
Selected for removal: Yes
Type: File
Vendor: Rogue.Misc
Location: C:\WINDOWS\loader.exe
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\WinAntiVirus Pro 2007\WinAV.xml
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\WapCHK.dll
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\atl71.dll
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\err.log
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mfc71.dll
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcp71.dll
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcr71.dll
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\SpOrder.dll
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\WAPChk.dll
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\activator_info.txt
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\avtasks.dat
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\CookieList.dat
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\history.db
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\PGE.dat
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\Activate.log
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\trfilter.log
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\update.log
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\CustomerEmail
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\CustomerName
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\OID
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\PCID
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Suspicious
Selected for removal: Yes
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\WinAntiVirus Pro 2007\WinAV.xml
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\WapCHK.dll
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\atl71.dll
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\err.log
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mfc71.dll
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcp71.dll
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcr71.dll
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\SpOrder.dll
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\WAPChk.dll
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\activator_info.txt
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\avtasks.dat
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\CookieList.dat
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\history.db
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\PGE.dat
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\Activate.log
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\trfilter.log
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\update.log
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
Selected for removal: No
Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Program Files\WinAntiVirus Pro 2007
Selected for removal: Yes
Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006
Selected for removal: Yes
Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007
Selected for removal: Yes
Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007
Selected for removal: Yes
Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs
Selected for removal: No
Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
Selected for removal: Yes
Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
Selected for removal: Yes
Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data
Selected for removal: No
Type: Folder
Vendor: WinAntiVirus 2007
Location: C:\Program Files\WinAntiVirus Pro 2007
Selected for removal: No
Type: Folder
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006
Selected for removal: No
Type: Folder
Vendor: WinAntiVirus 2007
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007
Selected for removal: No
Type: Folder
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007
Selected for removal: No
Type: Folder
Vendor: WinAntiVirus 2007
Location: C:\Documents and Settings\karima\Application Data\WinAntiVirus Pro 2007\Logs
Selected for removal: No
Type: Folder
Vendor: AntiSpyStorm
Location: C:\Program Files\AntispyStorm
Selected for removal: Yes
Type: Folder
Vendor: BestsellerAntivirus
Location: C:\Documents and Settings\All Users\Application Data\SalesMonitor
Selected for removal: Yes
Type: Folder
Vendor: AntiSpywareMaster
Location: C:\Program Files\AntiSpywareMaster
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2007
Location: HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2007
Selected for removal: Yes
RogueRemover has found the objects above.
Je fais maintenant la suite que je poste dans quelques instants. -
Et voici le rapport Anti Malware :
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 911
Windows 5.1.2600 Service Pack 2
17:39:27 01/07/2008
mbam-log-7-1-2008 (17-39-17).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|)
Eléments examinés: 271048
Temps écoulé: 50 minute(s), 57 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 51
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 115
Processus mémoire infecté(s):
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\karima\Application Data\??stem32\javaw.exe (Adware.PurityScan) -> No action taken.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\bcrkcpan.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byXRjijH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nnnkLbxu.dll (Backdoor.Agent) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f111ecc-2144-45a5-8de3-c1ab096d53b8} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4f111ecc-2144-45a5-8de3-c1ab096d53b8} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\uwap7.pcheck.1 (Rogue.WinAntivirus) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6f520be0-9b54-4558-816f-224e67997df3} (Rogue.WinAntivirus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2a5c2e6d-864b-4f2c-9542-8b272741d78b} (Rogue.WinAntivirus) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{459f4226-1aab-43b6-9dc1-b6313ef83749} (Rogue.WinAntivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{e49a9fcb-faa9-4c1f-a1c1-54920da2cca4} (Adware.EGDAccess) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a438b841-24dc-2a28-f73d-71a2e6994cb6} (Adware.ClickSpring) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a438b841-24dc-2a28-f73d-71a2e6994cb6} (Adware.ClickSpring) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> No action taken.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnklbxu (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> No action taken.
HKEY_CLASSES_ROOT\as_ie_monitor.ie_monitor (Rogue.AntispyStorm) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d481f6ac (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd7b2c530 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Desktop) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxrjijh -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\iftuyszv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxrjijh -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\Outerinfo (Adware.Outerinfo) -> No action taken.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> No action taken.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> No action taken.
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> No action taken.
C:\Program Files\InetGet2 (Trojan.Downloader) -> No action taken.
