Pop-up/Trojans Besoin d'aide s'il vous plait
Fermé
Wonsul
-
12 sept. 2008 à 15:08
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 - 16 sept. 2008 à 14:04
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 - 16 sept. 2008 à 14:04
A voir également:
- Pop-up/Trojans Besoin d'aide s'il vous plait
- Serveur pop - Guide
- Pop up mcafee - Accueil - Piratage
- Autoriser pop up firefox - Guide
- Pop corn streaming - Télécharger - TV & Vidéo
- Sketch up - Télécharger - 3D
9 réponses
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
12 sept. 2008 à 15:11
12 sept. 2008 à 15:11
Bonjour,
Télécharge et installe Malwarebyte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
- Lance Malwarebyte's Anti-Malware, laisse les Mises à jour se télécharger et referme le programme
Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec". Choisis ta session habituelle
Lance Malwarebyte's Anti-Malware
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> clique sur Supprimer la sélection
- S'il t'es demandé de redémarrer, clique sur Yes
Poste le rapport de scan après la suppression ici
Télécharge et installe Malwarebyte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
- Lance Malwarebyte's Anti-Malware, laisse les Mises à jour se télécharger et referme le programme
Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec". Choisis ta session habituelle
Lance Malwarebyte's Anti-Malware
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> clique sur Supprimer la sélection
- S'il t'es demandé de redémarrer, clique sur Yes
Poste le rapport de scan après la suppression ici
Merci pour la réponse rapide !
Voici donc le rapport
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1142
Windows 5.1.2600 Service Pack 2
12/09/2008 16:07:58
mbam-log-2008-09-12 (16-07-53).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 87794
Temps écoulé: 43 minute(s), 19 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 32
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 34
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fccddeDw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\iifefETN.dll (Trojan.Vundo.H) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38d66a89-902b-4bc3-9a4d-69aa50f300a2} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{38d66a89-902b-4bc3-9a4d-69aa50f300a2} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifefetn (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6798eaf-a17e-4037-a6b9-056edc6295bd} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f6798eaf-a17e-4037-a6b9-056edc6295bd} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b5f4a87-01a0-42be-9d16-47607d729641} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4b5f4a87-01a0-42be-9d16-47607d729641} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1b275ac6 (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccddedw -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccddedw -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\webHancer (Adware.Webhancer) -> No action taken.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\fccddeDw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wDeddccf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wDeddccf.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\iifefETN.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mheaap.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\dgsxtmvx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xvmtxsgd.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\lpcaps.dll (Trojan.BHO.H) -> No action taken.
C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4TYVGPIB\nd82m0[1] (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{E4BA6A58-8171-4559-983D-FFB034758B43}\RP13\A0010445.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{E4BA6A58-8171-4559-983D-FFB034758B43}\RP13\A0010450.exe (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\system32\buodbldr.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fccAQkIx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jvchseom.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> No action taken.
C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> No action taken.
C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> No action taken.
C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> No action taken.
C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\ovjmeivi.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM1b275ac6.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM1b275ac6.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> No action taken.
Voici donc le rapport
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1142
Windows 5.1.2600 Service Pack 2
12/09/2008 16:07:58
mbam-log-2008-09-12 (16-07-53).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 87794
Temps écoulé: 43 minute(s), 19 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 32
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 34
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fccddeDw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\iifefETN.dll (Trojan.Vundo.H) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38d66a89-902b-4bc3-9a4d-69aa50f300a2} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{38d66a89-902b-4bc3-9a4d-69aa50f300a2} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifefetn (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6798eaf-a17e-4037-a6b9-056edc6295bd} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f6798eaf-a17e-4037-a6b9-056edc6295bd} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b5f4a87-01a0-42be-9d16-47607d729641} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4b5f4a87-01a0-42be-9d16-47607d729641} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1b275ac6 (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccddedw -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccddedw -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\webHancer (Adware.Webhancer) -> No action taken.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\fccddeDw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wDeddccf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wDeddccf.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\iifefETN.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mheaap.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\dgsxtmvx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xvmtxsgd.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\lpcaps.dll (Trojan.BHO.H) -> No action taken.
C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4TYVGPIB\nd82m0[1] (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{E4BA6A58-8171-4559-983D-FFB034758B43}\RP13\A0010445.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{E4BA6A58-8171-4559-983D-FFB034758B43}\RP13\A0010450.exe (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\system32\buodbldr.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fccAQkIx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jvchseom.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> No action taken.
