Virus trojan.win32.mordenc.gen

kevinperera13 Messages postés 8 Date d'inscription   Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,j'aurais besoin d'aide pour la suppréssion de se virus trojan.win32.mordenc.gen qui a infecté pas mal de fichier je pense
il supprimé pas mal d'icone de mon bureau et je n'est le menu démarré ni accés au poste de travaille
merci d'avance
Configuration: Windows XP
Firefox 2.0.0.14

13 réponses

  1. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    Télécharge hijackthis : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

    voici un tuto pour bien l installer : https://forums.cnetfrance.fr

    -une fois installé, le renommer HJT.exe pour contrer une éventuelle infection vundo
    -Double-clic dessus
    - Clic sur "Do a system scan and save the log"
    - copier le rapport, le coller dans la réponse
    0
  2. kevinperera13 Messages postés 8 Date d'inscription   Statut Membre
     
    voila se que tu ma demandé:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:34:40, on 16/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HijackThis\HJT.exe

    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    0
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    je ne vois pas d infections mais tu as peut etre une infection vundo :

    Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread

    = double-clic sur mbam-setup pour lancer l'installation
    = Installer simplement sans rien modifier
    = Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
    = Clic Rechercher
    = Eventuellement décocher les disque à ne pas analyser
    = Clic Lancer l'examen
    = En fin de scan , si infection trouvée
    ==> Clic Afficher résultat
    = Fermer vos applications en cours
    = Vérifier si tout est coché et clic Supprimer la sélection

    un rapport s'ouvre le copier et le coller dans la réponse

    Puis redémarrer le pc !!

    ensuite :

    Télécharge sur le bureau virtumundobegone :
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    déconnecte internet et désactive ton antivirus le temps de la manipulation

    => Double clic sur VirtumundoBeGone.exe
    => Clic Continue ==> clic Start
    => Clic Oui
    => A la fin si Vundo est présent , le PC s’éteint et redémarre
    - Si Ecran bleu et message : Erreur fatale .. pas de problème
    => Poster le rapport VBG.TXT qui est sur le bureau
    0
  4. kevinperera13 Messages postés 8 Date d'inscription   Statut Membre
     
    re se que tu m'a demandé:

    Malwarebytes' Anti-Malware 1.20
    Version de la base de données: 957
    Windows 5.1.2600 Service Pack 2

    13:44:36 16/07/2008
    mbam-log-7-16-2008 (13-44-36).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 143334
    Temps écoulé: 28 minute(s), 24 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 75
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 110
    Fichier(s) infecté(s): 126

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{16c65d96-ef19-4439-a6ea-f73a8bec4df0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{6549e485-c533-4e58-ba92-9fbcd2f6e839} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{85648929-03b0-4c51-8a26-37328566258f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a8160b32-92a5-48cb-839d-d4c5d05054e4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9e530d98-03b6-4d5b-9f09-7252b4b87de2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4731b31-431b-4a5d-a3de-328f2b132667} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\pvnsmfor.blqd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\pvnsmfor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\qndsfmao.bwob (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.65.0 (Adware.Zango) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76413-641-4866533-23535) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\BrowserObjects (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\AXPFixer\AXPFixer\Quarantine\Packages (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sam\Application Data\rhcrruj0egbn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\rhcrruj0egbn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\rhcrruj0egbn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\shcpruj0egbn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\Conduit\Community Alerts\Alert.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Bureau\Setup.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Local Settings\Temp\.tt25.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Local Settings\Temp\.tt2B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Local Settings\Temp\.tt31.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Local Settings\Temp\A76-tmpaASI.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP12\A0011984.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP12\A0012039.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP12\A0012060.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP12\A0012091.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP14\A0013610.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP15\A0013641.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP15\A0013683.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP15\A0013722.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP15\A0013767.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP16\A0013808.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP16\A0013838.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0013899.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0014895.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0014925.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0015926.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0016922.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0016945.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0016980.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017008.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017028.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017040.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017067.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017090.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017111.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017139.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP17\A0017163.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP19\A0017192.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP19\A0017216.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP19\A0017256.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP19\A0017345.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP20\A0017405.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP20\A0017415.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP20\A0017431.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP21\A0017458.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP23\A0018460.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP23\A0019463.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP23\A0019491.exe (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP23\A0019492.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0001009.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0002004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0003004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0004004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0005006.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0006004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP4\A0007004.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP5\A0008005.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP6\A0008075.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP7\A0008177.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP7\A0008197.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP8\A0008636.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP8\A0009626.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0009674.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0009698.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0009722.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0009743.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0010743.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0010769.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1A99608D-584A-4378-BED2-2B940962686A}\RP9\A0010797.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\eesl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\epfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\1BC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\8D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\B1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\F7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pphcvruj0egbn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\WinIFixer\MFC71.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Program Files\WinIFixer\msvcp71.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Program Files\WinIFixer\msvcr71.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Program Files\WinIFixer\WinIFixerSkin.dll (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht.tmp (Adware.Zango) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht.tmp (Adware.Zango) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\ProfileReg.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\qndsfmao.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\kvxqmtre.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\evgratsm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\agpqlrfm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\oadkxrts.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ctfmonb.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphcvruj0egbn.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phcvruj0egbn.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renuka\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kevin\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. kevinperera13 Messages postés 8 Date d'inscription   Statut Membre
     
