Infection par des spywares
Résolu/Fermé
aeklarhat
Messages postés
20
Date d'inscription
jeudi 4 septembre 2008
Statut
Membre
Dernière intervention
12 octobre 2008
-
4 sept. 2008 à 22:47
plm69 Messages postés 527 Date d'inscription dimanche 27 juillet 2008 Statut Membre Dernière intervention 8 septembre 2008 - 5 sept. 2008 à 19:51
plm69 Messages postés 527 Date d'inscription dimanche 27 juillet 2008 Statut Membre Dernière intervention 8 septembre 2008 - 5 sept. 2008 à 19:51
A voir également:
- Infection par des spywares
- L'ordinateur d'arthur a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Virus
- Virus non détecté par mon anti-virus ? ✓ - Forum Antivirus
- L'ordinateur de samantha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Virus
- L'ordinateur de simon a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Jeux vidéo
- Mon ordinateur a été infecté par un virus ou - Forum Virus
15 réponses
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
5 sept. 2008 à 18:11
5 sept. 2008 à 18:11
slt Télécharge et installe Malwarebyte's Anti-Malware:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
Laisse les Mises à jour se télécharger
*** Referme le programme ***
2) Scan avec Malwarebyte's Anti-Malware
Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un examen complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>>
supprime ce qu'il a trouvé vide également les éléments de la quarantaine
S'il t'es demandé de redémarrer >>> clique sur "Yes"
--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
Laisse les Mises à jour se télécharger
*** Referme le programme ***
2) Scan avec Malwarebyte's Anti-Malware
Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un examen complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>>
supprime ce qu'il a trouvé vide également les éléments de la quarantaine
S'il t'es demandé de redémarrer >>> clique sur "Yes"
--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse
aeklarhat
Messages postés
20
Date d'inscription
jeudi 4 septembre 2008
Statut
Membre
Dernière intervention
12 octobre 2008
5 sept. 2008 à 19:27
5 sept. 2008 à 19:27
slt j terminer le scan et voila le raport:
ComboFix 08-09-04.09 - poste08 2008-09-05 17:12:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.690 [GMT 0:00]
Endroit: C:\Downloads\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Documents and Settings\poste08\Cookies\poste08@www.cheapoair[2].txt
C:\f.bat
C:\kk3.bat
C:\ov.cmd
C:\rs.cmd
C:\WINDOWS\config.ini
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\netwbix32.dll
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\skinboxer43.dll
D:\Autorun.inf
D:\f.bat
D:\kk3.bat
D:\ov.cmd
D:\rs.cmd
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))))))))
.
2008-09-05 16:57 . 2008-03-04 17:13 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-05 16:57 . 2008-03-04 17:13 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-05 16:57 . 2008-03-04 16:27 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-05 16:57 . 2008-03-04 17:13 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-05 16:57 . 2008-03-04 17:13 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-05 16:57 . 2008-03-04 17:13 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-05 16:57 . 2008-09-05 17:00 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-05 16:57 . 2008-09-05 16:57 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-05 16:25 . 2008-09-05 16:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 16:25 . 2008-09-05 16:25 <REP> d-------- C:\Documents and Settings\poste08\Application Data\Malwarebytes
2008-09-05 16:25 . 2008-09-05 16:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-05 16:25 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 16:25 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-05 16:22 . 2008-09-05 17:14 <REP> d-------- C:\Program Files\FlashGet
2008-09-05 16:22 . 2008-09-05 17:10 <REP> d-------- C:\Downloads
2008-09-05 16:22 . 2004-08-04 03:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-09-05 10:09 . 2008-09-05 10:09 92,213 -r-hs---- C:\ktnquo.exe
2008-09-04 20:35 . 2008-09-05 17:11 <REP> d-------- C:\Program Files\Navilog1
2008-09-02 20:30 . 2008-09-02 20:30 1,456,572 --a------ C:\1.mpeg
2008-09-02 20:22 . 2008-09-02 20:22 4,013,259 --a------ C:\3785_2_clip.wmv
2008-09-02 13:34 . 2008-09-02 13:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 16:22 --------- d-----w C:\Program Files\Google
2008-09-05 16:17 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-05 16:16 --------- d-----w C:\Documents and Settings\poste08\Application Data\DMCache
2008-09-05 16:15 --------- d-----w C:\Documents and Settings\poste08\Application Data\IDM