C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> No action taken.
C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> No action taken.
C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> No action taken.
C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\ovjmeivi.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM1b275ac6.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM1b275ac6.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> No action taken.
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
12 sept. 2008 à 16:14
12 sept. 2008 à 16:14
Le rapport indique "No action taken"
Peux-tu poster le rapport qui a suivi la suppression ? Tu peux le retrouver en relançant MalwareBytes', dans l'onglet rapports/logs
Peux-tu poster le rapport qui a suivi la suppression ? Tu peux le retrouver en relançant MalwareBytes', dans l'onglet rapports/logs
Oui dsl voila :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1142
Windows 5.1.2600 Service Pack 2
12/09/2008 16:08:28
mbam-log-2008-09-12 (16-08-28).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 87794
Temps écoulé: 43 minute(s), 19 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 32
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 34
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fccddeDw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iifefETN.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38d66a89-902b-4bc3-9a4d-69aa50f300a2} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{38d66a89-902b-4bc3-9a4d-69aa50f300a2} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifefetn (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6798eaf-a17e-4037-a6b9-056edc6295bd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f6798eaf-a17e-4037-a6b9-056edc6295bd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b5f4a87-01a0-42be-9d16-47607d729641} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4b5f4a87-01a0-42be-9d16-47607d729641} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1b275ac6 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccddedw -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccddedw -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\webHancer (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\fccddeDw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wDeddccf.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wDeddccf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifefETN.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mheaap.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dgsxtmvx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xvmtxsgd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lpcaps.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4TYVGPIB\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E4BA6A58-8171-4559-983D-FFB034758B43}\RP13\A0010445.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E4BA6A58-8171-4559-983D-FFB034758B43}\RP13\A0010450.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buodbldr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccAQkIx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jvchseom.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovjmeivi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1b275ac6.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1b275ac6.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1142
Windows 5.1.2600 Service Pack 2
12/09/2008 16:08:28
mbam-log-2008-09-12 (16-08-28).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 87794
Temps écoulé: 43 minute(s), 19 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 32
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 34
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fccddeDw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iifefETN.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38d66a89-902b-4bc3-9a4d-69aa50f300a2} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{38d66a89-902b-4bc3-9a4d-69aa50f300a2} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifefetn (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6798eaf-a17e-4037-a6b9-056edc6295bd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f6798eaf-a17e-4037-a6b9-056edc6295bd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b5f4a87-01a0-42be-9d16-47607d729641} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4b5f4a87-01a0-42be-9d16-47607d729641} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1b275ac6 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccddedw -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccddedw -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\webHancer (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\fccddeDw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wDeddccf.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wDeddccf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifefETN.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mheaap.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dgsxtmvx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xvmtxsgd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lpcaps.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4TYVGPIB\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E4BA6A58-8171-4559-983D-FFB034758B43}\RP13\A0010445.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E4BA6A58-8171-4559-983D-FFB034758B43}\RP13\A0010450.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buodbldr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccAQkIx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jvchseom.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovjmeivi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1b275ac6.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1b275ac6.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
12 sept. 2008 à 16:25
12 sept. 2008 à 16:25
Tu as bien fait ce scan en mode sans échec ?
1) Télécharge ToolsCleaner</gras> sur ton bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé :
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
Lance le, clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer.
Tu peux aussi supprimer les fichiers temporaires.
Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).
Redémarre ton ordinateur
Puis télécharge à nouveau hijackthis sur ton bureau : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
Installe le, puis fais ceci avant de le lancer (c'est important !) :
Va dans le menu démarrer --> Poste de travail --> disque local C --> Program Files --> Trend Micro --> Hijackthis --> cherche hijackthis.exe et fais un clic droit dessus --> renomme le en Jack.exe
Ensuite lance le et clique sur "Do a system scan and save a logfile".
Fais un copier-coller du rapport entier sur le forum
2) Ensuite, on va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...
Fais exactement ce qui suit :
Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation : en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
Dans ton cas, il s'agit de NOD 32
---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...
Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------
Ensuite :
double-clique sur C-Fix.exe (= combofix.exe ) .
Appuie sur une touche pour démarrer le scan .
Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer
Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
1) Télécharge ToolsCleaner</gras> sur ton bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé :
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
Lance le, clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer.
