Oxygène PC

Astuces, Sécurité & Aide informatique

1e rapport de MBAM a analyser avec malware et autre probleme

Votre PC est infecté par un troyen, un virus, un spyware ? Vous souhaitez vous débarasser de barres d'outils indésirables ou venir à bout de la publicité intempestive ? C'est ici que vous devez poster vos logs HijackThis et autres rapports pour analyse.

Modérateurs: Modérateurs, Visiteurs Sécu

1e rapport de MBAM a analyser avec malware et autre probleme

Messagepar tom93 » Mer 30 Déc 2009 17:24

Bonjour et merci de m'aider
Pour vous resumer ce qui m'arrive , j'ai été sur internet et j'ai telecharger un faux codec video (enfin je pense que c'etait un faux codec) et des que je l'ai ouvert, j'ai eu un mauvais pressentiment et j'ai tout de suite , paniquer , heureusement j'ai decouvert votre site et le logiciel MBAM , j'ai tout de suite telecharger le logiciel et lancer une analyse rapide et j'ai recolté des centaines de probleme dont un malware et plusieurs trojan , j'ai fait tout ce que vous avez dit sur le tuto et j'ai redemarrer l'ordi , maintenant je vous envoie le compte rendu et je vous supplie de m'aider et de me dire si c'est bon , et avant de vous envoyer le log , je vous remercie d'avoir crée ce site et de m'aider car sans vous j'aurais été mal.

voici le log :
Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3454
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

30/12/2009 17:04:24
mbam-log-2009-12-30 (17-04-24).txt

Type de recherche: Examen rapide
Eléments examinés: 101471
Temps écoulé: 6 minute(s), 22 second(s)

Processus mémoire infecté(s): 6
Module(s) mémoire infecté(s): 13
Clé(s) du Registre infectée(s): 71
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 37
Fichier(s) infecté(s): 100

Processus mémoire infecté(s):
C:\ProgramData\QuestService\questservice131.exe (Adware.Agent) -> Unloaded process successfully.
C:\Program Files\QuestService\questservice.exe (Adware.Agent) -> Unloaded process successfully.
C:\Program Files\Internet Today\1.1.0.1230\InternetToday.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Program Files\Internet Today\1.1.0.1230\InternetToday.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Users\romain\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\QuestService\questservice.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Content Management Wizard\1.1.0.1880\CMWIE.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\CPAIEAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Web Search Operator\4.1.0.1880\WSO.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Textual Content Provider\1.1.0.1710\TCPIE.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\ACEIEAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Internet Today\1.1.0.1230\SkinCrafterDll.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Web Search Operator\4.1.0.1880\WSOCommon.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\ACECommon.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\lri.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\CPACommon.dll (Adware.Agent) -> Delete on reboot.
C:\Windows\System32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\questservice (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PUT2VIDQLG (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet today task (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\losalamos (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\put2vidqlg (Trojan.Dropper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Internet Today (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1230 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\romain\AppData\Local\Temp\cmw\newSetup (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator (Adware.Agent) -> Delete on reboot.
C:\Program Files\Web Search Operator\4.1.0.1880 (Adware.Agent) -> Delete on reboot.
C:\Program Files\Web Search Operator\4.1.0.1880\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider (Adware.Agent) -> Delete on reboot.
C:\Program Files\Textual Content Provider\1.1.0.1710 (Adware.Agent) -> Delete on reboot.
C:\Program Files\Textual Content Provider\1.1.0.1710\data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer (Adware.Agent) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5240 (Adware.Agent) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer (Adware.Agent) -> Delete on reboot.
C:\Program Files\Customized Platform Advancer\4.1.0.1800 (Adware.Agent) -> Delete on reboot.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard (Adware.Agent) -> Delete on reboot.
C:\Program Files\Content Management Wizard\1.1.0.1880 (Adware.Agent) -> Delete on reboot.
C:\ProgramData\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\QuestService (Adware.DoubleD) -> Delete on reboot.
C:\Users\romain\Local Settings\Application Data\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\romain\Local Settings\Application Data\Textual Content Provider (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\romain\Local Settings\Application Data\Textual Content Provider\1.1.0.1710 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\romain\Local Settings\Application Data\Textual Content Provider\1.1.0.1710\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\romain\Local Settings\Application Data\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\romain\Local Settings\Application Data\Web Search Operator\4.1.0.1880 (Adware.DoubleD) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\QuestService\questservice.dll (Adware.Agent) -> Delete on reboot.
C:\ProgramData\QuestService\questservice131.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\QuestService\questservice.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1230\InternetToday.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1880\CMWIE.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\CPAIEAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Web Search Operator\4.1.0.1880\WSO.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Textual Content Provider\1.1.0.1710\TCPIE.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\ACEIEAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Users\romain\AppData\Local\Temp\a.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\romain\AppData\Local\Temp\~nsu.tmp\Au_.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\romain\AppData\Local\Temp\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\mvbup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\romain\AppData\Local\Temp\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\romain\AppData\Local\Temp\Gameztar Toolbar\2.1.2.6090\bin\mvbup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1230\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1230\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1230\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1230\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1230\PixelLogExe.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1230\SkinCrafterDll.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1230\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1230\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\WSOCommon.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Web Search Operator\4.1.0.1880\wsopx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1880\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1710\tcppx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1710\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1710\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1710\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1710\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1710\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1710\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1710\data\TP_DomainInterval.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1710\data\TP_KeywordInterval.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\ACECommon.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\ACEpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\lri.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\CPACommon.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\CPAHelper.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\CPApx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1800\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1880\cmwpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1880\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1880\config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1880\data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1880\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1880\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1880\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1880\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1880\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\QuestService\uninstall.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\romain\Local Settings\Application Data\Textual Content Provider\1.1.0.1710\Data\TP_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\romain\Local Settings\Application Data\Textual Content Provider\1.1.0.1710\Data\TP_Data.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\romain\Local Settings\Application Data\Textual Content Provider\1.1.0.1710\Data\TP_DomainExcludeList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\romain\Local Settings\Application Data\Textual Content Provider\1.1.0.1710\Data\TP_DomainInterval.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\romain\Local Settings\Application Data\Textual Content Provider\1.1.0.1710\Data\TP_KeywordInterval.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\romain\Local Settings\Application Data\Web Search Operator\4.1.0.1880\404data.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\romain\Local Settings\Application Data\Web Search Operator\4.1.0.1880\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\romain\Local Settings\Application Data\Web Search Operator\4.1.0.1880\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\searchPlugins\questservice129.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\searchPlugins\questservice131.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\romain\AppData\Local\Temp\b.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\romain\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Delete on reboot.
C:\Windows\System32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.


