Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Infecté par Winupgro + Bagel HELP ! FINDYKILL impuissant !

Cabotine

Par Cabotine
dans Analyses et éradication malwares

 Partager

Messages recommandés

Cabotine Member

Cabotine

Posté(e)
  • Auteur
Posté(e)

Allo Thanos,

 

J'ai fais ce que tu m'a dit avec HijackThis et avec Nvidia.

 

Je te mets ici le résultat de Toolscleaner:

 

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

 

--> Recherche:

 

C:\Rsit: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Sécurité\HijackThis: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Sécurité\HijackThis\HijackThis.lnk: trouvé !

C:\Nogash22840N\Combofix.txt: trouvé !

C:\Program Files\MsnFix: trouvé !

C:\Program Files\Mozilla Firefox\SmitFraudfix: trouvé !

C:\Program Files\Trend Micro\HijackThis.exe: trouvé !

C:\Program Files\Trend Micro\hijackthis.log: trouvé !

C:\Program Files\Trend Micro\HijackThis: trouvé !

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

C:\WINDOWS\msnfix.txt: trouvé !

C:\WINDOWS\system32\*.msnfix: trouvé !

 

---------------------------------

--> Suppression:

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Sécurité\HijackThis\HijackThis.lnk: supprimé !

C:\Program Files\Trend Micro\HijackThis.exe: supprimé !

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !

C:\Nogash22840N\Combofix.txt: supprimé !

C:\Program Files\Trend Micro\hijackthis.log: supprimé !

C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !

C:\WINDOWS\msnfix.txt: supprimé !

C:\WINDOWS\system32\*.msnfix: ERREUR DE SUPPRESSION !!

C:\Rsit: supprimé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Sécurité\HijackThis: supprimé !

C:\Program Files\MsnFix: supprimé !

C:\Program Files\Mozilla Firefox\SmitFraudfix: supprimé !

C:\Program Files\Trend Micro\HijackThis: supprimé !

 

Sauvegarde du registre crée !

____________________________________________________

 

Je vais mettre mon JAVA à jour et te reviens avec les autres utilitaires.

 

a++

Cabotine Member

Cabotine

Posté(e)
  • Auteur
Posté(e) (modifié)

Rebonjour Thanos,

 

J'ai installé PSI de Secunia, et je croyais que ce logiciel faisait aussi la vérification de la mise à jour des drivers de l'ordinateur. Je suis en protection à 99%, donc je suis assez "safe" :P

 

J'ai installé Copian Backup, que je trouve génial. Tu sais, ce n'est pas moi qui manque de place sur mes disque durs. J'ai recompté et je totalise 2,5To.

 

J'ai planifié des backups du disque dur principal, celui qui a Windows, donc le C:/ pour moi, vers un disque dur externe. je n'ai pas de réseau maison.

 

je comprend les dangers des cracks, des keygens... Mais tu sais, parfois tout acheté ça deviens lourd pour le budget. Et comme je me débrouille pas mal en informatique, je suis habituellement très prudente. Alors j'ai une question pour toi : Est-ce que Antivir et Malwarebytes peuvent détecter un virus ou autre dans une archive que je viens de télécharger ou encore dans un exécutable ?

Voilà, je me demandais si je devais faire un Scan de tous mes disque dur avec Antivir ou Malwarebytes ou les deux ?

 

 

Cabotine

 

J'attends de tes nouvelles pour continuer le nettoyage des outils.

 

PS: Est-ce que je supprime les logiciels qui ont servi à la désinfection ? (RSIT, HijackThis, SafebookeyRepair, Toolscleaner, et un autre truc que j'ai renommé et qui est représenté par une seringue ??

Modifié par Cabotine
Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

Est-ce que Antivir et Malwarebytes peuvent détecter un virus ou autre dans une archive que je viens de télécharger ou encore dans un exécutable ?

Ils peuvent le détecter effectivement....où pas :P Pour peu qu'il s'agisse d'une nouvelle version d'un malware (les malwares sont mis à jour par leur créateurs pour passer les détections), un antivirus (quel qu'il soit) peut passer à côté d'une infection. Tu n'est donc pas à l'abri même avec un programme de sécurité à jour. (même si Antivir est très réactif)

C'est une des raisons pour lesquelles on déconseille l'utilisation de cracks, etc...

La plupart des logiciels payants ont un équivalent en freeware: The Gimp par ex pour Photoshop etc..

PS: Est-ce que je supprime les logiciels qui ont servi à la désinfection ? (RSIT, HijackThis, SafebookeyRepair, Toolscleaner, et un autre truc que j'ai renommé et qui est représenté par une seringue ??
Normalement Toolscleaner, a supprimé quelque uns des programmes qu'on a téléchargé.

Reste les dossiers suivants que tu peux supprimer > C:\Fyk et C:\MSNCleaner ainsi que SafebookeyRepair.

Tu peux aussi supprimer ToolsCleaner2 à présent

Voilà, je me demandais si je devais faire un Scan de tous mes disque dur avec Antivir ou Malwarebytes ou les deux ?

