2447 virus, antivirus xp 2008. Qui dit mieux!
Résolu/Fermé
loose stick
Messages postés
49
Date d'inscription
samedi 26 juillet 2008
Statut
Membre
Dernière intervention
22 août 2008
-
27 juil. 2008 à 21:07
cloooooooooooo - 3 août 2008 à 18:11
cloooooooooooo - 3 août 2008 à 18:11
A voir également:
- 2447 virus, antivirus xp 2008. Qui dit mieux!
- Telecharger windows xp - Télécharger - Systèmes d'exploitation
- Comodo antivirus - Télécharger - Sécurité
- Cle windows xp - Guide
- Panda antivirus - Télécharger - Antivirus & Antimalwares
- Avast antivirus gratuit - Télécharger - Antivirus & Antimalwares
19 réponses
Utilisateur anonyme
27 juil. 2008 à 23:27
27 juil. 2008 à 23:27
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
27 juil. 2008 à 21:10
27 juil. 2008 à 21:10
fais le scan en mode sans echec
Utilisateur anonyme
27 juil. 2008 à 21:10
27 juil. 2008 à 21:10
Salut
No action taken.
t as rien supprimé avec malewarebyte
No action taken.
t as rien supprimé avec malewarebyte
nico-81
Messages postés
1612
Date d'inscription
vendredi 18 avril 2008
Statut
Membre
Dernière intervention
27 février 2014
98
27 juil. 2008 à 21:11
27 juil. 2008 à 21:11
alors refait ce scan en mode sanc echec (F8 au démarrage)
et supprime TOUT à la fin du scan.
et supprime TOUT à la fin du scan.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
27 juil. 2008 à 21:11
27 juil. 2008 à 21:11
loose stick
Messages postés
49
Date d'inscription
samedi 26 juillet 2008
Statut
Membre
Dernière intervention
22 août 2008
27 juil. 2008 à 21:16
27 juil. 2008 à 21:16
Pour faire le démarrage sans échec je dois éteindre l'ordi, donc je pars pour quelques minutes, a tout de suite. Merci pour vos réponses aussi rapide!
loose stick
Messages postés
49
Date d'inscription
samedi 26 juillet 2008
Statut
Membre
Dernière intervention
22 août 2008
27 juil. 2008 à 21:36
27 juil. 2008 à 21:36
Merci, pour votre support!
Viens de faire démarrage en mode sans échec! Il ne m'a pas demandé de m'identifier! Mais je suis sur un écran avec mode sans échec sur les 4 coins de l'écran.
Les icônes et les boutons sont plus gros! Que faire maintenant?
Chiquitine: buena musica!
Viens de faire démarrage en mode sans échec! Il ne m'a pas demandé de m'identifier! Mais je suis sur un écran avec mode sans échec sur les 4 coins de l'écran.
Les icônes et les boutons sont plus gros! Que faire maintenant?
Chiquitine: buena musica!
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
27 juil. 2008 à 21:37
27 juil. 2008 à 21:37
ouvre malwarebytes puis scan complet
loose stick
Messages postés
49
Date d'inscription
samedi 26 juillet 2008
Statut
Membre
Dernière intervention
22 août 2008
27 juil. 2008 à 21:57
27 juil. 2008 à 21:57
Je viens de lancer un malwarebytes! C'est parti pour une bonne 1/2 heure! Je vous tiens au courant et posterai le rapport!
loose stick
Messages postés
49
Date d'inscription
samedi 26 juillet 2008
Statut
Membre
Dernière intervention
22 août 2008
27 juil. 2008 à 22:44
27 juil. 2008 à 22:44
Petite coupure pub!
Pendant que malwarebytes fait sont travail un écran bleu apparait, avec message pas sympa! Qui étaint l'ordi! Est-ce normal?
Pendant que malwarebytes fait sont travail un écran bleu apparait, avec message pas sympa! Qui étaint l'ordi! Est-ce normal?