2008-09-05 15:44 --------- d-----w C:\Documents and Settings\poste08\Application Data\Skype
2008-09-03 14:03 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-02 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-01 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-06 20:47 --------- d-----w C:\Documents and Settings\poste08\Application Data\Grisoft
2008-07-06 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-05 18:24 --------- d-----w C:\Program Files\Trend Micro
2008-07-02 18:27 19,446 ----a-w C:\Documents and Settings\All Users\Application Data\loruhen.bat
2008-07-02 18:27 17,516 ----a-w C:\WINDOWS\ymovor.bin
2008-07-02 18:27 16,408 ----a-w C:\WINDOWS\ifeqeto.scr
2008-07-02 18:27 14,594 ----a-w C:\Documents and Settings\poste08\Application Data\ytaxi.bin
2008-07-02 18:27 14,083 ----a-w C:\WINDOWS\ufatatyf.exe
2008-07-02 18:27 13,016 ----a-w C:\WINDOWS\maliloju.vbs
2008-07-02 18:27 12,433 ----a-w C:\Program Files\Fichiers communs\lagi.dl
2008-07-02 18:27 12,363 ----a-w C:\Program Files\Fichiers communs\utinuxymod.sys
2008-07-02 18:27 10,726 ----a-w C:\Program Files\Fichiers communs\fuzijidup.bat
2008-07-02 18:27 10,340 ----a-w C:\Documents and Settings\All Users\Application Data\vono.pif
2008-06-11 20:37 290,816 ------w C:\WINDOWS\Setup1.exe
2008-06-11 20:36 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
.
------- Sigcheck -------
2004-08-04 03:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\SoftwareDistribution\Download\bd2f344a6cea520182f159a127c8f5ad\backup\sp2gdr\tcpip.sys
2004-08-04 03:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\SoftwareDistribution\Download\bd2f344a6cea520182f159a127c8f5ad\backup\sp2qfe\tcpip.sys
2004-08-04 03:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 03:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 3739672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-08-21 888832]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-19 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 8491008]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-07 77824]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CcClient.LNK]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\CcClient.LNK
backup=C:\WINDOWS\pss\CcClient.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 01:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-08-21 15:45 888832 C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 04:54 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-09-16 17:07 81920 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
--a------ 2008-05-25 15:56 13268784 C:\Program Files\ooVoo\ooVoo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-07 13:48 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-18 20:53 36972 C:\Program Files\Java\jre1.5.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-19 09:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2001-10-02 00:42 10752 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-09-16 17:07 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-06-20 21:42 577536 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"\\\\Serveur\\e\\Phone\\Skype.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:TCP port 443 ooVoo
"443:UDP"= 443:UDP:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:UDP port 37675 ooVoo
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20560]
S3 xAntiArp;xAntiArpSpoof Service;C:\WINDOWS\system32\DRIVERS\xAntiArp.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{088bc33a-1910-11dd-9514-001bb96bcf1e}]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d470698-1207-11dd-94e5-001bb96bcf1e}]
\Shell\Autoplay\Command - G:\smss.exe
\Shell\AutoRun\command - G:\smss.exe
\Shell\Explore\Command - G:\smss.exe
\Shell\Open\Command - G:\smss.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{129cab12-1389-11dd-94ef-001bb96bcf1e}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f6dcdec-f693-11dc-9417-001bb96bcf1e}]
\Shell\AutoRun\command - F:\ser.com
\Shell\explore\Command - F:\ser.com
\Shell\open\Command - F:\ser.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{244286a4-0f8f-11dd-94d8-001bb96bcf1e}]
\Shell\AutoRun\command - F:\ktnquo.exe
\Shell\explore\Command - F:\ktnquo.exe
\Shell\open\Command - F:\ktnquo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{465bdffe-fa62-11dc-9441-001bb96bcf1e}]
\Shell\AutoRun\command - stw1ojde.bat
\Shell\explore\Command - stw1ojde.bat
