Virus trojan.win32.mordenc.gen
Fermé
kevinperera13
Messages postés
8
Date d'inscription
mercredi 16 juillet 2008
Statut
Membre
Dernière intervention
14 août 2008
-
16 juil. 2008 à 13:22
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 17 juil. 2008 à 01:20
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 17 juil. 2008 à 01:20
A voir également:
- Virus trojan.win32.mordenc.gen
- Tinyurl virus - Forum Virus / Sécurité
- Svchost.exe virus - Guide
- Tlauncher virus ✓ - Forum Jeux vidéo
- Softonic virus - Forum Virus / Sécurité
- 6 proccesus svchost.exe Virus? ✓ - Forum Virus / Sécurité
13 réponses
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
16 juil. 2008 à 13:27
16 juil. 2008 à 13:27
Salut !!
Télécharge hijackthis : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
voici un tuto pour bien l installer : https://forums.cnetfrance.fr
-une fois installé, le renommer HJT.exe pour contrer une éventuelle infection vundo
-Double-clic dessus
- Clic sur "Do a system scan and save the log"
- copier le rapport, le coller dans la réponse
Télécharge hijackthis : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
voici un tuto pour bien l installer : https://forums.cnetfrance.fr
-une fois installé, le renommer HJT.exe pour contrer une éventuelle infection vundo
-Double-clic dessus
- Clic sur "Do a system scan and save the log"
- copier le rapport, le coller dans la réponse
kevinperera13
Messages postés
8
Date d'inscription
mercredi 16 juillet 2008
Statut
Membre
Dernière intervention
14 août 2008
16 juil. 2008 à 13:35
16 juil. 2008 à 13:35
voila se que tu ma demandé:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:40, on 16/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:40, on 16/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
16 juil. 2008 à 13:42
16 juil. 2008 à 13:42
je ne vois pas d infections mais tu as peut etre une infection vundo :
Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread
= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection
un rapport s'ouvre le copier et le coller dans la réponse
Puis redémarrer le pc !!
ensuite :
Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
déconnecte internet et désactive ton antivirus le temps de la manipulation
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread
= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection
un rapport s'ouvre le copier et le coller dans la réponse
Puis redémarrer le pc !!
ensuite :
Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
déconnecte internet et désactive ton antivirus le temps de la manipulation
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
kevinperera13
Messages postés
8
Date d'inscription
mercredi 16 juillet 2008
Statut
Membre
Dernière intervention
14 août 2008
16 juil. 2008 à 13:45
16 juil. 2008 à 13:45
re se que tu m'a demandé:
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 957
Windows 5.1.2600 Service Pack 2
13:44:36 16/07/2008
mbam-log-7-16-2008 (13-44-36).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 143334
Temps écoulé: 28 minute(s), 24 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 75
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 110
Fichier(s) infecté(s): 126
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{16c65d96-ef19-4439-a6ea-f73a8bec4df0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{6549e485-c533-4e58-ba92-9fbcd2f6e839} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{85648929-03b0-4c51-8a26-37328566258f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a8160b32-92a5-48cb-839d-d4c5d05054e4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9e530d98-03b6-4d5b-9f09-7252b4b87de2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4731b31-431b-4a5d-a3de-328f2b132667} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.blqd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bwob (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.65.0 (Adware.Zango) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76413-641-4866533-23535) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\BrowserObjects (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Packages (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Conduit\Community Alerts\Alert.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Bureau\Setup.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt25.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt2B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt31.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\A76-tmpaASI.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP12\A0011984.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP12\A0012039.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP12\A0012060.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP12\A0012091.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP14\A0013610.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP15\A0013641.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP15\A0013683.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP15\A0013722.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP15\A0013767.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP16\A0013808.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP16\A0013838.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0013899.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0014895.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0014925.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0015926.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0016922.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0016945.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0016980.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017008.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017028.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017040.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017067.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017090.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017111.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017139.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017163.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP19\A0017192.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP19\A0017216.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP19\A0017256.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP19\A0017345.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP20\A0017405.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP20\A0017415.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP20\A0017431.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP21\A0017458.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP23\A0018460.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP23\A0019463.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP23\A0019491.exe (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP23\A0019492.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0001009.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0002004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0003004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0004004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0005006.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0006004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0007004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP5\A0008005.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP6\A0008075.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP7\A0008177.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP7\A0008197.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP8\A0008636.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP8\A0009626.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0009674.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0009698.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0009722.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0009743.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0010743.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0010769.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0010797.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\eesl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\epfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1BC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcvruj0egbn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\WinIFixer\MFC71.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Program Files\WinIFixer\msvcp71.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Program Files\WinIFixer\msvcr71.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Program Files\WinIFixer\WinIFixerSkin.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht.tmp (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht.tmp (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\ProfileReg.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\qndsfmao.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\kvxqmtre.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\evgratsm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\agpqlrfm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\oadkxrts.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmonb.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcvruj0egbn.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcvruj0egbn.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 957
