

david44
Membres-
Compteur de contenus
20 -
Inscription
-
Dernière visite
Profile Information
-
Sexe
Male
-
Localisation
guenrouet 44
david44's Achievements

Junior Member (3/12)
0
Réputation sur la communauté
-
merci, je ne trouvais pas comment marqué en résolu, j'essaierai de retenir pour la prochaine fois.
-
merci à tous, et à notpa j'ai résolu mon problème avec mdb wiewer plus. bonne journée à tous
-
bonjour à tous, j'utilise un fichier .mdb via un programme de compta (ebp). j'ai besoin de modifier une table de la base pour débloquer un bout de programme. je n'ai access qu'en lecture seule et j'ai repéré l'enregistrement qui me plante, mais je ne peux pas enregistrer mes modif. connaissez vous un utilitaire free et fiable pour attaquer les tables et les sauvegarder dans leur format d'origine ? d'avance merci
-
Analyse rapports HijackThis [résolu]
david44 a répondu à un(e) sujet de david44 dans Analyses et éradication malwares
je m'y mets chef! -
Analyse rapports HijackThis [résolu]
david44 a répondu à un(e) sujet de david44 dans Analyses et éradication malwares
bonjour, LE PC EST EN PLEINE FORME, je ne sais pas comment te remercier, alors je te dis encore merci et bravo pour tout ce que tu fais ainsi que les autres conseillers. maintenant que le pc va bien, je rame pour ratrapper tout le temps que j'ai passé à essayer d'appliquer tes conseils a+++ david -
Analyse rapports HijackThis [résolu]
david44 a répondu à un(e) sujet de david44 dans Analyses et éradication malwares
Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3910 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 25/03/2010 13:41:00 mbam-log-2010-03-25 (13-41-00).txt Type de recherche: Examen complet (C:\|E:\|) Eléments examinés: 195984 Temps écoulé: 1 hour(s), 36 minute(s), 53 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 40 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Rogue.Multiple) -> Data: c:\windows\system32\ajipfavgu.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Rogue.Multiple) -> Data: system32\ajipfavgu.exe -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\dbu\Bureau\antimalware-pro-v04.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Local Settings\Temp\ajipfavgu (Rogue.Multiple) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-3413983027-3170452872-3860486486-1006\Dc8.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\ixBVv.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\SyhAIf.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\XYbhq.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\YCHhUd.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\gDnGbbO.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\XcULh.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ajipfavgu.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\aQtLKYEfM.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\aymlf4525.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cssQO.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\EtLwLSg.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iTNfu.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mDEyDldr.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mLPIXs.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\OvXUbeHx.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bsxRkXq.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atxgiWfYb.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\AchGMGI.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\evyKer.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\fRYAsdk.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\jmSWp.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\osNdxAlei.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\JWlxDqRs.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\rlswQ.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\vjFct.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\SKGHUuYe.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\SkKpRQmjR.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\DmYeWOe.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\dTwUrYu.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\LKOEmQ.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\MdtTHU.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\NMfDOkG.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\PLwXeafEL.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\fumvdpwq.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\fVWVMMcK.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\LIqFTJ.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\yEykYKPq.exe (Rogue.Multiple) -> Quarantined and deleted successfully. -
