Chargement en cours...
Connexion au forum informatique de Sur-la-Toile
La discussion « virus » se trouve dans le forum « Virus, troyens, etc... »
Statut de la discussion » virus « ( normale)

virus

Le 20 mai à 19:01 #

Salut à tous,avast me détecte un virus
voici le log hijackthis
Code: 
  1.   Logfile of Trend Micro HijackThis v2.0.2

  2.   Scan saved at 18:56:04, on 20/05/2008

  3.   Platform: Windows Vista  (WinNT 6.00.1904)

  4.   MSIE: Internet Explorer v7.00 (7.00.6000.16643)

  5.   Boot mode: Normal

  6.   

  7.   Running processes:

  8.   C:\Windows\system32\taskeng.exe

  9.   C:\Windows\system32\Dwm.exe

  10.   C:\Windows\Explorer.EXE

  11.   C:\Program Files\Windows Defender\MSASCui.exe

  12.   C:\hp\support\hpsysdrv.exe

  13.   C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

  14.   C:\Windows\RtHDVCpl.exe

  15.   C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

  16.   C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

  17.   C:\Program Files\Alwil Software\Avast4\ashDisp.exe

  18.   C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

  19.   C:\Windows\system32\schtasks.exe

  20.   c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

  21.   C:\Program Files\Hercules\WiFi Station\WiFiStation.exe

  22.   C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

  23.   C:\Program Files\Internet Explorer\ieuser.exe

  24.   C:\hp\kbd\kbd.exe

  25.   C:\Users\FLO\Downloads\HiJackThis.exe

  26.   

  27.   R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  28.   R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

  29.   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

  30.   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  31.   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  32.   R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

  33.   R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

  34.   R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

  35.   R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

  36.   O1 - Hosts: ::1 localhost

  37.   O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

  38.   O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

  39.   O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

  40.   O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

  41.   O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  42.   O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

  43.   O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

  44.   O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

  45.   O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

  46.   O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

  47.   O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

  48.   O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

  49.   O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

  50.   O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

  51.   O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

  52.   O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

  53.   O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r

  54.   O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

  55.   O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

  56.   O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

  57.   O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\FLO\AppData\Local\Temp\ddCtSJCu.dll,#1

  58.   O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\FLO\AppData\Local\Temp\xxyxVmlk.dll,c

  59.   O4 - HKCU\..\Run: [109e0892] rundll32.exe "C:\Users\FLO\AppData\Local\Temp\ckpvlkxu.dll",b

  60.   O4 - Global Startup: WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe

  61.   O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

  62.   O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

  63.   O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

  64.   O13 - Gopher Prefix: 

  65.   O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

  66.   O17 - HKLM\System\CCS\Services\Tcpip\..\{CC20F442-AA93-475F-9914-2BF402EDDBC3}: NameServer = 192.168.1.1

  67.   O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

  68.   O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

  69.   O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

  70.   O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

  71.   O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

  72.   O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

  73.   O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

  74.   O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver50\Intel 32\IDriverT.exe

  75.   O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

  76.   O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

  77.   O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

  78.   O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared.0\SharedCOM\RoxMediaDB9.exe

  79.   O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

  80.   O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

  81.   

  82.   --

  83.   End of file - 6532 bytes


    A+ morinas

    Le 20 mai à 19:03 #

    salut
    merci de me répondre mais d'après le log hijackthis (le site), je suis infecté (vundo il me semble)
    a+ morinas

    Le 20 mai à 20:07 #

    ben si tu est infecté tu lance un scan de ton anti virus et lorsque il te détecte ce virus en question tu le met en quarantaine ou si le dossier infecte n'est pas trop important tu le supprime

    Le 20 mai à 20:55 #

    merci de ta réponse
    je l'ai déjà fait et le virus reviens
    mais je cherche quelqu'un qui peut analyser mon log pour me dire si je suis infecté.
    D'après le site de hijackthis (analyse en ligne), je suis infecté.
    a+ morinas

    Le 20 mai à 21:12 #

    salut

    Télécharger sur le Bureau.
    VundoFix

    = Double-clic VundoFix.exe.
    = Clic OK
    =Attendre le redemarrage de Vundofix
    =Clic Scan for Vundo
    = le scan est assez long , à la fin
    =Clic Remove Vundo
    = Puis yes
    = Le Bureau disparaît un moment lors de la suppression des fichiers.
    =Message shutdown
    =clic OK
    =Redémarrage auto