Windows 5.1.2600 Service Pack 2
13:44:36 16/07/2008
mbam-log-7-16-2008 (13-44-36).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 143334
Temps écoulé: 28 minute(s), 24 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 75
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 110
Fichier(s) infecté(s): 126
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{16c65d96-ef19-4439-a6ea-f73a8bec4df0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{6549e485-c533-4e58-ba92-9fbcd2f6e839} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{85648929-03b0-4c51-8a26-37328566258f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a8160b32-92a5-48cb-839d-d4c5d05054e4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9e530d98-03b6-4d5b-9f09-7252b4b87de2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4731b31-431b-4a5d-a3de-328f2b132667} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.blqd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bwob (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.65.0 (Adware.Zango) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76413-641-4866533-23535) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\BrowserObjects (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Packages (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Conduit\Community Alerts\Alert.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Bureau\Setup.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt25.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt2B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt31.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\A76-tmpaASI.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP12\A0011984.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP12\A0012039.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP12\A0012060.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP12\A0012091.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP14\A0013610.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP15\A0013641.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP15\A0013683.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP15\A0013722.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP15\A0013767.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP16\A0013808.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP16\A0013838.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0013899.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0014895.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0014925.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0015926.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0016922.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0016945.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0016980.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017008.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017028.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017040.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017067.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017090.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017111.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017139.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017163.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP19\A0017192.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP19\A0017216.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP19\A0017256.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP19\A0017345.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP20\A0017405.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP20\A0017415.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP20\A0017431.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP21\A0017458.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP23\A0018460.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP23\A0019463.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP23\A0019491.exe (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP23\A0019492.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0001009.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0002004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0003004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0004004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0005006.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0006004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0007004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP5\A0008005.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP6\A0008075.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP7\A0008177.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP7\A0008197.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP8\A0008636.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP8\A0009626.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0009674.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0009698.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0009722.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0009743.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0010743.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0010769.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0010797.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\eesl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\epfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1BC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcvruj0egbn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\WinIFixer\MFC71.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Program Files\WinIFixer\msvcp71.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Program Files\WinIFixer\msvcr71.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Program Files\WinIFixer\WinIFixerSkin.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht.tmp (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht.tmp (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\ProfileReg.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\qndsfmao.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\kvxqmtre.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\evgratsm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\agpqlrfm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\oadkxrts.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmonb.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcvruj0egbn.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcvruj0egbn.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Renuka\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
kevinperera13
Messages postés
8
Date d'inscription
mercredi 16 juillet 2008
Statut
Membre
Dernière intervention
14 août 2008
16 juil. 2008 à 13:50
16 juil. 2008 à 13:50
et enfin celui la:
[07/16/2008, 13:48:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[07/16/2008, 13:48:58] - Detected System Information:
[07/16/2008, 13:48:58] - Windows Version: 5.1.2600, Service Pack 2
[07/16/2008, 13:48:58] - Current Username: Administrateur (Admin)
[07/16/2008, 13:48:58] - Windows is in SAFE mode.