Analyse rapports HijackThis [résolu]
david44 a répondu à un(e) sujet de david44 dans Analyses et éradication malwares
Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations... Fichier ajipfavgu.exe reçu le 2010.03.25 10:17:57 (UTC) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 13/42 (30.96%) en train de charger les informations du serveur... Votre fichier est dans la file d'attente, en position: 1. L'heure estimée de démarrage est entre 42 et 60 secondes. Ne fermez pas la fenêtre avant la fin de l'analyse. L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats. Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. Votre fichier est, en ce moment, en cours d'analyse par VirusTotal, les résultats seront affichés au fur et à mesure de leur génération. Formaté Impression des résultats Votre fichier a expiré ou n'existe pas. Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie. Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email: Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.50 2010.03.25 Trojan.Win32.FakeMagic!IK AhnLab-V3 5.0.0.2 2010.03.25 - AntiVir 7.10.5.211 2010.03.25 - Antiy-AVL 2.0.3.7 2010.03.24 - Authentium 5.2.0.5 2010.03.25 - Avast 4.8.1351.0 2010.03.25 - Avast5 5.0.332.0 2010.03.25 - AVG 9.0.0.787 2010.03.25 Generic17.POY BitDefender 7.2 2010.03.25 - CAT-QuickHeal 10.00 2010.03.25 - ClamAV 0.96.0.0-git 2010.03.25 - Comodo 4379 2010.03.25 ApplicUnsaf.Win32.FraudTool.FakeAV.~CRS DrWeb 5.0.1.12222 2010.03.25 Trojan.Fakealert.14258 eSafe 7.0.17.0 2010.03.24 Win32.TrojanFakeMagi eTrust-Vet 35.2.7387 2010.03.25 - F-Prot 4.5.1.85 2010.03.24 - F-Secure 9.0.15370.0 2010.03.25 - Fortinet 4.0.14.0 2010.03.24 - GData 19 2010.03.25 - Ikarus T3.1.1.80.0 2010.03.25 Trojan.Win32.FakeMagic Jiangmin 13.0.900 2010.03.25 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.25 - McAfee 5930 2010.03.24 - McAfee+Artemis 5930 2010.03.24 Artemis!C9F1FA79D071 McAfee-GW-Edition 6.8.5 2010.03.25 - Microsoft 1.5605 2010.03.25 Trojan:Win32/FakeMagic NOD32 4973 2010.03.25 - Norman 6.04.10 2010.03.25 - nProtect 2009.1.8.0 2010.03.25 - Panda 10.0.2.2 2010.03.24 Suspicious file PCTools 7.0.3.5 2010.03.25 - Prevx 3.0 2010.03.25 Medium Risk Malware Downloader Rising 22.40.03.04 2010.03.25 Trojan.Win32.Generic.51FC09A3 Sophos 4.52.0 2010.03.25 - Sunbelt 6076 2010.03.25 Trojan.Win32.Generic.pak!cobra Symantec 20091.2.0.41 2010.03.25 Suspicious.Insight TheHacker 6.5.2.0.242 2010.03.24 - TrendMicro 9.120.0.1004 2010.03.25 - VBA32 3.12.12.2 2010.03.25 - ViRobot 2010.3.25.2244 2010.03.25 - VirusBuster 5.0.27.0 2010.03.24 - Information additionnelle File size: 1678336 bytes MD5...: c9f1fa79d071f082c895f2142957e5c2 SHA1..: 47a6d759b1011f68e14730aeb9a604f00dad38b7 SHA256: ecb56c059e2f726dd415e255ebc5706ebae77b14473da8c9028784b0e4b22fba ssdeep: 24576:31vT50/VcTGaaXuMX45y8Ot+0z+x8ZGn2R9jGfgZGp3Z6TCDg45fNW6n70 DCt3:ledCYI5Rx808ZXRegopJpDddNWI3t3 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1000 timedatestamp.....: 0x42316426 (Fri Mar 11 09:25:58 2005) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x24c000 0x17fe00 7.94 412d79bf314714a704ca2a0ca5bfff1f .rdata 0x24d000 0x1000 0x600 6.48 e2122f5c8bb6e834eaf6e2ac3f54ee93 .rsrc 0x24e000 0x1a000 0x19400 4.52 b8ac394294df08e0380d46db4941e187 ( 1 imports ) > kernel32.dll: GetLastError, GetProcAddress ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: n/a copyright....: Copyright © 2007 product......: Application Application description..: Application Application original name: Application.exe internal name: Application file version.: 1, 0, 0, 2 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=8ABDCE57008B7C589CAB194E38BB4300A18790C8' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=8ABDCE57008B7C589CAB194E38BB4300A18790C8</a> ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares. VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy -
Analyse rapports HijackThis [résolu]
david44 a répondu à un(e) sujet de david44 dans Analyses et éradication malwares
Bonjour, je n'ai pas plus d'info sur le fichier du rapport de Navilog 1 dois je le relancer avant de continuer ? -
Analyse rapports HijackThis [résolu]
david44 a répondu à un(e) sujet de david44 dans Analyses et éradication malwares
