Infection Trojan + Rootkit - HijackThis log

[Akil3eS]

Bonjour à tous,

 

j'ai sur mon pc Avast!, Ad-Aware et SpyBot et aucun d'eux n'est parvenu à éradiquer les fichiers malveillants: Win32 RustNT, WinTiny-II, Win32 Fraudland, et probablement d'autres...

Jviens de lire que ces 3 logiciels étaient assez inutiles, et je vais donc installer Antivir a la place d'Avast.

 

Aussi, j'ai installé HiJackThis et voila le rapport:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:37:29, on 11/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\system32\lxdxcoms.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drivers\RMC.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ALCMTR.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Apps\Powercinema\PCMService.exe

C:\WINDOWS\osdrive32.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wiwow64.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\sofatnet.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\lsm32.sys

C:\Documents and Settings\Anne-Sophie\Bureau\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SOS Connexion - Le web en toute simplicité

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: C:\WINDOWS\system32\tajf83ikdmf.dll - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\tajf83ikdmf.dll

O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)

O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\ANNE-S~1\LOCALS~1\Temp\{0385C041-2879-453C-A351-27A221298B1A}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x040c"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spc1000] C:\WINDOWS\vspc1000.exe

O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"

O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [jfxdghs] C:\DOCUME~1\ANNE-S~1\LOCALS~1\Temp\r56y7u.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\osdrive32.exe

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa2008.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [12CFG214-K641-11SF-N33P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1077\vslmq.exe

O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\ANNE-S~1\LOCALS~1\Temp\b.exe

O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\osdrive32.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ihaupd32.exe

O4 - Startup: ysfsys32.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: VPro1000.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O17 - HKLM\System\CCS\Services\Tcpip\..\{FDB96917-0AE0-468D-9A52-77B1967451BB}: NameServer = 80.10.246.2,80.10.246.129

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: xpqqgkwi - C:\WINDOWS\SYSTEM32\ywdswtr.dll

O22 - SharedTaskScheduler: ghya673gidh87we9inkff - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\tajf83ikdmf.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe

O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe

O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: sofatnet Service (sofatnet) - Sigma Designs In - C:\WINDOWS\system32\sofatnet.exe

O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

 

--

End of file - 10945 bytes

 

 

Je précise que je ne sais pas lire le rapport, j'attends donc vos instructions.

 

Merci pour vos conseils et votre aide.

 

Bonne journée!

[pear]

Bonjour,

 

Télécharger sur le bureauOTM by OldTimer .

Double-clic sur OTM.exe pour le lancer.

Sous Vista,Clic droit sur le fichier ->Choisir Exécuter en tant qu' Administrateur

Vérifier que Unregister Dll's and Ocx's soit coché.

* Copiez /Collez les lignes ci dessous):

 

:Processes

:Files

c:\windows\system32\wiwow64.exe

c:\windows\system32\pbfrv2.dll

c:\program files\xp antivirus\xpa2008.exe

:Reg

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"XP Antivirus"=-

 

[purity]

[emptytemp]

[start explorer]

[Reboot]

 

Revenez dans OTM,

Clic droit sur la fenêtre "Paste Instructions for Items to be Moved" sous la barre jaune et choisir Coller(Paste).

* Click le bouton rouge Moveit!

* Fermez OTM

Votre Pc va redémarrer.

Rendez vous dans le dossier C:\_OTM\MovedFiles ,

ouvrez le dernier fichier .log

Copiez/collez en le contenu dans votre prochaine réponse

 

 

Téléchargez MBAM

 

Branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update et Launch soient cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

[Akil3eS]

Bonjour Pear,

 

tout d'abord, merci pour ta réponse complète et rapide.

J'ai fait ce que tu m'avais demandé et voici les rapports.

 

Deux remarques néanmoins concernant MBAM:

- quand j'ai voulu mettre à jour, j'ai eu un message d'alerte avec écrit: "error ode: 732(0,0)". J'ai essayé par la suite manuellement ds l'onglet mise à jour. Mais, là encore, le message est apparu. j'ai donc fait le scan sans la mise à jour.

- quand le scan s'est terminé, 3 fichiers n'ont pas pu être supprimé. J'imagine que tu pourras les retrouver ds le rapport, mais au cas où, voici la racine:

HKEY_CLASSES_ROOT\CLSID\{bf56a...caa53}

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVision\Explorer\Bases Helper Objects\{bf56a...caa53}

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVision\Explorer\SharedTaskSchedule\{bf56a...caa53}

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVision\Winlogon\taskman

 

En outre, MBAM m'a demandé de redémarrer le PC pour les supprimer, ce que j'ai fait.

Je ne sais pas s'ils ont en effet été supprimés, mais l'ordinateur semble aller beaucoup mieux (jpeux à présent aller sur Internet puisque j'utilise et avais utilisé un autre PC pour venir poster le message sur le forum).

 

RAPPORT OTM

 

All processes killed

========== PROCESSES ==========

========== FILES ==========

c:\windows\system32\wiwow64.exe moved successfully.

File/Folder c:\windows\system32\pbfrv2.dll not found.