[07/16/2008, 13:48:58] - Searching for Browser Helper Objects:
[07/16/2008, 13:48:58] - Finished Searching Browser Helper Objects
[07/16/2008, 13:48:58] - Finishing up...
[07/16/2008, 13:48:58] - Nothing found! Exiting...
[07/16/2008, 13:49:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[07/16/2008, 13:49:26] - Detected System Information:
[07/16/2008, 13:49:26] - Windows Version: 5.1.2600, Service Pack 2
[07/16/2008, 13:49:26] - Current Username: Administrateur (Admin)
[07/16/2008, 13:49:26] - Windows is in SAFE mode.
[07/16/2008, 13:49:26] - Searching for Browser Helper Objects:
[07/16/2008, 13:49:26] - Finished Searching Browser Helper Objects
[07/16/2008, 13:49:26] - Finishing up...
[07/16/2008, 13:49:26] - Nothing found! Exiting...
[07/16/2008, 13:48:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[07/16/2008, 13:48:58] - Detected System Information:
[07/16/2008, 13:48:58] - Windows Version: 5.1.2600, Service Pack 2
[07/16/2008, 13:48:58] - Current Username: Administrateur (Admin)
[07/16/2008, 13:48:58] - Windows is in SAFE mode.
[07/16/2008, 13:48:58] - Searching for Browser Helper Objects:
[07/16/2008, 13:48:58] - Finished Searching Browser Helper Objects
[07/16/2008, 13:48:58] - Finishing up...
[07/16/2008, 13:48:58] - Nothing found! Exiting...
[07/16/2008, 13:49:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[07/16/2008, 13:49:26] - Detected System Information:
[07/16/2008, 13:49:26] - Windows Version: 5.1.2600, Service Pack 2
[07/16/2008, 13:49:26] - Current Username: Administrateur (Admin)
[07/16/2008, 13:49:26] - Windows is in SAFE mode.
[07/16/2008, 13:49:26] - Searching for Browser Helper Objects:
[07/16/2008, 13:49:26] - Finished Searching Browser Helper Objects
[07/16/2008, 13:49:26] - Finishing up...
[07/16/2008, 13:49:26] - Nothing found! Exiting...
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
16 juil. 2008 à 14:06
16 juil. 2008 à 14:06
ok on continue :
Télécharger l'utilitaire FixVundo (Symantec) : https://www.broadcom.com/support/security-center
Lancer "FixVundo" en double-cliquant sur son icône.
Démarrer l'analyse en Cliquant sur "Start".
A la fin, un rapport d'analyse "FixVundo.log" est disponible dans le dossier de lancement de l'utilitaire.
copier/coller le rapport dans le nouveau message sur le forum
ensuite :
Option 1 - Recherche :
télécharge smitfraudfix et enregistre le sur le bureau : http://telechargement.zebulon.fr/smitfraudfix.html
Ensuite double clique sur smitfraudfix puis exécuter
Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.
copier/coller le rapport dans la réponse.
Télécharger l'utilitaire FixVundo (Symantec) : https://www.broadcom.com/support/security-center
Lancer "FixVundo" en double-cliquant sur son icône.
Démarrer l'analyse en Cliquant sur "Start".
A la fin, un rapport d'analyse "FixVundo.log" est disponible dans le dossier de lancement de l'utilitaire.
copier/coller le rapport dans le nouveau message sur le forum
ensuite :
Option 1 - Recherche :
télécharge smitfraudfix et enregistre le sur le bureau : http://telechargement.zebulon.fr/smitfraudfix.html
Ensuite double clique sur smitfraudfix puis exécuter
Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.
copier/coller le rapport dans la réponse.