nico-81
Messages postés
1612
Date d'inscription
vendredi 18 avril 2008
Statut
Membre
Dernière intervention
27 février 2014
98
27 juil. 2008 à 23:26
27 juil. 2008 à 23:26
Il léteint comment ca ? dès que tu as ce message fAit démarrer executer et tape "shutdown -a" sans les guillemet puis valide avec entrée
loose stick
Messages postés
49
Date d'inscription
samedi 26 juillet 2008
Statut
Membre
Dernière intervention
22 août 2008
27 juil. 2008 à 23:32
27 juil. 2008 à 23:32
J'ai fait deux scan:
1/
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 994
Windows 5.1.2600 Service Pack 2
22:52:42 27/07/2008
mbam-log-7-27-2008 (22-52-42).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 80906
Temps écoulé: 1 hour(s), 10 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\INRK1NF5\Install[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
2/
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 994
Windows 5.1.2600 Service Pack 2
23:20:06 27/07/2008
mbam-log-7-27-2008 (23-20-06).txt
Type de recherche: Examen rapide
Eléments examinés: 58056
Temps écoulé: 14 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 13
Fichier(s) infecté(s): 40
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\buritos (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3f8j0eaaa (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
C:\Program Files\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\karina.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karina.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winivstr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\rhc7f8j0eaaa\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buritos.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc3f8j0eaaa.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc3f8j0eaaa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3f8j0eaaa.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphc3f8j0eaaa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
Je me suis branché sur un autre ordi, a fin de ne pas perdre le contact avec les vivant ;-)
1/
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 994
Windows 5.1.2600 Service Pack 2
22:52:42 27/07/2008
mbam-log-7-27-2008 (22-52-42).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 80906
Temps écoulé: 1 hour(s), 10 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\INRK1NF5\Install[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
2/
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 994
Windows 5.1.2600 Service Pack 2
23:20:06 27/07/2008
mbam-log-7-27-2008 (23-20-06).txt
Type de recherche: Examen rapide
Eléments examinés: 58056
Temps écoulé: 14 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 13
Fichier(s) infecté(s): 40
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\buritos (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3f8j0eaaa (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
C:\Program Files\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\karina.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karina.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winivstr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\rhc7f8j0eaaa\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buritos.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc3f8j0eaaa.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc3f8j0eaaa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3f8j0eaaa.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphc3f8j0eaaa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
Je me suis branché sur un autre ordi, a fin de ne pas perdre le contact avec les vivant ;-)
loose stick
Messages postés
49
Date d'inscription
samedi 26 juillet 2008
Statut
Membre
Dernière intervention
22 août 2008
27 juil. 2008 à 23:36
27 juil. 2008 à 23:36
1/Premier scan
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 994
Windows 5.1.2600 Service Pack 2
22:52:42 27/07/2008
mbam-log-7-27-2008 (22-52-42).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 80906
Temps écoulé: 1 hour(s), 10 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\INRK1NF5\Install[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
2/ Second scan
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 994
Windows 5.1.2600 Service Pack 2
23:20:06 27/07/2008
mbam-log-7-27-2008 (23-20-06).txt
Type de recherche: Examen rapide
Eléments examinés: 58056
Temps écoulé: 14 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 13
Fichier(s) infecté(s): 40
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\buritos (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3f8j0eaaa (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
C:\Program Files\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\karina.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karina.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winivstr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\rhc7f8j0eaaa\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buritos.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc3f8j0eaaa.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc3f8j0eaaa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3f8j0eaaa.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphc3f8j0eaaa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
Voilà!
Je n'ai pas encore eu le temps de faire ce que Chiquitine, me suggère est ce toujours nécessaire?
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 994
Windows 5.1.2600 Service Pack 2
22:52:42 27/07/2008
mbam-log-7-27-2008 (22-52-42).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 80906
Temps écoulé: 1 hour(s), 10 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\INRK1NF5\Install[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
2/ Second scan
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 994
Windows 5.1.2600 Service Pack 2
23:20:06 27/07/2008
mbam-log-7-27-2008 (23-20-06).txt
Type de recherche: Examen rapide
Eléments examinés: 58056
Temps écoulé: 14 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 13
Fichier(s) infecté(s): 40
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\buritos (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3f8j0eaaa (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
C:\Program Files\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\rhc7f8j0eaaa\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\karina.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karina.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winivstr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\rhc7f8j0eaaa\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buritos.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc3f8j0eaaa.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc3f8j0eaaa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3f8j0eaaa.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphc3f8j0eaaa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfredo Rodriguez\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
Voilà!
Je n'ai pas encore eu le temps de faire ce que Chiquitine, me suggère est ce toujours nécessaire?
loose stick
Messages postés
49
Date d'inscription
samedi 26 juillet 2008
Statut
Membre
Dernière intervention
22 août 2008
27 juil. 2008 à 23:38
27 juil. 2008 à 23:38
Ordinateur infecté n'a plus de connexion à internet et est toujours sur mode sans échec. Comment je reviens à l'interface normal?
loose stick
Messages postés
49
Date d'inscription
samedi 26 juillet 2008
Statut
Membre
Dernière intervention
22 août 2008
27 juil. 2008 à 23:47
27 juil. 2008 à 23:47
Chiquitine, comme je disais plus de connexion internet sur cet ordi! Il est en mode sans échec! Comment sortir de là!
loose stick
Messages postés
49
Date d'inscription
samedi 26 juillet 2008
Statut
Membre
Dernière intervention
22 août 2008
28 juil. 2008 à 00:06
28 juil. 2008 à 00:06
J'ai redémarré mon pc en démarrage normal! J'ai récupérer le fond blanc (j'ai remis une belle photo) plus de gros texte!
Plus de signal de l'antivirus xp 2008! J'ai supprimer là où il apparaisait!
Je fais tout de même le ComboFix. Je vous suis là oùu il faudra pour sauver mon Vaio!
Merci vous êtes des champions! Je ne jererai plus que par vous, si tout ce rétabli, je le jure!
Plus de signal de l'antivirus xp 2008! J'ai supprimer là où il apparaisait!
Je fais tout de même le ComboFix. Je vous suis là oùu il faudra pour sauver mon Vaio!
Merci vous êtes des champions! Je ne jererai plus que par vous, si tout ce rétabli, je le jure!
loose stick
Messages postés
49
Date d'inscription
samedi 26 juillet 2008
Statut
Membre
Dernière intervention
22 août 2008
28 juil. 2008 à 02:14
28 juil. 2008 à 02:14
Bravo Chiquitine! Et merci pour ton aide.
Tu as également de bon gout musicaux ;-) Gracias
Tu as également de bon gout musicaux ;-) Gracias
3 août 2008 à 18:11
RECORD BATTU.
EN PLEIN MALWARE.... DITES MOI QUE CA MARCHE! C EST PAS MON PC!!!!!