\Shell\open\Command - stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ae0e126-1aa8-11dd-9526-001bb96bcf1e}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fd3ff5c-e93f-11db-9823-000000000000}]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8320aeba-f808-11dc-942b-001bb96bcf1e}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f5e70a-e486-11db-9810-000000000000}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9281a28a-11ec-11dd-94e4-001bb96bcf1e}]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93e63422-f358-11dc-93f7-001bb96bcf1e}]
\Shell\AutoRun\command - F:\xp19.com
\Shell\explore\Command - F:\xp19.com
\Shell\open\Command - F:\xp19.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a207f724-13c0-11dd-94f3-001bb96bcf1e}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a372cae2-f1a8-11dc-93eb-001bb96bcf1e}]
\Shell\AutoRun\command - F:\kk3.bat
\Shell\explore\Command - F:\kk3.bat
\Shell\open\Command - F:\kk3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaa86392-f916-11dc-9436-001bb96bcf1e}]
\Shell\AutoRun\command - F:\stw1ojde.bat
\Shell\explore\Command - F:\stw1ojde.bat
\Shell\open\Command - F:\stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc91bfae-1cde-11dd-9532-001bb96bcf1e}]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4ec00ca-0f09-11dd-94d2-001bb96bcf1e}]
\Shell\AutoRun\command - F:\ph.com
\Shell\explore\Command - F:\ph.com
\Shell\open\Command - F:\ph.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceeb5382-eab5-11dc-93ba-001bb96bcf1e}]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceeb5383-eab5-11dc-93ba-001bb96bcf1e}]
\Shell\AutoRun\command - G:\a3g3.bat
\Shell\explore\Command - G:\a3g3.bat
\Shell\open\Command - G:\a3g3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2e8f7b9-f1e2-11dc-93ef-001bb96bcf1e}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef6c37c6-e330-11db-980a-000000000000}]
\Shell\AutoRun\command - lcmqm.exe
\Shell\explore\Command - lcmqm.exe
\Shell\open\Command - lcmqm.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2186e68-e6f5-11db-9819-000000000000}]
\Shell\AutoRun\command - F:\ph.com
\Shell\explore\Command - F:\ph.com
\Shell\open\Command - F:\ph.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f95eb0d4-f6ac-11dc-941b-001bb96bcf1e}]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f95eb0d5-f6ac-11dc-941b-001bb96bcf1e}]
\Shell\AutoRun\command - G:\ser.com
\Shell\explore\Command - G:\ser.com
\Shell\open\Command - G:\ser.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe5baa25-ddad-11db-973a-000000000000}]
\Shell\AutoRun\command - F:\x6.bat
\Shell\explore\Command - F:\x6.bat
\Shell\open\Command - F:\x6.bat
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
HKLM-Explorer_Run-0C2QQ0iTGM - C:\Documents and Settings\All Users\Application Data\bcdanufm\dafydotm.exe
MSConfigStartUp-amva - C:\WINDOWS\system32\amvo.exe
MSConfigStartUp-eocumyuosi - c:\documents and settings\poste08\local settings\application data\eocumyuosi.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-Skype - C:\Documents and Settings\poste08\Bureau\Skype.exe
MSConfigStartUp-SweetIM - C:\Program Files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-XP SecurityCenter - C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe
MSConfigStartUp-Yahoo! Pager - ~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-braviax - braviax.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://fr.yahoo.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 -: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{9725F3BE-D85D-4F35-9057-0B7FE97A9FFD}: NameServer = 192.168.0.1
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413} - hxxp://67.198.203.34/talk.cab
C:\WINDOWS\Downloaded Program Files\talk.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\imcv1.dll
O16 -: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.198.203.34/ReadUid.CAB
C:\WINDOWS\Downloaded Program Files\ReadUid.INF
C:\WINDOWS\Downloaded Program Files\ReadUid.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 17:15:34
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-05 17:19:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 17:19:01
Pre-Run: 32,531,361,792 octets libres
Post-Run: 32,701,333,504 octets libres
312 --- E O F --- 2008-03-07 12:18:44
ComboFix 08-09-04.09 - poste08 2008-09-05 17:12:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.690 [GMT 0:00]
Endroit: C:\Downloads\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Documents and Settings\poste08\Cookies\poste08@www.cheapoair[2].txt
C:\f.bat
C:\kk3.bat
C:\ov.cmd
C:\rs.cmd
C:\WINDOWS\config.ini
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\netwbix32.dll
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\skinboxer43.dll
D:\Autorun.inf
D:\f.bat
D:\kk3.bat
D:\ov.cmd
D:\rs.cmd
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))))))))
.