bonjour, voici les deux rapports : Fix Navipromo version 4.0.8 commencé le 25/03/2010 8:40:23.37 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! Outil exécuté depuis C:\navilog1 Mise à jour le 09.03.2010 à 18h00 par IL-MAFIOSO Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Sempron Processor 3200+ ) BIOS : Ver 1.00PARTTBL USER : dbu ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:37 Go (Free:12 Go) D:\ (CD or DVD) Recherche executée en mode normal ############################################################################### Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:02:54, on 25/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\dbu\Bureau\communication\antivirus\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=C:\WINDOWS\system32\ajipfavgu.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [OBSWATCH] C:\PROGRA~1\OrangeBs\Watch.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [KB976002-v5] C:\WINDOWS\system32\browserchoice.exe O4 - HKLM\..\RunOnce: [navilog1] C:\Navilog1\Navreb.bat O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [PMA_ENT] C:\Program Files\AntiMalware Pro\AntiMalwarePro.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {4E4B65ED-A6C6-4C7B-9634-490881779B9D} (MarchesPublics.SecureX) - https://marches.e-megalisbretagne.org/a4e/a...chesPublics.CAB O16 - DPF: {C025CF7F-A810-4717-BF0C-8B2B99B07C61} (SecureXMSDependencies.SecureXMSDep) - https://marches.e-megalisbretagne.org/a4e/a...ependencies.CAB O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9420 bytes ++ -
Analyse rapports HijackThis [résolu]
david44 a répondu à un(e) sujet de david44 dans Analyses et éradication malwares
bon, je crois que j'ai fais ce que tu m'as demandé (apollo), mon pc redemmare toujours sur l'explorateur windows, et je n'ai toujours pas retrouvé le bureau et le menu démarrer tu peux toujours m'aider ? nouveau rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:09:54, on 24/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\dbu\Bureau\communication\antivirus\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=C:\WINDOWS\system32\ajipfavgu.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [OBSWATCH] C:\PROGRA~1\OrangeBs\Watch.exe O4 - HKLM\..\Run: [Windows Control Service] "C:\WINDOWS\system32\wincs32.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [PMA_ENT] C:\Program Files\AntiMalware Pro\AntiMalwarePro.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {4E4B65ED-A6C6-4C7B-9634-490881779B9D} (MarchesPublics.SecureX) - https://marches.e-megalisbretagne.org/a4e/a...chesPublics.CAB O16 - DPF: {C025CF7F-A810-4717-BF0C-8B2B99B07C61} (SecureXMSDependencies.SecureXMSDep) - https://marches.e-megalisbretagne.org/a4e/a...ependencies.CAB O20 - AppInit_DLLs: atxgiWfYb.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9402 bytes -
Analyse rapports HijackThis [résolu]
david44 a répondu à un(e) sujet de david44 dans Analyses et éradication malwares
le rapport MBAM, a+ Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 24/03/2010 14:53:15 mbam-log-2010-03-24 (14-53-15).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 180939 Temps écoulé: 1 hour(s), 41 minute(s), 41 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 13 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 10 Fichier(s) infecté(s): 28 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\Program Files\Privacy components\tools\sp\sp.dll (Trojan.FakeAlert) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\sp.tieadvbho (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gxqbtmmd (Adware.Navipromo.H) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a732bdcd-4af6-4645-9dcf-2ca1d3803c19}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e1b99f6d-8818-4acc-8a65-51f6de388e67}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Documents and Settings\dbu\Application Data\Privacy components (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\dbases (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\keys (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\temp (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Program Files\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Program Files\Privacy components (Rogue.PrivacyComponents) -> Delete on reboot. C:\Program Files\Privacy components\tools (Rogue.PrivacyComponents) -> Delete on reboot. C:\Program Files\Privacy components\tools\sp (Rogue.PrivacyComponents) -> Delete on reboot. C:\Documents and Settings\dbu\Menu Démarrer\Programmes\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\dbu\Local Settings\Application Data\gxqbtmmd_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Local Settings\Application Data\gxqbtmmd_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Local Settings\Application Data\gxqbtmmd.