Antivirusxp2008
malou35
Messages postés
2
Date d'inscription
Statut
Membre
Dernière intervention
-
g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention -
g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour,je suis ds la panade j'aie choper antivirusxp 2008 meme avec avast familliale on m'avait die que c'etaie une passoir mais bon j'aie essaye de m'ensortire tout seul mais je suis pas un pro loin de la si qq1 pouvaie me donner un coup de mains merci a tous
4 réponses
Salut
je viens juste de régler le même problème en suivant les conseils ci-dessous. ( merci à chiquitine 29 pour l'info )
Telecharge malwarebytes
-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
ps : les rapport sont aussi rangé dans l onglet rapport/log
je viens juste de régler le même problème en suivant les conseils ci-dessous. ( merci à chiquitine 29 pour l'info )
Telecharge malwarebytes
-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
ps : les rapport sont aussi rangé dans l onglet rapport/log
Salut,
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
@+
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
@+
D'ailleurs voici le rapport pour ceux que ça interesse ( moi perso je suis pas top en informatique et là ça dépasse mes faibles compétences )
Malwarebytes' Anti-Malware 1.22
Version de la base de données: 981
Windows 5.1.2600 Service Pack 2
07:25:54 23/07/2008
mbam-log-7-23-2008 (07-25-54).txt
Type de recherche: Examen rapide
Eléments examinés: 41826
Temps écoulé: 7 minute(s), 11 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.Downloader) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc (Trojan.MyDoom) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcjbpj0e72c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\rhcnbpj0e72c.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\rhcnbpj0e72c.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\shanghai.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcjbpj0e72c.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcjbpj0e72c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcjbpj0e72c.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.22
Version de la base de données: 981
Windows 5.1.2600 Service Pack 2
07:25:54 23/07/2008
mbam-log-7-23-2008 (07-25-54).txt
Type de recherche: Examen rapide
Eléments examinés: 41826
Temps écoulé: 7 minute(s), 11 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.Downloader) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc (Trojan.MyDoom) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcjbpj0e72c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\rhcnbpj0e72c.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\rhcnbpj0e72c.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\shanghai.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcjbpj0e72c.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcjbpj0e72c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcjbpj0e72c.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
merci mille fois caMalwarebytes' Anti-Malware 1.22
Version de la base de données: 982
Windows 5.1.2600 Service Pack 2
13:12:34 23/07/2008
mbam-log-7-23-2008 (13-12-34).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 82598
Temps écoulé: 37 minute(s), 57 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 18
Fichier(s) infecté(s): 35
Processus mémoire infecté(s):
C:\Program Files\rhc7anj0ee5p\rhc7anj0ee5p.exe (Rogue.Multiple) -> Failed to unload process.
C:\WINDOWS\system32\lphc3anj0ee5p.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\suguebkh.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\cjtrec.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\rhc7anj0ee5p\MFC71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhc7anj0ee5p\msvcp71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhc7anj0ee5p\msvcr71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\WINDOWS\system32\blphc3anj0ee5p.scr (Trojan.FakeAlert) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21cf007e-3a90-4a0c-812a-23987d45a339} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{21cf007e-3a90-4a0c-812a-23987d45a339} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc7anj0ee5p (Rogue.Multiple) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3047ec0f (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc7anj0ee5p (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3anj0ee5p (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p (Rogue.Multiple) -> Delete on reboot.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\cjtrec.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\suguebkh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hkbeugus.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP108\A0035752.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP113\A0036855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP113\A0036849.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP115\A0037120.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP115\A0037121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP115\A0037119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP116\A0037302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP116\A0037303.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP116\A0037301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP89\A0017765.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\weryykvi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080721184710468.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080721185539515.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\rhc7anj0ee5p.exe (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\rhc7anj0ee5p.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc3anj0ee5p.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc3anj0ee5p.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3anj0ee5p.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
a l'aire de fonctionner
Version de la base de données: 982
Windows 5.1.2600 Service Pack 2
13:12:34 23/07/2008
mbam-log-7-23-2008 (13-12-34).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 82598
Temps écoulé: 37 minute(s), 57 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 18
Fichier(s) infecté(s): 35
Processus mémoire infecté(s):
C:\Program Files\rhc7anj0ee5p\rhc7anj0ee5p.exe (Rogue.Multiple) -> Failed to unload process.
C:\WINDOWS\system32\lphc3anj0ee5p.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\suguebkh.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\cjtrec.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\rhc7anj0ee5p\MFC71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhc7anj0ee5p\msvcp71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhc7anj0ee5p\msvcr71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\WINDOWS\system32\blphc3anj0ee5p.scr (Trojan.FakeAlert) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21cf007e-3a90-4a0c-812a-23987d45a339} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{21cf007e-3a90-4a0c-812a-23987d45a339} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc7anj0ee5p (Rogue.Multiple) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3047ec0f (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc7anj0ee5p (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3anj0ee5p (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p (Rogue.Multiple) -> Delete on reboot.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\cjtrec.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\suguebkh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hkbeugus.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP108\A0035752.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP113\A0036855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP113\A0036849.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP115\A0037120.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP115\A0037121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP115\A0037119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP116\A0037302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP116\A0037303.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP116\A0037301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP89\A0017765.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\weryykvi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080721184710468.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080721185539515.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\rhc7anj0ee5p.exe (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\rhc7anj0ee5p.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc3anj0ee5p.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc3anj0ee5p.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3anj0ee5p.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
a l'aire de fonctionner
Je te remercie de l'info car je ne commençais pas a rigolé et ton info pour les malware ma été très utile ,car il a tout Virer et depuis 5 min mon p.c est repartie comme en 14.
Pour ceux qui ont un soucis faite confiances a ces logiciels.
Résultat super.
Version de la base de données: 1077
Windows 5.1.2600 Service Pack 3
19:58:56 22/08/2008
mbam-log-08-22-2008 (19-58-56).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 125817
Temps écoulé: 1 hour(s), 51 minute(s), 3 second(s)
Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 16
Fichier(s) infecté(s): 37
Processus mémoire infecté(s):
C:\Program Files\rhc1fcj0er2r\rhc1fcj0er2r.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\system32\lphc5fcj0er2r.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\pphc5fcj0er2r.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Program Files\rhc1fcj0er2r\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc1fcj0er2r\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc1fcj0er2r\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc1fcj0er2r (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc1fcj0er2r (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc1fcj0er2r (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc5fcj0er2r (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\rhc1fcj0er2r (Rogue.Multiple) -> Delete on reboot.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\moi\Local Settings\Temp\.tt70.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\Conditions générales.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\Confidentialité.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\Website.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\rhc1fcj0er2r\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1fcj0er2r\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1fcj0er2r\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc1fcj0er2r\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1fcj0er2r\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc1fcj0er2r\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc1fcj0er2r\rhc1fcj0er2r.exe (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc1fcj0er2r\rhc1fcj0er2r.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1fcj0er2r\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc5fcj0er2r.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc5fcj0er2r.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphc5fcj0er2r.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmllkkjjih_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qegiuzj_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmllkkjjih_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qegiuzj_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
Oui on dirait que c´est ok...
On va vérifier car tu avais d´autres infections ègalement...
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
@+