2008-09-05 16:57 . 2008-03-04 17:13 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-05 16:57 . 2008-03-04 17:13 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-05 16:57 . 2008-03-04 16:27 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-05 16:57 . 2008-03-04 17:13 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-05 16:57 . 2008-03-04 17:13 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-05 16:57 . 2008-03-04 17:13 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-05 16:57 . 2008-09-05 17:00 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-05 16:57 . 2008-09-05 16:57 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-05 16:25 . 2008-09-05 16:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 16:25 . 2008-09-05 16:25 <REP> d-------- C:\Documents and Settings\poste08\Application Data\Malwarebytes
2008-09-05 16:25 . 2008-09-05 16:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-05 16:25 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 16:25 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-05 16:22 . 2008-09-05 17:14 <REP> d-------- C:\Program Files\FlashGet
2008-09-05 16:22 . 2008-09-05 17:10 <REP> d-------- C:\Downloads
2008-09-05 16:22 . 2004-08-04 03:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-09-05 10:09 . 2008-09-05 10:09 92,213 -r-hs---- C:\ktnquo.exe
2008-09-04 20:35 . 2008-09-05 17:11 <REP> d-------- C:\Program Files\Navilog1
2008-09-02 20:30 . 2008-09-02 20:30 1,456,572 --a------ C:\1.mpeg
2008-09-02 20:22 . 2008-09-02 20:22 4,013,259 --a------ C:\3785_2_clip.wmv
2008-09-02 13:34 . 2008-09-02 13:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 16:22 --------- d-----w C:\Program Files\Google
2008-09-05 16:17 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-05 16:16 --------- d-----w C:\Documents and Settings\poste08\Application Data\DMCache
2008-09-05 16:15 --------- d-----w C:\Documents and Settings\poste08\Application Data\IDM
2008-09-05 15:44 --------- d-----w C:\Documents and Settings\poste08\Application Data\Skype
2008-09-03 14:03 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-02 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-01 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-06 20:47 --------- d-----w C:\Documents and Settings\poste08\Application Data\Grisoft
2008-07-06 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-05 18:24 --------- d-----w C:\Program Files\Trend Micro
2008-07-02 18:27 19,446 ----a-w C:\Documents and Settings\All Users\Application Data\loruhen.bat
2008-07-02 18:27 17,516 ----a-w C:\WINDOWS\ymovor.bin
2008-07-02 18:27 16,408 ----a-w C:\WINDOWS\ifeqeto.scr
2008-07-02 18:27 14,594 ----a-w C:\Documents and Settings\poste08\Application Data\ytaxi.bin
2008-07-02 18:27 14,083 ----a-w C:\WINDOWS\ufatatyf.exe
2008-07-02 18:27 13,016 ----a-w C:\WINDOWS\maliloju.vbs
2008-07-02 18:27 12,433 ----a-w C:\Program Files\Fichiers communs\lagi.dl
2008-07-02 18:27 12,363 ----a-w C:\Program Files\Fichiers communs\utinuxymod.sys
2008-07-02 18:27 10,726 ----a-w C:\Program Files\Fichiers communs\fuzijidup.bat
2008-07-02 18:27 10,340 ----a-w C:\Documents and Settings\All Users\Application Data\vono.pif
2008-06-11 20:37 290,816 ------w C:\WINDOWS\Setup1.exe
2008-06-11 20:36 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
.