kevinperera13
Messages postés
8
Date d'inscription
mercredi 16 juillet 2008
Statut
Membre
Dernière intervention
14 août 2008
16 juil. 2008 à 14:59
16 juil. 2008 à 14:59
le premier me donne sa:
Symantec Trojan.Vundo Removal Tool 1.5.0
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\01\10-{294CA865-99EF-24A1-A031-B53A9A99DEBD}-v1-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\11\11-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v11-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v11-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\12\25-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v12-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v25-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\13\26-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v13-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v26-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\14\27-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v14-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v27-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\16\28-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v16-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v28-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\17\29-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v17-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v29-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\18\30-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v18-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v30-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\19\31-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v19-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v31-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\20\32-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v20-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v32-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\21\33-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v21-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v33-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\22\34-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v22-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v34-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\23\35-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v23-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v35-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\24\36-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v24-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v36-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\s_pere@yahoo.fr\SharingMetadata\kinsale@hotmail.fr\DFSR\Staging\CS{FA2C225C-B940-07F0-07CA-49C93EF5914C}\01\21-{FA2C225C-B940-07F0-07CA-49C93EF5914C}-v1-{561EA668-C09F-44AF-B11B-7EA5CCFA4C92}-v21-Downloaded.frx (WARNING: not scanned, path to long)
C:\System Volume Information: (not scanned)
Trojan.Vundo has not been found on your computer.
le second:
SmitFraudFix v2.329
Rapport fait à 14:58:05,90, 16/07/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Symantec Trojan.Vundo Removal Tool 1.5.0
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\01\10-{294CA865-99EF-24A1-A031-B53A9A99DEBD}-v1-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\11\11-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v11-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v11-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\12\25-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v12-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v25-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\13\26-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v13-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v26-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\14\27-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v14-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v27-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\16\28-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v16-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v28-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\17\29-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v17-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v29-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\18\30-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v18-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v30-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\19\31-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v19-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v31-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\20\32-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v20-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v32-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\21\33-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v21-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v33-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\22\34-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v22-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v34-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\23\35-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v23-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v35-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\24\36-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v24-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v36-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\s_pere@yahoo.fr\SharingMetadata\kinsale@hotmail.fr\DFSR\Staging\CS{FA2C225C-B940-07F0-07CA-49C93EF5914C}\01\21-{FA2C225C-B940-07F0-07CA-49C93EF5914C}-v1-{561EA668-C09F-44AF-B11B-7EA5CCFA4C92}-v21-Downloaded.frx (WARNING: not scanned, path to long)
C:\System Volume Information: (not scanned)
Trojan.Vundo has not been found on your computer.
le second:
SmitFraudFix v2.329
Rapport fait à 14:58:05,90, 16/07/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
16 juil. 2008 à 15:04
16 juil. 2008 à 15:04
le rapport smitfraudfix n est pas complet :s
refais une recherche stp et poste bien tout le rapport
refais une recherche stp et poste bien tout le rapport
kevinperera13
Messages postés
8
Date d'inscription
mercredi 16 juillet 2008
Statut
Membre
Dernière intervention
14 août 2008
16 juil. 2008 à 15:09
16 juil. 2008 à 15:09
la c'est mieux nn?
SmitFraudFix v2.329
Rapport fait à 15:08:26,39, 16/07/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.329
Rapport fait à 15:08:26,39, 16/07/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
16 juil. 2008 à 15:17
16 juil. 2008 à 15:17
oui il est complet celui là...fais ceci :
Option 2 - Nettoyage :
Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage).
Double cliquer sur smitfraudfix
Sélectionner 2 pour supprimer les fichiers responsables de l'infection.
A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.
Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
Redémarrer en mode normal et poster le rapport.
ensuite :
télécharge rogueremover à cette adresse : http://www.malwarebytes.org/rogueremover/free/rr-free-setup.exe
C est un programme en anglais, Si aucune mise à jour n'est disponible le message There are no program updates available apparaît.
Si d'éventuelles mises à jour pour la base de données est disponible, le message There is a newer version of the databases available, please select Download apparaît.
Cliquez sur le bouton OK.
Cliquez sur le bouton Download de la nouvelle fenêtre.
La mise à jour se télécharge et s'installe, une fois terminée, la popup Database update complete apparaît.
Cliquez sur le bouton OK.
Le menu Scan lance un scanne de l'ordinateur
Programs Targeted ouvre la liste des programmes visés par RogueRemover
Exclude List permet d'exclure des programmes à supprimer par RogueRemover
Check for updates à droite permet de mettre à jour le logiciel.
