banddilondon
Messages postés14Date d'inscriptionsamedi 16 août 2008StatutMembreDernière intervention10 juillet 2010
-
16 août 2008 à 17:00
banddilondon
Messages postés14Date d'inscriptionsamedi 16 août 2008StatutMembreDernière intervention10 juillet 2010
-
16 août 2008 à 18:40
Bonjour,ses un scan rapide qui je crois a réussi a me défaire de ''antivirus xp 2008'' mais je voudrais des opinions
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1056
Windows 5.1.2600 Service Pack 3
Type de recherche: Examen rapide
Eléments examinés: 55805
Temps écoulé: 31 minute(s), 55 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 15
Processus mémoire infecté(s):
C:\Program Files\rhcl49j0e36t\rhcl49j0e36t.exe (Rogue.Multiple) -> Failed to unload process.
C:\WINDOWS\system32\pphcg49j0e36t.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Program Files\rhcl49j0e36t\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcl49j0e36t\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcl49j0e36t\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
C:\WINDOWS\system32\blphcg49j0e36t.scr (Trojan.FakeAlert) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcl49j0e36t (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcl49j0e36t (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcl49j0e36t (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcg49j0e36t (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\rhcl49j0e36t (Rogue.Multiple) -> Delete on reboot.
C:\Documents and Settings\julie\Application Data\rhcl49j0e36t (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\julie\Application Data\rhcl49j0e36t\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\julie\Application Data\rhcl49j0e36t\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\julie\Application Data\rhcl49j0e36t\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\julie\Application Data\rhcl49j0e36t\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\julie\Application Data\rhcl49j0e36t\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\julie\Application Data\rhcl49j0e36t\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\julie\Application Data\rhcl49j0e36t\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\julie\Application Data\rhcl49j0e36t\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\julie\Application Data\rhcl49j0e36t\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\julie\Application Data\rhcl49j0e36t\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\rhcl49j0e36t\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl49j0e36t\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl49j0e36t\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcl49j0e36t\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl49j0e36t\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcl49j0e36t\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcl49j0e36t\rhcl49j0e36t.exe (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcl49j0e36t\rhcl49j0e36t.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl49j0e36t\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\julie\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcg49j0e36t.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcg49j0e36t.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcg49j0e36t.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcg49j0e36t.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
et vois si un log hijackthis réaliser par la suite
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:29, on 2008-08-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
16 août 2008 à 18:40
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1056
Windows 5.1.2600 Service Pack 3
12:20:39 2008-08-16
mbam-log-8-16-2008 (12-20-39).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 87281
Temps écoulé: 55 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
je crois que tout est bien pour le moment