------- Sigcheck -------
2004-08-04 03:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\SoftwareDistribution\Download\bd2f344a6cea520182f159a127c8f5ad\backup\sp2gdr\tcpip.sys
2004-08-04 03:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\SoftwareDistribution\Download\bd2f344a6cea520182f159a127c8f5ad\backup\sp2qfe\tcpip.sys
2004-08-04 03:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 03:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 3739672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-08-21 888832]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-19 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 8491008]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-07 77824]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CcClient.LNK]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\CcClient.LNK
backup=C:\WINDOWS\pss\CcClient.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 01:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-08-21 15:45 888832 C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 04:54 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-09-16 17:07 81920 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
--a------ 2008-05-25 15:56 13268784 C:\Program Files\ooVoo\ooVoo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-07 13:48 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-18 20:53 36972 C:\Program Files\Java\jre1.5.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-19 09:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2001-10-02 00:42 10752 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-09-16 17:07 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-06-20 21:42 577536 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"\\\\Serveur\\e\\Phone\\Skype.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:TCP port 443 ooVoo
"443:UDP"= 443:UDP:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:UDP port 37675 ooVoo
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20560]
S3 xAntiArp;xAntiArpSpoof Service;C:\WINDOWS\system32\DRIVERS\xAntiArp.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{088bc33a-1910-11dd-9514-001bb96bcf1e}]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d470698-1207-11dd-94e5-001bb96bcf1e}]
\Shell\Autoplay\Command - G:\smss.exe
\Shell\AutoRun\command - G:\smss.exe
\Shell\Explore\Command - G:\smss.exe
\Shell\Open\Command - G:\smss.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{129cab12-1389-11dd-94ef-001bb96bcf1e}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f6dcdec-f693-11dc-9417-001bb96bcf1e}]
\Shell\AutoRun\command - F:\ser.com
\Shell\explore\Command - F:\ser.com
\Shell\open\Command - F:\ser.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{244286a4-0f8f-11dd-94d8-001bb96bcf1e}]
\Shell\AutoRun\command - F:\ktnquo.exe
\Shell\explore\Command - F:\ktnquo.exe
\Shell\open\Command - F:\ktnquo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{465bdffe-fa62-11dc-9441-001bb96bcf1e}]
\Shell\AutoRun\command - stw1ojde.bat
\Shell\explore\Command - stw1ojde.bat
\Shell\open\Command - stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ae0e126-1aa8-11dd-9526-001bb96bcf1e}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fd3ff5c-e93f-11db-9823-000000000000}]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8320aeba-f808-11dc-942b-001bb96bcf1e}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f5e70a-e486-11db-9810-000000000000}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9281a28a-11ec-11dd-94e4-001bb96bcf1e}]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93e63422-f358-11dc-93f7-001bb96bcf1e}]
\Shell\AutoRun\command - F:\xp19.com
\Shell\explore\Command - F:\xp19.com
\Shell\open\Command - F:\xp19.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a207f724-13c0-11dd-94f3-001bb96bcf1e}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a372cae2-f1a8-11dc-93eb-001bb96bcf1e}]
\Shell\AutoRun\command - F:\kk3.bat
\Shell\explore\Command - F:\kk3.bat
\Shell\open\Command - F:\kk3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaa86392-f916-11dc-9436-001bb96bcf1e}]
\Shell\AutoRun\command - F:\stw1ojde.bat
\Shell\explore\Command - F:\stw1ojde.bat
\Shell\open\Command - F:\stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc91bfae-1cde-11dd-9532-001bb96bcf1e}]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4ec00ca-0f09-11dd-94d2-001bb96bcf1e}]
\Shell\AutoRun\command - F:\ph.com
\Shell\explore\Command - F:\ph.com
\Shell\open\Command - F:\ph.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceeb5382-eab5-11dc-93ba-001bb96bcf1e}]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceeb5383-eab5-11dc-93ba-001bb96bcf1e}]
\Shell\AutoRun\command - G:\a3g3.bat
\Shell\explore\Command - G:\a3g3.bat
\Shell\open\Command - G:\a3g3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2e8f7b9-f1e2-11dc-93ef-001bb96bcf1e}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef6c37c6-e330-11db-980a-000000000000}]
\Shell\AutoRun\command - lcmqm.exe
\Shell\explore\Command - lcmqm.exe
\Shell\open\Command - lcmqm.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2186e68-e6f5-11db-9819-000000000000}]
\Shell\AutoRun\command - F:\ph.com
\Shell\explore\Command - F:\ph.com
\Shell\open\Command - F:\ph.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f95eb0d4-f6ac-11dc-941b-001bb96bcf1e}]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f95eb0d5-f6ac-11dc-941b-001bb96bcf1e}]
\Shell\AutoRun\command - G:\ser.com
\Shell\explore\Command - G:\ser.com
\Shell\open\Command - G:\ser.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe5baa25-ddad-11db-973a-000000000000}]
\Shell\AutoRun\command - F:\x6.bat
\Shell\explore\Command - F:\x6.bat
\Shell\open\Command - F:\x6.bat
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
HKLM-Explorer_Run-0C2QQ0iTGM - C:\Documents and Settings\All Users\Application Data\bcdanufm\dafydotm.exe
MSConfigStartUp-amva - C:\WINDOWS\system32\amvo.exe
MSConfigStartUp-eocumyuosi - c:\documents and settings\poste08\local settings\application data\eocumyuosi.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-Skype - C:\Documents and Settings\poste08\Bureau\Skype.exe
MSConfigStartUp-SweetIM - C:\Program Files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-XP SecurityCenter - C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe
MSConfigStartUp-Yahoo! Pager - ~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-braviax - braviax.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://fr.yahoo.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 -: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{9725F3BE-D85D-4F35-9057-0B7FE97A9FFD}: NameServer = 192.168.0.1
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413} - hxxp://67.198.203.34/talk.cab
C:\WINDOWS\Downloaded Program Files\talk.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\imcv1.dll
O16 -: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.198.203.34/ReadUid.CAB
C:\WINDOWS\Downloaded Program Files\ReadUid.INF
C:\WINDOWS\Downloaded Program Files\ReadUid.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 17:15:34
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-05 17:19:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 17:19:01
Pre-Run: 32,531,361,792 octets libres
Post-Run: 32,701,333,504 octets libres
312 --- E O F --- 2008-03-07 12:18:44
Utilisateur anonyme
5 sept. 2008 à 19:39
5 sept. 2008 à 19:39
Bonjour
C'est encore infecté et pas qu'un peu !