    et enfin celui la:

    [07/16/2008, 13:48:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
    [07/16/2008, 13:48:58] - Detected System Information:
    [07/16/2008, 13:48:58] - Windows Version: 5.1.2600, Service Pack 2
    [07/16/2008, 13:48:58] - Current Username: Administrateur (Admin)
    [07/16/2008, 13:48:58] - Windows is in SAFE mode.
    [07/16/2008, 13:48:58] - Searching for Browser Helper Objects:
    [07/16/2008, 13:48:58] - Finished Searching Browser Helper Objects
    [07/16/2008, 13:48:58] - Finishing up...
    [07/16/2008, 13:48:58] - Nothing found! Exiting...

    [07/16/2008, 13:49:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
    [07/16/2008, 13:49:26] - Detected System Information:
    [07/16/2008, 13:49:26] - Windows Version: 5.1.2600, Service Pack 2
    [07/16/2008, 13:49:26] - Current Username: Administrateur (Admin)
    [07/16/2008, 13:49:26] - Windows is in SAFE mode.
    [07/16/2008, 13:49:26] - Searching for Browser Helper Objects:
    [07/16/2008, 13:49:26] - Finished Searching Browser Helper Objects
    [07/16/2008, 13:49:26] - Finishing up...
    [07/16/2008, 13:49:26] - Nothing found! Exiting...
    0
  7. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok on continue :

    Télécharger l'utilitaire FixVundo (Symantec) : https://www.broadcom.com/support/security-center

    Lancer "FixVundo" en double-cliquant sur son icône.

    Démarrer l'analyse en Cliquant sur "Start".
    A la fin, un rapport d'analyse "FixVundo.log" est disponible dans le dossier de lancement de l'utilitaire.

    copier/coller le rapport dans le nouveau message sur le forum

    ensuite :

    Option 1 - Recherche :

    télécharge smitfraudfix et enregistre le sur le bureau : http://telechargement.zebulon.fr/smitfraudfix.html

    Ensuite double clique sur smitfraudfix puis exécuter

    Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

    copier/coller le rapport dans la réponse.
    0
  8. kevinperera13 Messages postés 8 Date d'inscription   Statut Membre
     