Tu peux aussi supprimer les fichiers temporaires.
Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).
Redémarre ton ordinateur
Puis télécharge à nouveau hijackthis sur ton bureau : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
Installe le, puis fais ceci avant de le lancer (c'est important !) :
Va dans le menu démarrer --> Poste de travail --> disque local C --> Program Files --> Trend Micro --> Hijackthis --> cherche hijackthis.exe et fais un clic droit dessus --> renomme le en Jack.exe
Ensuite lance le et clique sur "Do a system scan and save a logfile".
Fais un copier-coller du rapport entier sur le forum
2) Ensuite, on va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...
Fais exactement ce qui suit :
Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation : en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
Dans ton cas, il s'agit de NOD 32
---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...
Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------
Ensuite :
double-clique sur C-Fix.exe (= combofix.exe ) .
Appuie sur une touche pour démarrer le scan .
Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer
Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
Voici le rapport jack, je continu sur la procédur 2) ,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:04, on 12/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\Jack.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: bambanner browser enhancer - {5a747444-391d-0b1d-e286-e275041f3d04} - C:\WINDOWS\system32\aljmhaufwigrngt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O4 - HKLM\..\Run: [{8b95654c-d415-cb3a-2ae6-8a037aaf4561}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\aljmhaufwigrngt.dll" DllStub
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:04, on 12/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\Jack.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: bambanner browser enhancer - {5a747444-391d-0b1d-e286-e275041f3d04} - C:\WINDOWS\system32\aljmhaufwigrngt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O4 - HKLM\..\Run: [{8b95654c-d415-cb3a-2ae6-8a037aaf4561}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\aljmhaufwigrngt.dll" DllStub
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
Et voici le rapport de combo fix :
ComboFix 08-09-10.04 - Administrateur 2008-09-12 16:38:21.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.287 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\C-Fix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Cookies\administrateur@ad.yieldmanager[2].txt
C:\install\install.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pybmdnms.ini
C:\WINDOWS\system32\rtl60.bpl
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-12 to 2008-09-12 ))))))))))))))))))))))))))))))))))))
.
2008-09-12 15:17 . 2008-09-12 15:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 15:17 . 2008-09-12 15:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-12 15:17 . 2008-09-12 15:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-12 15:17 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-12 15:17 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-12 14:06 . 2008-09-12 14:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-12 14:01 . 2008-09-12 14:01 <REP> d-------- C:\Program Files\Yahoo!
2008-09-12 14:00 . 2008-09-12 16:33 <REP> d-------- C:\Program Files\Trend Micro
2008-09-12 13:03 . 2008-09-12 13:03 <REP> d-------- C:\Program Files\ESET
2008-09-12 13:03 . 2008-09-12 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-12 12:55 . 2008-09-12 12:55 <REP> d-------- C:\Program Files\POPUPKILLER
2008-09-12 12:49 . 2008-09-12 12:49 <REP> d-------- C:\Program Files\crocpopup+
2008-09-12 12:49 . 1998-06-24 00:00 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-09-12 11:40 . 2008-09-12 11:40 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-09-12 11:37 . 2008-09-12 11:53 <REP> d--hs---- C:\WINDOWS\Qm9vbXNjdWQ
2008-09-12 11:36 . 2008-09-12 12:49 <REP> d-------- C:\WINDOWS\system32\res
2008-09-12 11:36 . 2008-09-12 13:37 <REP> d-------- C:\WINDOWS\system32\mC19
2008-09-12 11:36 . 2008-09-12 11:36 <REP> d-------- C:\WINDOWS\system32\gui
2008-09-12 11:36 . 2008-09-12 12:32 <REP> d-------- C:\WINDOWS\system32\101
2008-09-12 11:36 . 2008-09-12 11:36 <REP> d-------- C:\Temp\mtc2
2008-09-12 11:36 . 2008-09-12 16:38 <REP> d-------- C:\Temp
2008-09-12 11:36 . 2008-09-12 11:36 71,711 --a------ C:\WINDOWS\system32\gtskdpplyz.exe
2008-09-10 18:35 . 2008-09-10 18:35 <REP> d-------- C:\Program Files\Common Files
2008-09-10 18:35 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-09-10 18:35 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-09-09 18:30 . 2008-09-09 18:30 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-09-09 18:30 . 2008-09-09 18:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-09 00:18 . 2008-09-09 13:57 <REP> d-------- C:\Program Files\Silkroad
2008-09-08 22:47 . 2008-09-09 18:32 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2008-09-08 22:46 . 2008-09-08 22:46 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-08 22:44 . 2008-09-08 22:46 <REP> d-------- C:\Program Files\Windows Live