    =copier le rapport qui est dans C:\vundofix.txt
    +
    un nouveau hijack


    Le 20 mai à 21:26 #

    salut GS
    vundo n'a rien trouvé et je n'est pas le rapport dans C:
    voici le rapport de hijackthis
    Code: 
    1.   Logfile of Trend Micro HijackThis v2.0.2

    2.   Scan saved at 21:25:35, on 20/05/2008

    3.   Platform: Windows Vista  (WinNT 6.00.1904)

    4.   MSIE: Internet Explorer v7.00 (7.00.6000.16643)

    5.   Boot mode: Normal

    6.   

    7.   Running processes:

    8.   C:\Windows\system32\Dwm.exe

    9.   C:\Windows\Explorer.EXE

    10.   C:\Windows\system32\taskeng.exe

    11.   C:\Program Files\Windows Defender\MSASCui.exe

    12.   C:\hp\support\hpsysdrv.exe

    13.   C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

    14.   C:\Windows\RtHDVCpl.exe

    15.   C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    16.   C:\Windows\system32\schtasks.exe

    17.   C:\Program Files\Alwil Software\Avast4\ashDisp.exe

    18.   c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

    19.   C:\Program Files\Hercules\WiFi Station\WiFiStation.exe

    20.   C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    21.   C:\Windows\System32\mobsync.exe

    22.   C:\hp\kbd\kbd.exe

    23.   C:\Program Files\Internet Explorer\ieuser.exe

    24.   C:\Program Files\Internet Explorer\iexplore.exe

    25.   C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    26.   C:\Windows\system32\taskeng.exe

    27.   C:\Windows\system32\SearchFilterHost.exe

    28.   C:\Users\FLO\Desktop\HiJackThis.exe

    29.   

    30.   R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    31.   R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

    32.   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    33.   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    34.   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    35.   R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    36.   R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

    37.   R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

    38.   R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

    39.   O1 - Hosts: ::1 localhost

    40.   O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    41.   O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    42.   O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    43.   O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    44.   O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    45.   O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    46.   O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

    47.   O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

    48.   O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

    49.   O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

    50.   O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

    51.   O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    52.   O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

    53.   O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    54.   O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    55.   O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    56.   O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r

    57.   O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

    58.   O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

    59.   O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    60.   O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\FLO\AppData\Local\Temp\tuvUOgHx.dll,#1

    61.   O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\FLO\AppData\Local\Temp\xxyxVmlk.dll,c

    62.   O4 - HKCU\..\Run: [109e0892] rundll32.exe "C:\Users\FLO\AppData\Local\Temp\aqyexbcd.dll",b

    63.   O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

    64.   O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

    65.   O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

    66.   O4 - Global Startup: WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe

    67.   O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    68.   O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    69.   O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    70.   O13 - Gopher Prefix: 

    71.   O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    72.   O17 - HKLM\System\CCS\Services\Tcpip\..\{CC20F442-AA93-475F-9914-2BF402EDDBC3}: NameServer = 192.168.1.1

    73.   O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    74.   O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    75.   O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

    76.   O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    77.   O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    78.   O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    79.   O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    80.   O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver50\Intel 32\IDriverT.exe

    81.   O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

    82.   O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

    83.   O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

    84.   O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared.0\SharedCOM\RoxMediaDB9.exe

    85.   O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    86.   O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    87.   

    88.   --

    89.   End of file - 6989 bytes

      Le 20 mai à 21:32 #

      Télécharger sur le bureau

      Malwarebyte's Anti-Malware

      = double-clic sur mbam-setup pour lancer l'installation
      = Installer simplement sans rien modifier
      = Quand le programme lancé ==> cocher Exécuter un examen complet
      = Clic Rechercher
      = Eventuellement décocher les disque à ne pas analyser
      = Clic Lancer l'examen
      = En fin de scan , si infection trouvée
      ==> Clic Afficher résultat
      = Fermer vos applications en cours
      = Vérifier si tout est coché et clic Supprimer la sélection

      un rapport s'ouvre le copier et le coller dans la réponse

      Le 20 mai à 22:07 #

      voici le rapport
      Code: 
      1.   Malwarebytes' Anti-Malware 1.12

      2.   Version de la base de données: 770

      3.   