C:\Program Files\MailSkinner (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\msskinner (Adware.EGDAccess) -> No action taken.
C:\Program Files\SpyMaxx (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\logs (Rogue.SpyMaxx) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\byXRjijH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\HjijRXyb.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\HjijRXyb.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bcrkcpan.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\napckrcb.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wgbmhruw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wurhmbgw.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\karima\Application Data\??stem32\javaw.exe (Adware.PurityScan) -> No action taken.
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll (Rogue.WinAntivirus) -> No action taken.
C:\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe (Adware.PurityScan) -> No action taken.
C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP640\A0438904.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446956.exe (Adware.PurityScan) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446957.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446959.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446967.exe (AdWare.CommAd) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446972.exe (Trojan.DNSChanger) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446985.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446988.exe (Rogue.AntiSpyMaster) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452001.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452009.dll (AdWare.CommAd) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452010.exe (AdWare.CommAd) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452011.exe (Trojan.DNSChanger) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0453019.exe (Adware.PurityScan) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0454009.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0455009.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0455022.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP642\A0455348.exe (Rogue.AntiSpyMaster) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP642\A0456876.cpl (Rogue.WinAntivirus) -> No action taken.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP642\A0456886.dll (Rogue.WinAntivirus) -> No action taken.
C:\WINDOWS\b152.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\b155.exe (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\krjcw.dll (Adware.ClickSpring) -> No action taken.
C:\WINDOWS\system32\pRI\kscomdll3.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> No action taken.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> No action taken.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> No action taken.
C:\Program Files\MailSkinner\anim_0.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\MailSkinner\anim_help.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\SpyMaxx\ignoreregbase.bin (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\stat.bin (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\uninstall.exe (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\uninstall.log (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\logs\06.26.08_20_49_56.log (Rogue.SpyMaxx) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\WINDOWS\explore.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\x.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\y.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> No action taken.
C:\WINDOWS\default.htm (Trojan.Agent) -> No action taken.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\loader.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\internet.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\svcp.csv (Malware.Trace) -> No action taken.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\mlvybjnx.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\atmtd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\nnnkLbxu.dll (Backdoor.Agent) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\winsub.xml (Malware.Trace) -> No action taken.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> No action taken.
C:\WINDOWS\Downloaded Program Files\EGDAccess.inf (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\Downloaded Program Files\EGDAccess_ASPIV4.inf (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\Downloaded Program Files\sysiasvc32.inf (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> No action taken. -
Désolée, en fait voici le bon rapport après avoir supprimé la sélection :
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 911
Windows 5.1.2600 Service Pack 2
17:45:27 01/07/2008
mbam-log-7-1-2008 (17-45-27).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|)
Eléments examinés: 271048
Temps écoulé: 50 minute(s), 57 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 51
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 115
Processus mémoire infecté(s):
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Documents and Settings\karima\Application Data\??stem32\javaw.exe (Adware.PurityScan) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\bcrkcpan.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\byXRjijH.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\nnnkLbxu.dll (Backdoor.Agent) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f111ecc-2144-45a5-8de3-c1ab096d53b8} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4f111ecc-2144-45a5-8de3-c1ab096d53b8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\uwap7.pcheck.1 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6f520be0-9b54-4558-816f-224e67997df3} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2a5c2e6d-864b-4f2c-9542-8b272741d78b} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{459f4226-1aab-43b6-9dc1-b6313ef83749} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{e49a9fcb-faa9-4c1f-a1c1-54920da2cca4} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a438b841-24dc-2a28-f73d-71a2e6994cb6} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a438b841-24dc-2a28-f73d-71a2e6994cb6} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Backdoor.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Backdoor.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnklbxu (Backdoor.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\as_ie_monitor.ie_monitor (Rogue.AntispyStorm) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d481f6ac (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd7b2c530 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Backdoor.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxrjijh -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\iftuyszv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxrjijh -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MailSkinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\msskinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\byXRjijH.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\HjijRXyb.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\HjijRXyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bcrkcpan.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\napckrcb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wgbmhruw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wurhmbgw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\karima\Application Data\??stem32\javaw.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP640\A0438904.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446956.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446957.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446959.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446967.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446972.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446985.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0446988.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452001.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452009.dll (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452010.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0452011.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0453019.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0454009.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0455009.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP641\A0455022.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP642\A0455348.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP642\A0456876.cpl (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25971772-2766-4CD9-8BFA-EE0C679F980B}\RP642\A0456886.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\b152.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\b155.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krjcw.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pRI\kscomdll3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\MailSkinner\anim_0.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MailSkinner\anim_help.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\ignoreregbase.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\stat.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\uninstall.exe (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\uninstall.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs\06.26.08_20_49_56.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svcp.csv (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlvybjnx.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnkLbxu.dll (Backdoor.Agent) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsub.xml (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\EGDAccess.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\EGDAccess_ASPIV4.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\sysiasvc32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully. -
ok...redémarre ton pc, si ce n est pas déjà fait, pour terminer la suppression de malwarebytes..
