VOici le rapport du logiciel anti malware :
www.malwarebytes.org
Version de la base de données: 7804
Windows 5.1.2600 Service Pack 3, v.5657
Internet Explorer 7.0.5730.13
27/09/2011 05:09:01
mbam-log-2011-09-27 (05-09-01).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 154882
Temps écoulé: 2 minute(s), 28 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 19
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\B60JHDGR6V (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESULTBAR_SERVICE (Adware.ResultBar) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790476B6765F5632AF93 (Malware.Trace) -> Value: SRS_IT_E8790476B6765F5632AF93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1457\system.exe,C:\Documents and Settings\Administrateur\Application Data\bowcav.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,C:\RECYCLER\S-1-5-21-4521074251-7211703373-175759575-4124\csisf.exe,C:\RECYCLER\S-1-5-21-7131274646-2820617136-881382526-7261\csisf.exe,C:\RECYCLER\S-1-5-21-9296776465-9460622971-264913242-1745\csisd.exe,C:\RECYCLER\S-1-5-21-5354115580-2384741323-463725053-1867\csisd.exe,C:\RECYCLER\S-1-5-21-1211609757-4383998352-993153571-4898\csisd.exe,C:\RECYCLER\S-1-5-21-6045905662-6869573976-167443084-8740\csidrv.exe,C:\RECYCLER\S-1-5-21-0696727308-2448750555-882005548-5618\csidrv.exe,C:\RECYCLER\S-1-5-21-2273464656-5681065750-539732056-3215\csidrv.exe,C:\RECYCLER\S-1-5-21-6558871629-6355012451-135137063-3527\csidrv.exe,C:\RECYCLER\S-1-5-21-2214229849-8140363991-971388068-3887\csidrv.exe,C:\RECYCLER\S-1-5-21-1762236604-8756996538-697453850-2136\syscr.exe,C:\RECYCLER\S-1-5-21-0021188857-2609624543-475689740-4138\syscr.exe,C:\RECYCLER\S-1-5-21-1582671520-7739813430-428971954-4327\syscr.exe,C:\RECYCLER\S-1-5-21-4701554798-2733793570-365764071-9734\syscr.exe,C:\RECYCLER\S-1-5-21-4696454274-3572972065-390265237-4927\syscr.exe,C:\RECYCLER\S-1-5-21-9856631588-5008678159-629044109-0971\syscr.exe,C:\RECYCLER\S-1-5-21-0149272805-0241102133-471712551-9386\syscr.exe,C:\RECYCLER\S-1-5-21-3037183806-9703091362-920400447-2176\winmap.exe,C:\Documents and Settings\Administrateur\Application Data\oekx.exe,C:\RECYCLER\S-1-5-21-4972289688-1307647452-422906717-9545\winmap.exe,C:\RECYCLER\S-1-5-21-1846635395-8937694028-935166601-0338\syscr.exe,C:\RECYCLER\S-1-5-21-9690344663-3104092284-511224202-6275\syscr.exe,C:\RECYCLER\S-1-5-21-9446638502-9129914309-660005626-8809\syscr.exe,C:\RECYCLER\S-1-5-21-2565731979-4907802738-103158288-6703\syscr.exe,C:\RECYCLER\S-1-5-21-4955135036-4715467502-486379464-1565\syscr.exe,C:\RECYCLER\S-1-5-21-3748154580-5605191022-419351042-0835\syscr.exe,C:\RECYCLER\S-1-5-21-2705746733-1718745903-692526298-3307\syscr.exe,C:\RECYCLER\S-1-5-21-7388038126-5014790569-871387547-7227\syscr.exe,C:\RECYCLER\S-1-5-21-2029373998-7180230923-225093658-8396\syscr.exe,C:\RECYCLER\S-1-5-21-9361099576-3275576918-157838024-8888\syscr.exe,C:\RECYCLER\S-1-5-21-6545351075-8798928580-857390543-8602\syscr.exe,C:\RECYCLER\S-1-5-21-6988457402-7797719832-602322827-7284\syscr.exe,C:\RECYCLER\S-1-5-21-9154914094-5122475735-995135564-6121\syscr.exe,C:\RECYCLER\S-1-5-21-0717880187-0202044066-162310307-6235\syscr.exe,C:\RECYCLER\S-1-5-21-0403080662-2511108117-996297153-4521\syscr.exe,C:\RECYCLER\S-1-5-21-3585675925-4903839802-775788564-3420\syscr.exe,C:\RECYCLER\S-1-5-21-1933587476-2744520974-547673549-3659\syscr.exe,C:\RECYCLER\S-1-5-21-3565752085-4616245876-398790244-1512\syscr.exe,C:\RECYCLER\S-1-5-21-4662908476-7738706081-579006646-4228\syscr.exe,C:\RECYCLER\S-1-5-21-6661796126-3166086023-990312299-0627\syscr.exe,C:\RECYCLER\S-1-5-21-6709613142-4508270459-364721013-6657\syscr.exe,C:\RECYCLER\S-1-5-21-4697940930-2315918881-502556073-1354\syscr.exe,C:\RECYCLER\S-1-5-21-8832026228-2426330687-909160009-4494\syscr.exe,C:\RECYCLER\S-1-5-21-0126128081-9428150989-187784715-5986\syscr.exe,C:\RECYCLER\S-1-5-21-2082250831-2119746310-224243649-8908\syscr.exe,C:\RECYCLER\S-1-5-21-8285387507-9853819939-454597708-0883\syscr.exe,explorer.exe,C:\Documents and Settings\Administrateur\Application Data\ltzqai.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (PUM.Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (PUM.Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
c:\documents and settings\all users\application data\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0} (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413 (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1457 (Trojan.Palevo) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\WINDOWS\system32\calc.exe (Trojan.Zbot.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\5LA51KMC\tyf[3].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\Z1XRQTGB\tyf[10].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\Z1XRQTGB\tyf[2].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\mdjaw.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nigzss.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\nigzss.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\logfile32.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\nigzss.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome.manifest (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\install.rdf (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome\resultbar.jar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences\prefs.js (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Worm.AutoRun.Gen) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1457\Desktop.ini (Trojan.Palevo) -> Quarantined and deleted successfully.