      4.   Type de recherche: Examen complet (C:\|D:\|)

      5.   Eléments examinés: 140710

      6.   Temps écoulé: 16 minute(s), 1 second(s)

      7.   

      8.   Processus mémoire infecté(s): 0

      9.   Module(s) mémoire infecté(s): 0

      10.   Clé(s) du Registre infectée(s): 19

      11.   Valeur(s) du Registre infectée(s): 3

      12.   Elément(s) de données du Registre infecté(s): 0

      13.   Dossier(s) infecté(s): 3

      14.   Fichier(s) infecté(s): 12

      15.   

      16.   Processus mémoire infecté(s):

      17.   (Aucun élément nuisible détecté)

      18.   

      19.   Module(s) mémoire infecté(s):

      20.   (Aucun élément nuisible détecté)

      21.   

      22.   Clé(s) du Registre infectée(s):

      23.   HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      24.   HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      25.   HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      26.   HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      27.   HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      28.   HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      29.   HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      30.   HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      31.   HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      32.   HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      33.   HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      34.   HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      35.   HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      36.   HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      37.   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      38.   HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

      39.   HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

      40.   HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      41.   HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      42.   

      43.   Valeur(s) du Registre infectée(s):

      44.   HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Delete on reboot.

      45.   HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.

      46.   HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run9e0892 (Trojan.Vundo) -> Quarantined and deleted successfully.

      47.   

      48.   Elément(s) de données du Registre infecté(s):

      49.   (Aucun élément nuisible détecté)

      50.   

      51.   Dossier(s) infecté(s):

      52.   C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      53.   C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      54.   C:\Program Files\ShoppingReport\Bin.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      55.   

      56.   Fichier(s) infecté(s):

      57.   C:\Users\FLO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5[code]Malwarebytes' Anti-Malware 1.12

        Version de la base de données: 770

        

        Type de recherche: Examen complet (C:\|D:\|)

        Eléments examinés: 140710

        Temps écoulé: 16 minute(s), 1 second(s)

        

        Processus mémoire infecté(s): 0

        Module(s) mémoire infecté(s): 0

        Clé(s) du Registre infectée(s): 19

        Valeur(s) du Registre infectée(s): 3

        Elément(s) de données du Registre infecté(s): 0

        Dossier(s) infecté(s): 3

        Fichier(s) infecté(s): 12

        

        Processus mémoire infecté(s):

        (Aucun élément nuisible détecté)

        

        Module(s) mémoire infecté(s):

        (Aucun élément nuisible détecté)

        

        Clé(s) du Registre infectée(s):

        HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

        HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

        HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        

        Valeur(s) du Registre infectée(s):

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Delete on reboot.

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\109e0892 (Trojan.Vundo) -> Quarantined and deleted successfully.

        

        Elément(s) de données du Registre infecté(s):

        (Aucun élément nuisible détecté)

        

        Dossier(s) infecté(s):

        C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        

        Fichier(s) infecté(s):

        C:\Users\FLO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N7G6PHO\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

        C:\Users\FLO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N7G6PHO\css4[2] (Trojan.Vundo) -> Delete on reboot.

        C:\Users\FLO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWMISQQW\css4[1] (Trojan.Vundo) -> Delete on reboot.

        C:\Users\FLO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D736S7A4\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

        C:\Users\FLO\AppData\Local\Temp\bx18dxv.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

        C:\Users\FLO\AppData\Local\Temp\mapfrgen.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

        C:\Users\FLO\AppData\Local\Temp\printsrv32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

        C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        C:\Users\FLO\AppData\Local\Temp\tuvUOgHx.dll (Trojan.Agent) -> Delete on reboot.

        C:\Users\FLO\AppData\Local\Temp\xxyxVmlk.dll (Trojan.Agent) -> Quarantined and deleted successfully.