2008-09-08 22:44 . 2008-09-08 22:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-08 22:43 . 2008-09-08 22:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-08 22:10 . 2008-09-08 22:34 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-08 22:09 . 2008-09-08 22:09 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-09-08 22:09 . 2005-02-25 05:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-08 22:06 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-09-08 22:06 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-09-08 22:06 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-08 22:06 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-08 22:06 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-08 21:57 . 2008-09-08 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-09-08 21:57 . 2008-09-12 11:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Azureus
2008-09-08 21:45 . 2008-09-08 21:45 <REP> d-------- C:\Program Files\Vuze
2008-09-08 19:39 . 2008-09-08 19:39 <REP> d-------- C:\Program Files\Games-Masters.com
2008-09-08 19:22 . 2007-06-27 14:42 207,488 -ra------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-09-08 19:21 . 2008-09-08 19:22 <REP> d-------- C:\Program Files\VIA
2008-09-08 19:21 . 2007-04-11 15:35 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2008-09-08 19:18 . 2008-09-08 19:18 <REP> d-------- C:\Program Files\ma-config.com
2008-09-08 19:18 . 2008-09-08 19:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-08 19:15 . 2008-09-08 19:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-09-08 19:15 . 2008-09-12 11:36 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-08 19:14 . 2008-09-08 19:14 <REP> d-------- C:\Program Files\Webteh
2008-09-08 19:14 . 2008-09-08 19:15 <REP> d-------- C:\Program Files\Satsuki Decoder Pack
2008-09-08 19:14 . 2008-09-08 19:15 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2008-09-08 19:12 . 2008-09-08 19:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
2008-09-08 19:06 . 2008-09-08 19:06 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-09-08 19:05 . 2008-09-08 19:05 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-09-08 19:05 . 2008-09-08 19:08 <REP> d-------- C:\Program Files\ATI Technologies
2008-09-08 19:05 . 2005-05-03 21:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-09-08 19:05 . 2005-05-04 07:04 299,008 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-09-08 19:05 . 2005-04-08 22:42 87,540 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-09-08 19:05 . 2005-05-02 14:07 5,396 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-09-08 19:04 . 2008-09-08 19:08 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2008-09-08 19:04 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-08 19:03 . 2004-05-02 10:47 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys
2008-09-08 19:00 . 2008-09-08 19:00 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-09-08 19:00 . 2008-09-08 19:00 <REP> d-------- C:\Program Files\Ahead
2008-09-08 19:00 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-09-08 19:00 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-08 19:00 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-08 19:00 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-09-08 19:00 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-09-08 19:00 . 2001-07-09 11:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2008-09-08 19:00 . 2004-03-03 21:30 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-08 19:00 . 2000-06-26 11:45 106,496 -ra------ C:\WINDOWS\system32\TwnLib20.dll
2008-09-08 19:00 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-09-08 19:00 . 2004-03-03 21:30 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-08-29 14:11 . 2008-08-29 14:11 166,400 --a------ C:\WINDOWS\system32\aljmhaufwigrngt.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 12:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-08 18:45 --------- d-----w C:\Program Files\Google
2008-09-08 16:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-08 16:52 --------- d-----w C:\Program Files\Services en ligne
2005-07-29 14:24 472 --sha-r C:\WINDOWS\Qm9vbXNjdWQ\kA6Svrh3xqk.vbs
.
------- Sigcheck -------
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\tcpip.sys
2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5a747444-391d-0b1d-e286-e275041f3d04}]
2008-08-29 14:11 166400 --a------ C:\WINDOWS\system32\aljmhaufwigrngt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-08 39408]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{8b95654c-d415-cb3a-2ae6-8a037aaf4561}"="C:\WINDOWS\system32\aljmhaufwigrngt.dll" [2008-08-29 166400]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 16:40:09
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-09-12 16:41:36
ComboFix-quarantined-files.txt 2008-09-12 14:41:30
Pre-Run: 88,730,087,424 octets libres
Post-Run: 89,702,232,064 octets libres
160
ComboFix 08-09-10.04 - Administrateur 2008-09-12 16:38:21.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.287 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\C-Fix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Cookies\administrateur@ad.yieldmanager[2].txt
C:\install\install.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pybmdnms.ini
C:\WINDOWS\system32\rtl60.bpl
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-12 to 2008-09-12 ))))))))))))))))))))))))))))))))))))
.