encore merci et dite moi si c'est bon ou pas et ce que je doit faire
tom93
 
Messages: 1
Enregistré le: Mer 30 Déc 2009 17:12

Re: 1e rapport de MBAM a analyser avec malware et autre probleme

Messagepar Falkra » Mer 30 Déc 2009 17:29

Bonjour, bienvenue sur le forum. :)

C'était un faux codec, en effet, c'est typique.
En fait, tu n'as pas besoin de codecs pour lire ceci ou cela, il te suffit d'avoir un lecteur qui embarque des librairies de décodage, le codec ne sert réellement que pour encoder, et les encodeurs embarquent aussi de quoi le faire, donc aujourd'hui, on n'a plus vraiment besoin de codecs.
Un lecteur comme VLC, ou Gom Player, par exemple, convient et suffit. En cas de format exotiques, on peut installer les filtres FFdshow, cela permet de tout lire, dans n'importe quel programme (le programme utilisera les filtres de FFdshow).

Voici un peu de doc, si le sujet t'intéresse :
FFdshow, éliminer les codecs et tout lire.


Pour ton affaire, ça doit aller mieux déjà là... vu l'impressionnante quantité de bestioles dégagées par MBAM.

Pour faire le point poste un rapport HijackThis dans ta prochaine réponse stp.

Clique sur ce lien pour télécharger HijackThis 2.0.2 :
http://www.trendsecure.com/portal/en-US ... ckThis.exe
Cette version est sans installateur ou Zip à décompresser, choisis de l'enregistrer sur le bureau.

Lance HijackThis par clic droit, exécuter en tant qu'administrateur (car tu es sous Vista) :
Image

HijackThis démarre, c'est le premier bouton qui nous intéresse "Do a system scan and save a logfile" (le fichier "log" est le rapport).
Clique dessus.

Copie-colle le contenu du rapport qui va s'afficher dans le Bloc-notes dans ta prochaine réponse.
www.libellules.ch
Avatar de l’utilisateur
Falkra
Théoricien Tartineur
 
Messages: 411
Enregistré le: Dim 2 Mar 2008 20:30


Retourner vers Désinfection de virus & nettoyage des nuisances

 


  • Articles en relation
    Réponses
    Vus
    Dernier message

Qui est en ligne

Utilisateurs parcourant ce forum : Aucun utilisateur enregistré et 0 invités