Oui quand tu pourras, fais un scan complêt des disques durs avec Antivir et MBAM (lorsque tu n'utilises pas le pc).

Il est possibles que des fichiers infectieux soient présents sur les autres disques (surtout si tu y a des cracks).

  • 1 an après...
hasna_blad Junior Member

hasna_blad

Posté(e)
Posté(e)

salut Cabotine :P

 

Comme je te disait dans le topic que tu as ouvert, je prends la relève car Gof est occupé :P

Pour ce qui est de l'écran bleu qui apparait:

 

Si tu n'as pas le temps de voir le message d'erreur s'afficher, fais ceci =>

 

Clique avec le bouton droit sur Poste de travail, puis cliquez sur Propriétés.

Clique sur l'onglet Avancé, puis sous Démarrage et récupération, clique sur Paramètres (ou sur Démarrage et récupération).

Sous Défaillance du système décoche la case Redémarrer automatiquement

Valide ton choix en cliquant sur le bouton OK

 

Ca te laissera le temps de noter le message d'erreur la prochaine fois (par contre tu devras redémarrer le pc manuellement).

 

Fais ce scan stp si possible =>

 

Un petit scan supplémentaire avec un programme que tu vas pouvoir conserver: si tu le possède déjà, passe l'étape de l'installation et va directement à la mise à jour >>

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
    20091211135631.png
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complêt"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
     
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

slt je vx te remercie pour cette aide car je ss tombée dans le mm probleme et simplement j ai fait comme t as expliqué. voila mon rapport et j espere je te derange pas.merci encore

 

01:18:55 Administrateur MESSAGE Protection started successfully

01:19:06 Administrateur MESSAGE IP Protection started successfully

01:35:21 Administrateur MESSAGE Protection started successfully

01:35:28 Administrateur MESSAGE IP Protection started successfully

01:45:17 Administrateur MESSAGE Protection started successfully

01:45:25 Administrateur MESSAGE IP Protection started successfully

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Version de la base de données: 7194

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

19/07/2011 01:30:37

mbam-log-2011-07-19 (01-30-37).txt

 

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|)

Elément(s) analysé(s): 151312

Temps écoulé: 6 minute(s), 57 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 124

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 56

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arvmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoGuarder.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findt2005.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IsHelp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killhidepid.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvfw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LiveUpdate360.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavCopy.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStore.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravt08.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwolusr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsMain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSTray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safebank.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartassistant.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngPS.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syscheck.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Syscheck2.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ToolsUp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe (Security.Hijack) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

c:\WINDOWS\Fonts\xhuqc.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Fonts\bjget.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Fonts\johhh.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Fonts\qbcib.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Fonts\umbxh.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Fonts\wluma.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Fonts\pqind.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Fonts\voirh.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Fonts\mescr.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Fonts\jjejc.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Fonts\dpchs.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Fonts\jxljx.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\program files\common files\sysanti.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP4\A0000369.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP6\A0000438.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP8\A0007443.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP10\A0009356.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP10\A0010356.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP10\A0011357.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP10\A0013407.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP10\A0015433.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP10\A0016354.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP10\A0017354.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP10\A0017482.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP10\A0018476.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP12\A0020380.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP12\A0021405.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP12\A0021514.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP12\A0022507.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP10\A0009337.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP10\A0010360.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP10\A0011361.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP10\A0013358.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP2\A0000102.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP2\A0000106.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP3\A0000287.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP3\A0000291.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP4\A0000366.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP6\A0000425.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP6\A0000429.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP6\A0001386.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP6\A0002386.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP7\A0002418.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP7\A0002422.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP8\A0002481.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP8\A0002485.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP8\A0004441.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP8\A0005441.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP8\A0006438.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP8\A0006447.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP8\A0007440.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP8\A0007456.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP9\A0007514.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.

d:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP9\A0008335.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.

f:\hjuu.pif (Trojan.Agent) -> Quarantined and deleted successfully.

f:\SysAnti.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

 

un 2eme scan

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Version de la base de données: 7194

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

19/07/2011 01:42:04

mbam-log-2011-07-19 (01-42-04).txt

 

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|)

Elément(s) analysé(s): 151614

Temps écoulé: 6 minute(s), 0 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

c:\system volume information\_restore{74c46b04-d95b-4cba-924e-430d12a4c772}\RP12\A0022615.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonjour,

 

Pour des raisons d'ordre sur le forum et afin de ne pas se mélanger les pinceaux avec les différents rapports et demandes d'analyses, il ne faut pas poster dans le sujet d'un autre membre, chaque procédure est personnelle et faite sur mesure.

 

Crée ton propre sujet en cliquant sur le bouton "Commencer un sujet":

 

zebnouvsujet.jpg

 

Tu seras alors pris(e) en charge personnellement, avec des procédures qui te seront propres.

 

Par la suite, pour répondre dans ton sujet, utilise uniquement le bouton Ajouter une Réponse zebboutonrpondre.jpg et non "répondre" pour ne pas citer le post précédent. Merci.

 

@++

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...