2008-09-12 15:17 . 2008-09-12 15:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 15:17 . 2008-09-12 15:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-12 15:17 . 2008-09-12 15:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-12 15:17 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-12 15:17 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-12 14:06 . 2008-09-12 14:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-12 14:01 . 2008-09-12 14:01 <REP> d-------- C:\Program Files\Yahoo!
2008-09-12 14:00 . 2008-09-12 16:33 <REP> d-------- C:\Program Files\Trend Micro
2008-09-12 13:03 . 2008-09-12 13:03 <REP> d-------- C:\Program Files\ESET
2008-09-12 13:03 . 2008-09-12 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-12 12:55 . 2008-09-12 12:55 <REP> d-------- C:\Program Files\POPUPKILLER
2008-09-12 12:49 . 2008-09-12 12:49 <REP> d-------- C:\Program Files\crocpopup+
2008-09-12 12:49 . 1998-06-24 00:00 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-09-12 11:40 . 2008-09-12 11:40 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-09-12 11:37 . 2008-09-12 11:53 <REP> d--hs---- C:\WINDOWS\Qm9vbXNjdWQ
2008-09-12 11:36 . 2008-09-12 12:49 <REP> d-------- C:\WINDOWS\system32\res
2008-09-12 11:36 . 2008-09-12 13:37 <REP> d-------- C:\WINDOWS\system32\mC19
2008-09-12 11:36 . 2008-09-12 11:36 <REP> d-------- C:\WINDOWS\system32\gui
2008-09-12 11:36 . 2008-09-12 12:32 <REP> d-------- C:\WINDOWS\system32\101
2008-09-12 11:36 . 2008-09-12 11:36 <REP> d-------- C:\Temp\mtc2
2008-09-12 11:36 . 2008-09-12 16:38 <REP> d-------- C:\Temp
2008-09-12 11:36 . 2008-09-12 11:36 71,711 --a------ C:\WINDOWS\system32\gtskdpplyz.exe
2008-09-10 18:35 . 2008-09-10 18:35 <REP> d-------- C:\Program Files\Common Files
2008-09-10 18:35 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-09-10 18:35 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-09-09 18:30 . 2008-09-09 18:30 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-09-09 18:30 . 2008-09-09 18:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-09 00:18 . 2008-09-09 13:57 <REP> d-------- C:\Program Files\Silkroad
2008-09-08 22:47 . 2008-09-09 18:32 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2008-09-08 22:46 . 2008-09-08 22:46 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-08 22:44 . 2008-09-08 22:46 <REP> d-------- C:\Program Files\Windows Live
2008-09-08 22:44 . 2008-09-08 22:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-08 22:43 . 2008-09-08 22:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-08 22:10 . 2008-09-08 22:34 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-08 22:09 . 2008-09-08 22:09 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-09-08 22:09 . 2005-02-25 05:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-08 22:06 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-09-08 22:06 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-09-08 22:06 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-08 22:06 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-08 22:06 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-08 21:57 . 2008-09-08 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-09-08 21:57 . 2008-09-12 11:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Azureus
2008-09-08 21:45 . 2008-09-08 21:45 <REP> d-------- C:\Program Files\Vuze
2008-09-08 19:39 . 2008-09-08 19:39 <REP> d-------- C:\Program Files\Games-Masters.com
2008-09-08 19:22 . 2007-06-27 14:42 207,488 -ra------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-09-08 19:21 . 2008-09-08 19:22 <REP> d-------- C:\Program Files\VIA
2008-09-08 19:21 . 2007-04-11 15:35 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2008-09-08 19:18 . 2008-09-08 19:18 <REP> d-------- C:\Program Files\ma-config.com
2008-09-08 19:18 . 2008-09-08 19:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-08 19:15 . 2008-09-08 19:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-09-08 19:15 . 2008-09-12 11:36 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-08 19:14 . 2008-09-08 19:14 <REP> d-------- C:\Program Files\Webteh
2008-09-08 19:14 . 2008-09-08 19:15 <REP> d-------- C:\Program Files\Satsuki Decoder Pack
2008-09-08 19:14 . 2008-09-08 19:15 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2008-09-08 19:12 . 2008-09-08 19:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
2008-09-08 19:06 . 2008-09-08 19:06 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-09-08 19:05 . 2008-09-08 19:05 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-09-08 19:05 . 2008-09-08 19:08 <REP> d-------- C:\Program Files\ATI Technologies