Apparemment on ne maîtrise pas les outils que l'on utilise :-)
C'est encore infecté et pas qu'un peu !
Apparemment on ne maîtrise pas les outils que l'on utilise :-)
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
4 sept. 2008 à 22:48
4 sept. 2008 à 22:48
slt fais l'etape 2 avec navilog
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
aeklarhat
Messages postés
20
Date d'inscription
jeudi 4 septembre 2008
Statut
Membre
Dernière intervention
12 octobre 2008
4 sept. 2008 à 22:52
4 sept. 2008 à 22:52
il me demande de la faire en mode sans echec est ce normal?
aeklarhat
Messages postés
20
Date d'inscription
jeudi 4 septembre 2008
Statut
Membre
Dernière intervention
12 octobre 2008
5 sept. 2008 à 18:10
5 sept. 2008 à 18:10
le spayware a boqué le mode sans echec et navilog ne peut pas faire la desinfection sauf s'il est dans ce mode
aidez moi svp
aidez moi svp
aeklarhat
Messages postés
20
Date d'inscription
jeudi 4 septembre 2008
Statut
Membre
Dernière intervention
12 octobre 2008
5 sept. 2008 à 18:48
5 sept. 2008 à 18:48
voici le rapport:
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1116
Windows 5.1.2600 Service Pack 2
05/09/2008 16:47:20
mbam-log-2008-09-05 (16-47-20).txt
Type de recherche: Examen complet (C:\|D:\|G:\|)
Eléments examinés: 87865
Temps écoulé: 18 minute(s), 56 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 35
Processus mémoire infecté(s):
C:\WINDOWS\system32\lphcv4tj0ej37.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\msliksurcredo.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\blphcv4tj0ej37.scr (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\CodecBHO.dll (Trojan.FakeAlert) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\msliksur (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msliksurserv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\XP_SecurityCenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2f47836b-d3ab-4fd7-9232-6e01ca1bc3ef} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{918fdf23-74f2-41d0-99f0-e715869e8f27} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ded40223-b172-484b-9270-a48dd591cfcc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e8c0b5c-6c5b-44b0-8650-4f6c955943f8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5158876a-6cd5-4c40-a154-c90ad289abb2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5158876a-6cd5-4c40-a154-c90ad289abb2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CodecBHO.DLL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.codecplugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcv4tj0ej37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.94 85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.94 85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{9725f3be-d85d-4f35-9057-0b7fe97a9ffd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.94,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{9725f3be-d85d-4f35-9057-0b7fe97a9ffd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.94,85.255.112.201 -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner\com (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Application Data\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\poste08\Local Settings\Application Data\iseggmi_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Application Data\iseggmi_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Application Data\iseggmi.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Application Data\saxxrzrai_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Application Data\saxxrzrai_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Application Data\saxxrzrai.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Application Data\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Application Data\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msliksurcredo.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\blphcv4tj0ej37.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcv4tj0ej37.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcv4tj0ej37.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CodecBHO.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité.POSTE08\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msliksurserv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1116
Windows 5.1.2600 Service Pack 2
05/09/2008 16:47:20
mbam-log-2008-09-05 (16-47-20).txt
Type de recherche: Examen complet (C:\|D:\|G:\|)
Eléments examinés: 87865
Temps écoulé: 18 minute(s), 56 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 35
Processus mémoire infecté(s):
C:\WINDOWS\system32\lphcv4tj0ej37.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\msliksurcredo.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\blphcv4tj0ej37.scr (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\CodecBHO.dll (Trojan.FakeAlert) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\msliksur (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msliksurserv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\XP_SecurityCenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2f47836b-d3ab-4fd7-9232-6e01ca1bc3ef} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{918fdf23-74f2-41d0-99f0-e715869e8f27} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ded40223-b172-484b-9270-a48dd591cfcc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e8c0b5c-6c5b-44b0-8650-4f6c955943f8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5158876a-6cd5-4c40-a154-c90ad289abb2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5158876a-6cd5-4c40-a154-c90ad289abb2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CodecBHO.DLL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.codecplugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcv4tj0ej37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.94 85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.94 85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{9725f3be-d85d-4f35-9057-0b7fe97a9ffd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.94,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{9725f3be-d85d-4f35-9057-0b7fe97a9ffd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.94,85.255.112.201 -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner\com (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Application Data\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\poste08\Local Settings\Application Data\iseggmi_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Application Data\iseggmi_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Application Data\iseggmi.