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Local Settings\Application Data\gxqbtmmd.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Program Files\Privacy components\tools\sp\sp.dll (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\dbu\Local Settings\Temp\nsq54.tmp\NSISdl.dll (Trojan.Banker) -> Quarantined and deleted successfully. C:\Program Files\Privacy components\agent.exe (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Program Files\Privacy components\pc.exe (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Program Files\freshplay\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gaopdxsipjoyma.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\gaopdxoeyxurtq.sys (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\dbases\cg.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\dbases\mw.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\dbases\rd.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\dbases\sc.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\dbases\sm.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\dbases\sp.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\keys\cg.key (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\keys\rd.key (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\keys\sc.key (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\keys\sp.key (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\temp\settings.ini (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Application Data\Privacy components\temp\spfilter (Rogue.PrivacyComponents) -> Quarantined and deleted successfully. C:\Documents and Settings\dbu\Menu Démarrer\Programmes\freshplay\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\U.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-9-6-19-100025980-100029434-100002782-8439.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully. -
Analyse rapports HijackThis [résolu]
david44 a répondu à un(e) sujet de david44 dans Analyses et éradication malwares
Il tourne maintenant depuis qq minutes je t'informe dès qu'il a finit a+ -
Analyse rapports HijackThis [résolu]
david44 a répondu à un(e) sujet de david44 dans Analyses et éradication malwares
JE SUIS ALLEZ trop vite peut être, je l'ai téléchargé au prix de qq € sur le site officiel et je l'installe en français en ce moment c'est ok ? -
Analyse rapports HijackThis [résolu]
david44 a répondu à un(e) sujet de david44 dans Analyses et éradication malwares
salut, je ne parviens pas télécharger Malwarebytes' Anti-Malware (MBAM) avec ton lien. dois-je le télécharger avec d'autres liens sur le net, il semble y avoir des version pro, ect..; je ne sais plus quoi faire @+ -
Analyse rapports HijackThis [résolu]
david44 a répondu à un(e) sujet de david44 dans Analyses et éradication malwares
salut, voici le rapport de WORT, je peux poursuivre ? ( au fait merci pour tout) ===== Rapport WareOut Removal Tool ===== version 3.6.2 analyse effectuée le 24/03/2010 à 12:02:15.98 Résultats de l'analyse : ======================== ~~~~ Recherche d'infections dans C:\ ~~~~ C:\autorun.inf trouvé! C:\autorun.inf suppression impossible ~~~~ Recherche d'infections dans C:\Program Files\ ~~~~ ~~~~ Recherche d'infections dans C:\WINDOWS\system\ ~~~~ ~~~~ Recherche d'infections dans C:\WINDOWS\system32\ ~~~~ ~~~~ Recherche d'infections dans C:\WINDOWS\system32\drivers\ ~~~~ ~~~~ Recherche d'infections dans C:\Documents and Settings\dbu\Application Data\ ~~~~ ~~~~ Recherche d'infections dans C:\Documents and Settings\dbu\Bureau\ ~~~~ ~~~~ Recherche de détournement de DNS ~~~~ ~~~~ Recherche de Rootkits ~~~~ _______________________________________________________________________ catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-24 12:02:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden files ... C:\WINDOWS\system32\drivers\gaopdxoeyxurtq.sys 75264 bytes executable ~~~~ Tentative de réparation des entrées suivantes: ~~~~ [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] = "System" [HKLM\SYSTEM\CurrentControlSet\Services\Windows Tribute Service] [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Windows Tribute Service] ~~~~ Vérification: ~~~~ ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon System REG_SZ _________________________________ développé par http://pc-system.fr _________________________________