Le scan donne sous forme de liste les éléments néfastes détectés.
Ces derniers sont automatiquement coché.
Il suffit de cliquer sur le bouton Remove Selected pour procéder à la suppression.
Une popup vous demande si vous désirez envoyer le résultat d'analyse à RogueNET. Aucune information personnelle n'est envoyée.
Cliquez sur Yes pour accepter, No pour refuser.
Une fois la suppression effectuée, une fenêtre vous indique qu'un rapport a été généré.
Ce dernier est placé dans le dossier RogueRemover, par défaut C:\Program Files\RogueRemover
Une fois le nettoyage terminé, un rapport va s'ouvrir sur le Bloc-Note.
Copier/coller le rapport dans la réponse
Option 2 - Nettoyage :
Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage).
Double cliquer sur smitfraudfix
Sélectionner 2 pour supprimer les fichiers responsables de l'infection.
A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.
Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
Redémarrer en mode normal et poster le rapport.
ensuite :
télécharge rogueremover à cette adresse : http://www.malwarebytes.org/rogueremover/free/rr-free-setup.exe
C est un programme en anglais, Si aucune mise à jour n'est disponible le message There are no program updates available apparaît.
Si d'éventuelles mises à jour pour la base de données est disponible, le message There is a newer version of the databases available, please select Download apparaît.
Cliquez sur le bouton OK.
Cliquez sur le bouton Download de la nouvelle fenêtre.
La mise à jour se télécharge et s'installe, une fois terminée, la popup Database update complete apparaît.
Cliquez sur le bouton OK.
Le menu Scan lance un scanne de l'ordinateur
Programs Targeted ouvre la liste des programmes visés par RogueRemover
Exclude List permet d'exclure des programmes à supprimer par RogueRemover
Check for updates à droite permet de mettre à jour le logiciel.
Le scan donne sous forme de liste les éléments néfastes détectés.
Ces derniers sont automatiquement coché.
Il suffit de cliquer sur le bouton Remove Selected pour procéder à la suppression.
Une popup vous demande si vous désirez envoyer le résultat d'analyse à RogueNET. Aucune information personnelle n'est envoyée.
Cliquez sur Yes pour accepter, No pour refuser.
Une fois la suppression effectuée, une fenêtre vous indique qu'un rapport a été généré.
Ce dernier est placé dans le dossier RogueRemover, par défaut C:\Program Files\RogueRemover
Une fois le nettoyage terminé, un rapport va s'ouvrir sur le Bloc-Note.
Copier/coller le rapport dans la réponse
kevinperera13
Messages postés
8
Date d'inscription
mercredi 16 juillet 2008
Statut
Membre
Dernière intervention
14 août 2008
16 juil. 2008 à 15:33
16 juil. 2008 à 15:33
voila:
SmitFraudFix v2.329
Rapport fait à 15:29:08,03, 16/07/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
ensuite:
mais pour celui -la il ne détecte rien
SmitFraudFix v2.329
Rapport fait à 15:29:08,03, 16/07/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
ensuite:
mais pour celui -la il ne détecte rien
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
16 juil. 2008 à 15:36
16 juil. 2008 à 15:36
ok...
télécharge a-squared free 3.5 à cette adresse : https://www.emsisoft.com/fr/
fais la mise à jour et analyses.
Vas aussi faire des analyses en ligne à cette adresse :
http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php
Les deux premiers savent désinfecter.
télécharge a-squared free 3.5 à cette adresse : https://www.emsisoft.com/fr/
fais la mise à jour et analyses.
Vas aussi faire des analyses en ligne à cette adresse :
http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php
Les deux premiers savent désinfecter.
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
17 juil. 2008 à 01:20
17 juil. 2008 à 01:20
Non ne supprime pas la session...est ce que tu asz fais toutes les analyses que je t ai demandé au message 12 ??
refais un nouveau rapport hijackthis stp
refais un nouveau rapport hijackthis stp