ensuite refais un nouveau rapport hijackthis pour vérifier stp -
Le rapport de Hijack This après le redémarrage du PC donne ça :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:52, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Documents and Settings\karima\Application Data\F?nts\?ttrib.exe
C:\DOCUME~1\karima\APPLIC~1\STEM32~1\javaw.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Documents and Settings\karima\Bureau\scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {2f73b0e0-5fef-4ba2-993b-77ef7c168766} - C:\WINDOWS\system32\dcrxif.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [wa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe" -c
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\wa7pcw.exe" -c
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Dkjxtky] "C:\Documents and Settings\karima\Application Data\F?nts\?ttrib.exe"
O4 - HKCU\..\Run: [Heth] "C:\DOCUME~1\karima\APPLIC~1\STEM32~1\javaw.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A02AEE8C-9600-4C8F-B06E-6DB14CEF3FF1}: NameServer = 192.168.1.1
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -
ok...il t en reste pas mal :
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le Bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix -
Ok, je vais essayer de faire ça, en tout cas merci beaucoup pour votre aide..!!
Je poste dans ma prochaine réponse le rapport en question!! -
Désolée, c'est encore moi...
En fait je n'arrive pas à Exécuter ComboFix car il me dit que la version est dépassée, j'ai donc essayer de chercher une mise à jour mais je ne trouve pas, et j'ai bien suivit le tutorial, mais ça ne change rien...
Si vous avez une solution, merci d'avance!! -
essais celui ci : https://forospyware.com
-
Pareil avec celui-ci, sauf que l'erreur est que certains fichiers sont corrupt..
-
oui je sais :s
ca fait 15 min que je fais des recherches pour retrouver une version à jour mais sans succes..je te tiens au courant des que je trouve..@+ -
bon apparement il n y a pas de nouvelle version pour le moment...on va essayer autrement :
télécharger sur le bureau Navilog1 : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Si votre antivirus s'affole , le désactiver
=sous vista : Clic-droit sur le raccourci Navilog1 présent sur le bureau et choisis "Exécuter en tant qu'administrateur
sous XP :
= double-clic dessus pour l'installer et le lancer
Quand installé
= taper F
= Appuyer sur une touche jusqu' arriver aux options
= Choisir Recherche ( = taper 1 )
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes
un rapport : fixnavi.txt
dans ==> C :
le copier et le coller dans la réponse -
Et voilà le rapport :
Search Navipromo version 3.6.0 commencé le 02/07/2008 à 16:29:07,32
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "karima"
Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\karima\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\azdin\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\karima\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\azdin\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\karima\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\azdin\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\karima\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\azdin\locals~1\applic~1" *
*** Recherche fichiers ***
C:\WINDOWS\Downloaded Program Files\egaccess4.inf trouvé !
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\karima\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
* Dans "C:\DOCUME~1\azdin\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 02/07/2008 à 17:07:41,45 *** -
Salut keg7373 !!
Dsl de te répondre si tard mais je n étais pas chez moi ces deux derniers jours :s
on continue??
- Double-Clic navilog1
- Choisir cette fois option 2 taper 2
note : le bureau disparaît
-Redémarrage du PC en mode normal
- mettre le rapport dans la réponse
ensuite refais un nouveau rapport hijackthis stp -
Salut Geoffrey5...
Désolée de répondre que maintenant mais en fait comme je n'avais pas de réponse je suis restée comme ça, parce qu'il y avait déjà pas mal de choses qui ont été enlevé// Alors je te remercie pour ton aide!!
- 1
- 2
Suivant