    le premier me donne sa:
    Symantec Trojan.Vundo Removal Tool 1.5.0

    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\01\10-{294CA865-99EF-24A1-A031-B53A9A99DEBD}-v1-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v10-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\11\11-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v11-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v11-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\12\25-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v12-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v25-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\13\26-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v13-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v26-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\14\27-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v14-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v27-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\16\28-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v16-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v28-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\17\29-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v17-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v29-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\18\30-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v18-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v30-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\19\31-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v19-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v31-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\20\32-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v20-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v32-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\21\33-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v21-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v33-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\22\34-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v22-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v34-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\23\35-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v23-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v35-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\kevinperera13@yahoo.fr\SharingMetadata\firkodaddy@msn.com\DFSR\Staging\CS{294CA865-99EF-24A1-A031-B53A9A99DEBD}\24\36-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v24-{E904CBE4-F01C-4790-91D9-DF71341EE84C}-v36-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Messenger\s_pere@yahoo.fr\SharingMetadata\kinsale@hotmail.fr\DFSR\Staging\CS{FA2C225C-B940-07F0-07CA-49C93EF5914C}\01\21-{FA2C225C-B940-07F0-07CA-49C93EF5914C}-v1-{561EA668-C09F-44AF-B11B-7EA5CCFA4C92}-v21-Downloaded.frx (WARNING: not scanned, path to long)
    C:\System Volume Information: (not scanned)
    Trojan.Vundo has not been found on your computer.

    le second:

    SmitFraudFix v2.329

    Rapport fait à 14:58:05,90, 16/07/2008
    Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts
    0
  9. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    le rapport smitfraudfix n est pas complet :s

    refais une recherche stp et poste bien tout le rapport
    0
  10. kevinperera13 Messages postés 8 Date d'inscription   Statut Membre
     
    la c'est mieux nn?

    SmitFraudFix v2.329

    Rapport fait à 15:08:26,39, 16/07/2008
    Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  11. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    oui il est complet celui là...fais ceci :

    Option 2 - Nettoyage :

    Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage).

    Double cliquer sur smitfraudfix

    Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

    A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

    Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

    Redémarrer en mode normal et poster le rapport.

    ensuite :

    télécharge rogueremover à cette adresse : http://www.malwarebytes.org/rogueremover/free/rr-free-setup.exe

    C est un programme en anglais, Si aucune mise à jour n'est disponible le message There are no program updates available apparaît.

    Si d'éventuelles mises à jour pour la base de données est disponible, le message There is a newer version of the databases available, please select Download apparaît.
    Cliquez sur le bouton OK.

    Cliquez sur le bouton Download de la nouvelle fenêtre.

    La mise à jour se télécharge et s'installe, une fois terminée, la popup Database update complete apparaît.
    Cliquez sur le bouton OK.
    Le menu Scan lance un scanne de l'ordinateur

    Programs Targeted ouvre la liste des programmes visés par RogueRemover
    Exclude List permet d'exclure des programmes à supprimer par RogueRemover
    Check for updates à droite permet de mettre à jour le logiciel.

    Le scan donne sous forme de liste les éléments néfastes détectés.

    Ces derniers sont automatiquement coché.

    Il suffit de cliquer sur le bouton Remove Selected pour procéder à la suppression.

    Une popup vous demande si vous désirez envoyer le résultat d'analyse à RogueNET. Aucune information personnelle n'est envoyée.
    Cliquez sur Yes pour accepter, No pour refuser.

    Une fois la suppression effectuée, une fenêtre vous indique qu'un rapport a été généré.
    Ce dernier est placé dans le dossier RogueRemover, par défaut C:\Program Files\RogueRemover
    Une fois le nettoyage terminé, un rapport va s'ouvrir sur le Bloc-Note.

    Copier/coller le rapport dans la réponse
    0
  12. kevinperera13 Messages postés 8 Date d'inscription   Statut Membre
     
    voila:

    SmitFraudFix v2.329

    Rapport fait à 15:29:08,03, 16/07/2008
    Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{49B90545-194B-4652-AF85-0184C0378928}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    ensuite:
    mais pour celui -la il ne détecte rien
    0
  13. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok...

    télécharge a-squared free 3.5 à cette adresse : https://www.emsisoft.com/fr/

    fais la mise à jour et analyses.

    Vas aussi faire des analyses en ligne à cette adresse :

    http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php

    Les deux premiers savent désinfecter.
    0
    1. kevinperera13
       
      le virus n'est toujourd pas partie
      il me laisse peu d'action
      il m'a retirer le poste de travaille et l'acces au disque dur.
      je devrait suppirmer cette séssion??
      0
  14. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Non ne supprime pas la session...est ce que tu asz fais toutes les analyses que je t ai demandé au message 12 ??

    refais un nouveau rapport hijackthis stp
    0