        C:\Users\FLO\AppData\Local\Temp\aqyexbcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

        C:\Users\FLO\AppData\Local\Temp\mso11.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.[/code]N7G6PHO\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

      58.   C:\Users\FLO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5[code]Malwarebytes' Anti-Malware 1.12

        Version de la base de données: 770

        

        Type de recherche: Examen complet (C:\|D:\|)

        Eléments examinés: 140710

        Temps écoulé: 16 minute(s), 1 second(s)

        

        Processus mémoire infecté(s): 0

        Module(s) mémoire infecté(s): 0

        Clé(s) du Registre infectée(s): 19

        Valeur(s) du Registre infectée(s): 3

        Elément(s) de données du Registre infecté(s): 0

        Dossier(s) infecté(s): 3

        Fichier(s) infecté(s): 12

        

        Processus mémoire infecté(s):

        (Aucun élément nuisible détecté)

        

        Module(s) mémoire infecté(s):

        (Aucun élément nuisible détecté)

        

        Clé(s) du Registre infectée(s):

        HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

        HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

        HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        

        Valeur(s) du Registre infectée(s):

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Delete on reboot.

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\109e0892 (Trojan.Vundo) -> Quarantined and deleted successfully.

        

        Elément(s) de données du Registre infecté(s):

        (Aucun élément nuisible détecté)

        

        Dossier(s) infecté(s):

        C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        

        Fichier(s) infecté(s):

        C:\Users\FLO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N7G6PHO\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

        C:\Users\FLO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N7G6PHO\css4[2] (Trojan.Vundo) -> Delete on reboot.

        C:\Users\FLO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWMISQQW\css4[1] (Trojan.Vundo) -> Delete on reboot.

        C:\Users\FLO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D736S7A4\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

        C:\Users\FLO\AppData\Local\Temp\bx18dxv.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

        C:\Users\FLO\AppData\Local\Temp\mapfrgen.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

        C:\Users\FLO\AppData\Local\Temp\printsrv32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

        C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        C:\Users\FLO\AppData\Local\Temp\tuvUOgHx.dll (Trojan.Agent) -> Delete on reboot.

        C:\Users\FLO\AppData\Local\Temp\xxyxVmlk.dll (Trojan.Agent) -> Quarantined and deleted successfully.

        C:\Users\FLO\AppData\Local\Temp\aqyexbcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

        C:\Users\FLO\AppData\Local\Temp\mso11.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.[/code]N7G6PHO\css4[2] (Trojan.Vundo) -> Delete on reboot.

      59.   C:\Users\FLO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWMISQQW\css4[1] (Trojan.Vundo) -> Delete on reboot.

      60.   C:\Users\FLO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D736S7A4\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

      61.   C:\Users\FLO\AppData\Local\Temp\bx18dxv.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      62.   C:\Users\FLO\AppData\Local\Temp\mapfrgen.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

      63.   C:\Users\FLO\AppData\Local\Temp\printsrv32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      64.   C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.

      65.   C:\Users\FLO\AppData\Local\Temp\tuvUOgHx.dll (Trojan.Agent) -> Delete on reboot.

      66.   C:\Users\FLO\AppData\Local\Temp\xxyxVmlk.dll (Trojan.Agent) -> Quarantined and deleted successfully.

      67.   C:\Users\FLO\AppData\Local\Temp\aqyexbcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

      68.   C:\Users\FLO\AppData\Local\Temp\mso11.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


        Le 20 mai à 22:13 #

        Bon y a eu du nettoyage de fait.
        Refais un Hjthis, stp.
        » Liste des Forums » Virus, troyens, etc...

        Sujets Connexes

        Arakien & WéWé


        Forums

        Navigation


        Publicité

        Connectés

        Il y a actuellement 335 visiteurs et 16 toiliens en ligne, ainsi que 8 connectés sur le tchat.

        Recherche

        Concours


        Sauf mention contraire, le contenu du blog et du forum est sous licence Creative Commons By-Sa. Vous avez le droit de le reproduire à condition de citer l'auteur, de faire un lien vers la page d'origine, et de partager vos travaux dérivés selon les mêmes conditions.

        Conditions d'utilisation -

        Partenaires: [Informatique Multimédia] [Portail du Maroc] [Actualité High Tech]
        [Tutoriaux Photoshop] [éligibilité ADSL] [Astuces Windows]

        Page générée en 391 millisecondes sur WWW1.