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Application Data\saxxrzrai_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Application Data\saxxrzrai_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Application Data\saxxrzrai.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Application Data\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Application Data\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msliksurcredo.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\blphcv4tj0ej37.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcv4tj0ej37.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcv4tj0ej37.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CodecBHO.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\poste08\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité.POSTE08\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msliksurserv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
5 sept. 2008 à 18:53
5 sept. 2008 à 18:53
Ok refais l'option 2 de navilog
aeklarhat
Messages postés
20
Date d'inscription
jeudi 4 septembre 2008
Statut
Membre
Dernière intervention
12 octobre 2008
5 sept. 2008 à 18:54
5 sept. 2008 à 18:54
toujours la meme chose il me demande de le faire en mode sans echec
aeklarhat
Messages postés
20
Date d'inscription
jeudi 4 septembre 2008
Statut
Membre
Dernière intervention
12 octobre 2008
5 sept. 2008 à 19:02
5 sept. 2008 à 19:02
j'ai executé navilog en mode sans echec et voici le rapport:
Clean Navipromo version 3.6.5 commencé le 05/09/2008 à 16:58:03,90
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Administrateur"
Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage executé en mode sans échec
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\INVIT~1.POS\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\poste08\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1.POS\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\poste08\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1.POS\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\poste08\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1.POS\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\poste08\menudm~1\progra~1" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Administrateur\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *
* Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *
* Dans "C:\DOCUME~1\INVIT~1.POS\locals~1\applic~1" *
* Dans "C:\DOCUME~1\poste08\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !
*** Fichiers suspects non supprimés par Navilog1 ***
!! Fichiers légitimes possibles, à contrôler avant suppression !!
Fichiers suspects dans "C:\DOCUME~1\poste08\locals~1\applic~1" :
zfoiet.exe trouvé !
*** Nettoyage terminé le 05/09/2008 à 16:59:38,35 ***
Clean Navipromo version 3.6.5 commencé le 05/09/2008 à 16:58:03,90
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Administrateur"
Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage executé en mode sans échec
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\INVIT~1.POS\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\poste08\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1.POS\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\poste08\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1.POS\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\poste08\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1.POS\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\poste08\menudm~1\progra~1" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Administrateur\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *
* Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *
* Dans "C:\DOCUME~1\INVIT~1.POS\locals~1\applic~1" *
* Dans "C:\DOCUME~1\poste08\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !
*** Fichiers suspects non supprimés par Navilog1 ***
!! Fichiers légitimes possibles, à contrôler avant suppression !!
Fichiers suspects dans "C:\DOCUME~1\poste08\locals~1\applic~1" :
zfoiet.exe trouvé !
*** Nettoyage terminé le 05/09/2008 à 16:59:38,35 ***
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
5 sept. 2008 à 19:07
5 sept. 2008 à 19:07
ok,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
5 sept. 2008 à 19:07
5 sept. 2008 à 19:07
desinstale navilog dans demmarer>tout les programmes
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
5 sept. 2008 à 19:32
5 sept. 2008 à 19:32
Ok desinstalle combofix
On n'a supprimer pas mal de virus as-tu encore des problèmes ?
On n'a supprimer pas mal de virus as-tu encore des problèmes ?
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
5 sept. 2008 à 19:51
5 sept. 2008 à 19:51
Desinstalle kaspersky et telecharge avira gratuit ici https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html
fais une mise a jour puis un scan complet
fais une mise a jour puis un scan complet