2008-09-08 19:05 . 2005-05-03 21:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-09-08 19:05 . 2005-05-04 07:04 299,008 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-09-08 19:05 . 2005-04-08 22:42 87,540 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-09-08 19:05 . 2005-05-02 14:07 5,396 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-09-08 19:04 . 2008-09-08 19:08 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2008-09-08 19:04 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-08 19:03 . 2004-05-02 10:47 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys
2008-09-08 19:00 . 2008-09-08 19:00 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-09-08 19:00 . 2008-09-08 19:00 <REP> d-------- C:\Program Files\Ahead
2008-09-08 19:00 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-09-08 19:00 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-08 19:00 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-08 19:00 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-09-08 19:00 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-09-08 19:00 . 2001-07-09 11:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2008-09-08 19:00 . 2004-03-03 21:30 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-08 19:00 . 2000-06-26 11:45 106,496 -ra------ C:\WINDOWS\system32\TwnLib20.dll
2008-09-08 19:00 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-09-08 19:00 . 2004-03-03 21:30 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-08-29 14:11 . 2008-08-29 14:11 166,400 --a------ C:\WINDOWS\system32\aljmhaufwigrngt.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 12:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-08 18:45 --------- d-----w C:\Program Files\Google
2008-09-08 16:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-08 16:52 --------- d-----w C:\Program Files\Services en ligne
2005-07-29 14:24 472 --sha-r C:\WINDOWS\Qm9vbXNjdWQ\kA6Svrh3xqk.vbs
.
------- Sigcheck -------
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\tcpip.sys
2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5a747444-391d-0b1d-e286-e275041f3d04}]
2008-08-29 14:11 166400 --a------ C:\WINDOWS\system32\aljmhaufwigrngt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-08 39408]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{8b95654c-d415-cb3a-2ae6-8a037aaf4561}"="C:\WINDOWS\system32\aljmhaufwigrngt.dll" [2008-08-29 166400]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 16:40:09
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-09-12 16:41:36
ComboFix-quarantined-files.txt 2008-09-12 14:41:30
Pre-Run: 88,730,087,424 octets libres
Post-Run: 89,702,232,064 octets libres
160
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
16 sept. 2008 à 14:04
16 sept. 2008 à 14:04
Désolé pour le délai de réponse :(
Tu n'avais pas désactivé ton antivirus lors du scan avec Combofix ! Je vais te demander de le relancer, cette fois, désactive le correctement...
Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
File::
C:\WINDOWS\Qm9vbXNjdWQ\kA6Svrh3xqk.vbs
C:\WINDOWS\system32\aljmhaufwigrngt.dll
C:\WINDOWS\system32\gtskdpplyz.exe
Folder::
C:\WINDOWS\Qm9vbXNjdWQ
C:\Temp\mtc2
C:\WINDOWS\system32\mC19
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5a747444-391d-0b1d-e286-e275041f3d04}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{8b95654c-d415-cb3a-2ae6-8a037aaf4561}"=-
------------------------------------------------------------------
- Enregistre ce fichier sur ton bureau (et pas ailleurs !) sous le nom CFScript.txt
- Quitte le Bloc Notes
· Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Tu n'avais pas désactivé ton antivirus lors du scan avec Combofix ! Je vais te demander de le relancer, cette fois, désactive le correctement...
Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
File::
C:\WINDOWS\Qm9vbXNjdWQ\kA6Svrh3xqk.vbs
C:\WINDOWS\system32\aljmhaufwigrngt.dll
C:\WINDOWS\system32\gtskdpplyz.exe
Folder::
C:\WINDOWS\Qm9vbXNjdWQ
C:\Temp\mtc2
C:\WINDOWS\system32\mC19
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5a747444-391d-0b1d-e286-e275041f3d04}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{8b95654c-d415-cb3a-2ae6-8a037aaf4561}"=-
------------------------------------------------------------------
- Enregistre ce fichier sur ton bureau (et pas ailleurs !) sous le nom CFScript.txt
- Quitte le Bloc Notes
· Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt