Antivirusxp2008
Fermé
malou35
Messages postés
2
Date d'inscription
mercredi 23 juillet 2008
Statut
Membre
Dernière intervention
23 juillet 2008
-
23 juil. 2008 à 07:31
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 24 août 2008 à 10:36
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 24 août 2008 à 10:36
4 réponses
Lauryjo
Messages postés
2
Date d'inscription
mercredi 23 juillet 2008
Statut
Membre
Dernière intervention
23 juillet 2008
1
23 juil. 2008 à 07:36
23 juil. 2008 à 07:36
Salut
je viens juste de régler le même problème en suivant les conseils ci-dessous. ( merci à chiquitine 29 pour l'info )
Telecharge malwarebytes
-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
ps : les rapport sont aussi rangé dans l onglet rapport/log
je viens juste de régler le même problème en suivant les conseils ci-dessous. ( merci à chiquitine 29 pour l'info )
Telecharge malwarebytes
-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
ps : les rapport sont aussi rangé dans l onglet rapport/log
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
23 juil. 2008 à 13:27
23 juil. 2008 à 13:27
Salut,
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
@+
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
@+
Lauryjo
Messages postés
2
Date d'inscription
mercredi 23 juillet 2008
Statut
Membre
Dernière intervention
23 juillet 2008
1
23 juil. 2008 à 07:41
23 juil. 2008 à 07:41
D'ailleurs voici le rapport pour ceux que ça interesse ( moi perso je suis pas top en informatique et là ça dépasse mes faibles compétences )
Malwarebytes' Anti-Malware 1.22
Version de la base de données: 981
Windows 5.1.2600 Service Pack 2
07:25:54 23/07/2008
mbam-log-7-23-2008 (07-25-54).txt
Type de recherche: Examen rapide
Eléments examinés: 41826
Temps écoulé: 7 minute(s), 11 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.Downloader) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc (Trojan.MyDoom) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcjbpj0e72c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\rhcnbpj0e72c.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\rhcnbpj0e72c.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\shanghai.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcjbpj0e72c.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcjbpj0e72c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcjbpj0e72c.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.22
Version de la base de données: 981
Windows 5.1.2600 Service Pack 2
07:25:54 23/07/2008
mbam-log-7-23-2008 (07-25-54).txt
Type de recherche: Examen rapide
Eléments examinés: 41826
Temps écoulé: 7 minute(s), 11 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.Downloader) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc (Trojan.MyDoom) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Application Data\rhcnbpj0e72c\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcjbpj0e72c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\rhcnbpj0e72c.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\rhcnbpj0e72c.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcnbpj0e72c\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\shanghai.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcjbpj0e72c.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcjbpj0e72c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcjbpj0e72c.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ma Session\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
malou35
Messages postés
2
Date d'inscription
mercredi 23 juillet 2008
Statut
Membre
Dernière intervention
23 juillet 2008
23 juil. 2008 à 13:19
23 juil. 2008 à 13:19
merci mille fois caMalwarebytes' Anti-Malware 1.22
Version de la base de données: 982
Windows 5.1.2600 Service Pack 2
13:12:34 23/07/2008
mbam-log-7-23-2008 (13-12-34).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 82598
Temps écoulé: 37 minute(s), 57 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 18
Fichier(s) infecté(s): 35
Processus mémoire infecté(s):
C:\Program Files\rhc7anj0ee5p\rhc7anj0ee5p.exe (Rogue.Multiple) -> Failed to unload process.
C:\WINDOWS\system32\lphc3anj0ee5p.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\suguebkh.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\cjtrec.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\rhc7anj0ee5p\MFC71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhc7anj0ee5p\msvcp71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhc7anj0ee5p\msvcr71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\WINDOWS\system32\blphc3anj0ee5p.scr (Trojan.FakeAlert) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21cf007e-3a90-4a0c-812a-23987d45a339} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{21cf007e-3a90-4a0c-812a-23987d45a339} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc7anj0ee5p (Rogue.Multiple) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3047ec0f (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc7anj0ee5p (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3anj0ee5p (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p (Rogue.Multiple) -> Delete on reboot.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\cjtrec.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\suguebkh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hkbeugus.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP108\A0035752.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP113\A0036855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP113\A0036849.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP115\A0037120.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP115\A0037121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP115\A0037119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP116\A0037302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP116\A0037303.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP116\A0037301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP89\A0017765.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\weryykvi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080721184710468.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080721185539515.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\rhc7anj0ee5p.exe (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\rhc7anj0ee5p.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc3anj0ee5p.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc3anj0ee5p.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3anj0ee5p.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
a l'aire de fonctionner
Version de la base de données: 982
Windows 5.1.2600 Service Pack 2
13:12:34 23/07/2008
mbam-log-7-23-2008 (13-12-34).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 82598
Temps écoulé: 37 minute(s), 57 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 18
Fichier(s) infecté(s): 35
Processus mémoire infecté(s):
C:\Program Files\rhc7anj0ee5p\rhc7anj0ee5p.exe (Rogue.Multiple) -> Failed to unload process.
C:\WINDOWS\system32\lphc3anj0ee5p.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\suguebkh.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\cjtrec.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\rhc7anj0ee5p\MFC71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhc7anj0ee5p\msvcp71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhc7anj0ee5p\msvcr71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\WINDOWS\system32\blphc3anj0ee5p.scr (Trojan.FakeAlert) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21cf007e-3a90-4a0c-812a-23987d45a339} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{21cf007e-3a90-4a0c-812a-23987d45a339} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc7anj0ee5p (Rogue.Multiple) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3047ec0f (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc7anj0ee5p (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3anj0ee5p (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p (Rogue.Multiple) -> Delete on reboot.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Application Data\rhc7anj0ee5p\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\cjtrec.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\suguebkh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hkbeugus.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP108\A0035752.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP113\A0036855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP113\A0036849.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP115\A0037120.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP115\A0037121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP115\A0037119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP116\A0037302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP116\A0037303.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP116\A0037301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65881106-7EDD-40CA-957B-4BA8174B32B1}\RP89\A0017765.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\weryykvi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080721184710468.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080721185539515.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\rhc7anj0ee5p.exe (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc7anj0ee5p\rhc7anj0ee5p.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7anj0ee5p\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc3anj0ee5p.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc3anj0ee5p.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3anj0ee5p.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\malou\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
a l'aire de fonctionner
3 août 2008 à 22:43
Je te remercie de l'info car je ne commençais pas a rigolé et ton info pour les malware ma été très utile ,car il a tout Virer et depuis 5 min mon p.c est repartie comme en 14.
Pour ceux qui ont un soucis faite confiances a ces logiciels.
Résultat super.
22 août 2008 à 20:11
Version de la base de données: 1077
Windows 5.1.2600 Service Pack 3
19:58:56 22/08/2008
mbam-log-08-22-2008 (19-58-56).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 125817
Temps écoulé: 1 hour(s), 51 minute(s), 3 second(s)
Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 16
Fichier(s) infecté(s): 37
Processus mémoire infecté(s):
C:\Program Files\rhc1fcj0er2r\rhc1fcj0er2r.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\system32\lphc5fcj0er2r.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\pphc5fcj0er2r.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Program Files\rhc1fcj0er2r\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc1fcj0er2r\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc1fcj0er2r\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc1fcj0er2r (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc1fcj0er2r (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc1fcj0er2r (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc5fcj0er2r (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\rhc1fcj0er2r (Rogue.Multiple) -> Delete on reboot.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\rhc1fcj0er2r\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\moi\Local Settings\Temp\.tt70.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\Conditions générales.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\Confidentialité.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\Website.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\rhc1fcj0er2r\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1fcj0er2r\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1fcj0er2r\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc1fcj0er2r\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1fcj0er2r\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc1fcj0er2r\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc1fcj0er2r\rhc1fcj0er2r.exe (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc1fcj0er2r\rhc1fcj0er2r.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1fcj0er2r\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc5fcj0er2r.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc5fcj0er2r.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphc5fcj0er2r.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmllkkjjih_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qegiuzj_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmllkkjjih_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qegiuzj_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
24 août 2008 à 10:36
Oui on dirait que c´est ok...
On va vérifier car tu avais d´autres infections ègalement...
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
@+