File/Folder c:\program files\xp antivirus\xpa2008.exe not found.

========== REGISTRY ==========

Registry key HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\XP Antivirus deleted successfully.

 

OTM by OldTimer - Version 3.0.0.6 log created on 09112009_123313

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

 

 

 

 

RAPPORT MBAM

 

Malwarebytes' Anti-Malware 1.41

Version de la base de données: 2775

Windows 5.1.2600 Service Pack 2

 

11/09/2009 13:34:25

mbam-log-2009-09-11 (13-34-25).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 155794

Temps écoulé: 40 minute(s), 53 second(s)

 

Processus mémoire infecté(s): 3

Module(s) mémoire infecté(s): 2

Clé(s) du Registre infectée(s): 21

Valeur(s) du Registre infectée(s): 24

Elément(s) de données du Registre infecté(s): 5

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 94

 

Processus mémoire infecté(s):

C:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> Unloaded process successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\b.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\WINDOWS\msb.exe (Trojan.Agent) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

c:\WINDOWS\system32\evdoserver.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\tajf83ikdmf.dll (Trojan.Downloader) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Downloader) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020search) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020search) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\glaide32 (Rootkit.Rustock) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-11sf-n33p (Trojan.Proxy) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Trojan.Dropper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020search) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-24sf-n84p (Worm.AutoRun) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mEv (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Worm.Palevo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jfxdghs (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup (Worm.Palevo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\tajf83ikdmf.dll (Trojan.Zlob.H) -> Delete on reboot.

c:\WINDOWS\system32\evdoserver.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\b.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1077\vslmq.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msxml71.dll (Worm.Allaple) -> Quarantined and deleted successfully.

C:\oolga.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\ppdlmsw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\ppyp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\dlwin.exe (Worm.P2P) -> Quarantined and deleted successfully.

C:\dwktudnr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\rjuxs.exe (Trojan.Injector) -> Quarantined and deleted successfully.

C:\vwmugas.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\wfxa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Bureau\setup(2).exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Bureau\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TM13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TM17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TM4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TM5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TM6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TM8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TMA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TMA1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TMC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\018.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\020.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\118.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\i.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\c.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\506.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\530.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\552.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\621.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\649.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\667.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\714.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\722.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\906.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\968.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\f.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\e.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\128.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\178.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\184.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\220.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\249.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\268.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\388.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\484.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\h.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\g.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\29YDEFU1\loaderadv562[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\29YDEFU1\lqm2[1].exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\29YDEFU1\m2[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\C1IJGPIN\qwxhuhvvjw[2].htm (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\C1IJGPIN\fcmmaabo[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\C1IJGPIN\xdajk[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\D2OVZFYK\pr3xy[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\D2OVZFYK\xdajk[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\D2OVZFYK\hdnoo[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\D2OVZFYK\lqm2[1].exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Menu Démarrer\Programmes\Démarrage\ihaupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4L2ZOXMR\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4L2ZOXMR\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4L2ZOXMR\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KDER8563\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KDER8563\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KLYJG5QF\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-7666012706-4624794923-166185852-1500\wnzip32.exe (Trojan.Injector) -> Delete on reboot.

C:\_OTM\MovedFiles\09112009_123313\windows\system32\wiwow64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\_id.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\785.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1858\port88.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\osdrive32.exe (Worm.Palevo) -> Delete on reboot.

C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\620.exe (Trojan.Agent) -> Delete on reboot.

 

 

 

Je ne sais pas si l'ordinateur est sain ou s'il y a encore des fichiers malveillants, mais, en tt cas, je tien à te remercier une nouvelle fois pour ton aide!

 

Akil3eS

[pear]

Télécharger Avira AntiVir Personal Edition en Français

 

NB : le choix d'Antivir comme antivirus à utiliser dans le cadre de cette procédure, a reposé sur les critères suivants :

--- failles de votre antivirus qui a laissé passer des malwares

--- En mode sans échec ,seuls les processus systèmes sont lancés.Il est donc plus facile de supprimer les infections

--- Antivir peut-être installé et désinstallé facilement

--- Antivir est reconnu pour son efficacité en mode sans échec

....AntiVir ne laisse pas entrer Bagle, sauf si l'utilisateur lui force la main pour récupérer un crack

 

Paramètres conseillés

Clic droit sur le parapluie--------------------->Configurer Antivir

Cliquer Expert mode--------------------------->Recherche:

Cocher: ------------->Selection intelligente des fichiers

Ce réglage est activé par défaut et recommandé.

 

Autres réglages:--->tout cocher

-Recherche+

Action en cas de résultat positif:

Cocher--------------->:Copier le fichier dans la quarantaine avant l'action:

Action principale....>: Réparer ( au cas ou ce serait un fichier système corrompu)

Action secondaire..>: Supprimer ( s'il y a détection, autant supprimer. une sauvegarde sera dans la quarantaine)

 

Désactivez votre antivirus actuel

Redémarrez en mode sans échec.

Lancez le scan

Postez le rapport

 

Mises à jour Manuelles:

 

ensuite:

 

Relancez Mbam, svp et postez les 2 rapports.