Pb rdémarrage PC suite à désinfection
Résolu
fre63
Messages postés
2
Statut
Membre
-
fre63 Messages postés 2 Statut Membre -
fre63 Messages postés 2 Statut Membre -
Bonjour,
Mon PC a été infecté par plusieurs virus.
J'ai appliqué Ccleaner.
J'ai ensuite démarrer en mode sans echec pour appliquer malwarebytes (malwarebytes-anti-malware_malwarebytes_anti-malware_1.27_francais_215092). J'ai supprimé les 37 fichiers infectés.
Quand je veux redémarrer en mode windows normal, c'est impossible. Une fenetre m'a demandé si je voulais restaurer le systeme à partir d'un point de restauration. Je n'ai pas pu. Je reste bloqué en mode sans echec.
Que puis-je faire ?
Voici le rapport :
Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3
16/12/2008 20:09:47
mbam-log-2008-12-16 (20-09-47).txt
Scan type: Full Scan (C:\|)
Objects scanned: 129860
Time elapsed: 2 hour(s), 30 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 32
Registry Values Infected: 11
Registry Data Items Infected: 2
Folders Infected: 20
Files Infected: 42
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\yayabxxU.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sicbql.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\khfGaBQk.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4750ded1-55db-4789-91c3-18113b9f2be0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4750ded1-55db-4789-91c3-18113b9f2be0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6026287f-9b31-4c70-bccd-7296dc62aa15} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6026287f-9b31-4c70-bccd-7296dc62aa15} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfgabqk (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1037b06c-84b7-4240-8d80-485810a0497d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{459f4226-1aab-43b6-9dc1-b6313ef83749} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2a5c2e6d-864b-4f2c-9542-8b272741d78b} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{6f520be0-9b54-4558-816f-224e67997df3} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Carlson (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\uwap7.pcheck.1 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8c61e4e2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Local Security Authority Service (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmsass (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\mmsass (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\application layer gateway service (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayabxxu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayabxxu -> Delete on reboot.
Folders Infected:
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Dot1XCfg (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2007\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\yayabxxU.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\Uxxbayay.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\Uxxbayay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sicbql.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\khfGaBQk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\avnhuehg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gheuhnva.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsrc.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\winantiviruspro2007freeinstall_fr[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Local Settings\Temp\MBDownloader_876923.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{94363E08-4D27-4CD7-80E8-17B8B142CED4}\RP281\A0071966.exe (Trojan.SpamBot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{94363E08-4D27-4CD7-80E8-17B8B142CED4}\RP281\A0072000.exe (Trojan.SpamBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctogkuyv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmMCRH.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\WapCHK.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\err.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mfc71.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcp71.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcr71.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Insider\Insider.exe (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson\carlton (Dialer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006\AVScheduler.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2007\avtasks.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2007\history.db (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2007\PGE.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2007\Logs\winav.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gslgzpnl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mldmm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\sys54.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Explorer32.exe (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\algs.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
Mon PC a été infecté par plusieurs virus.
J'ai appliqué Ccleaner.
J'ai ensuite démarrer en mode sans echec pour appliquer malwarebytes (malwarebytes-anti-malware_malwarebytes_anti-malware_1.27_francais_215092). J'ai supprimé les 37 fichiers infectés.
Quand je veux redémarrer en mode windows normal, c'est impossible. Une fenetre m'a demandé si je voulais restaurer le systeme à partir d'un point de restauration. Je n'ai pas pu. Je reste bloqué en mode sans echec.
Que puis-je faire ?
Voici le rapport :
Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3
16/12/2008 20:09:47
mbam-log-2008-12-16 (20-09-47).txt
Scan type: Full Scan (C:\|)
Objects scanned: 129860
Time elapsed: 2 hour(s), 30 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 32
Registry Values Infected: 11
Registry Data Items Infected: 2
Folders Infected: 20
Files Infected: 42
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\yayabxxU.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sicbql.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\khfGaBQk.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4750ded1-55db-4789-91c3-18113b9f2be0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4750ded1-55db-4789-91c3-18113b9f2be0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6026287f-9b31-4c70-bccd-7296dc62aa15} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6026287f-9b31-4c70-bccd-7296dc62aa15} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfgabqk (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1037b06c-84b7-4240-8d80-485810a0497d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{459f4226-1aab-43b6-9dc1-b6313ef83749} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2a5c2e6d-864b-4f2c-9542-8b272741d78b} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{6f520be0-9b54-4558-816f-224e67997df3} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Carlson (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\uwap7.pcheck.1 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8c61e4e2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Local Security Authority Service (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmsass (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\mmsass (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\application layer gateway service (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayabxxu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayabxxu -> Delete on reboot.
Folders Infected:
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Dot1XCfg (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2007\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\yayabxxU.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\Uxxbayay.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\Uxxbayay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sicbql.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\khfGaBQk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\avnhuehg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gheuhnva.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsrc.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\winantiviruspro2007freeinstall_fr[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Local Settings\Temp\MBDownloader_876923.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{94363E08-4D27-4CD7-80E8-17B8B142CED4}\RP281\A0071966.exe (Trojan.SpamBot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{94363E08-4D27-4CD7-80E8-17B8B142CED4}\RP281\A0072000.exe (Trojan.SpamBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctogkuyv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmMCRH.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\WapCHK.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\err.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mfc71.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcp71.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcr71.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Insider\Insider.exe (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson\carlton (Dialer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006\AVScheduler.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2007\avtasks.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2007\history.db (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2007\PGE.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frédéric\Application Data\WinAntiVirus Pro 2007\Logs\winav.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gslgzpnl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mldmm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\sys54.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Explorer32.exe (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\algs.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
A voir également:
- Pb rdémarrage PC suite à désinfection
- Remettre a zero un pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
