INfection virus/spyware
Fermé
Xam Danlref
Messages postés
11
Date d'inscription
mardi 5 août 2008
Statut
Membre
Dernière intervention
5 août 2008
-
5 août 2008 à 08:30
suprainova - 10 août 2008 à 16:54
suprainova - 10 août 2008 à 16:54
A voir également:
- INfection virus/spyware
- Anti spyware - Télécharger - Antivirus & Antimalwares
- Svchost.exe virus - Guide
- Altruistic virus ✓ - Forum Antivirus
- Faux message virus iphone - Forum iPhone
- Operagxsetup virus ✓ - Forum Virus
16 réponses
chefpunky
Messages postés
673
Date d'inscription
mercredi 21 mai 2008
Statut
Membre
Dernière intervention
1 décembre 2011
31
5 août 2008 à 08:33
5 août 2008 à 08:33
telecharge hijackthis:
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
1. une fois installer renomme le en HJT.exe
2. ouvre le et fai do a scan system and logfile
3 poste rapport sur ce forum.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
1. une fois installer renomme le en HJT.exe
2. ouvre le et fai do a scan system and logfile
3 poste rapport sur ce forum.
Xam Danlref
Messages postés
11
Date d'inscription
mardi 5 août 2008
Statut
Membre
Dernière intervention
5 août 2008
5 août 2008 à 08:35
5 août 2008 à 08:35
Renommer en HJT???
chefpunky
Messages postés
673
Date d'inscription
mercredi 21 mai 2008
Statut
Membre
Dernière intervention
1 décembre 2011
31
5 août 2008 à 08:36
5 août 2008 à 08:36
oui car des hacker arrive a la contourner
mai apres l' installation tu doit renommer hajackthis.exe en HJT.exe
mai apres l' installation tu doit renommer hajackthis.exe en HJT.exe
Xam Danlref
Messages postés
11
Date d'inscription
mardi 5 août 2008
Statut
Membre
Dernière intervention
5 août 2008
5 août 2008 à 08:37
5 août 2008 à 08:37
Kk, donc je fais juste renommé le fichier?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
chefpunky
Messages postés
673
Date d'inscription
mercredi 21 mai 2008
Statut
Membre
Dernière intervention
1 décembre 2011
31
5 août 2008 à 08:39
5 août 2008 à 08:39
Non je reprend
1 tu installe hijackthis
2 apres l' instalation tu va voir un fichier qui s' apelle hijackthis.exe tu le renomme en HJT.exe
3 tu fai do a scan system
4 tu copi/colle le rapport sur ce forum
1 tu installe hijackthis
2 apres l' instalation tu va voir un fichier qui s' apelle hijackthis.exe tu le renomme en HJT.exe
3 tu fai do a scan system
4 tu copi/colle le rapport sur ce forum
Xam Danlref
Messages postés
11
Date d'inscription
mardi 5 août 2008
Statut
Membre
Dernière intervention
5 août 2008
5 août 2008 à 08:41
5 août 2008 à 08:41
hmm k
chefpunky
Messages postés
673
Date d'inscription
mercredi 21 mai 2008
Statut
Membre
Dernière intervention
1 décembre 2011
31
5 août 2008 à 08:42
5 août 2008 à 08:42
ta toujour pas compris?
Xam Danlref
Messages postés
11
Date d'inscription
mardi 5 août 2008
Statut
Membre
Dernière intervention
5 août 2008
5 août 2008 à 08:47
5 août 2008 à 08:47
Si je comprend bien, j'install, je prend le fichier hijackthis.exe et je le nomme HJT.exe?
chefpunky
Messages postés
673
Date d'inscription
mercredi 21 mai 2008
Statut
Membre
Dernière intervention
1 décembre 2011
31
5 août 2008 à 08:47
5 août 2008 à 08:47
oui
Xam Danlref
Messages postés
11
Date d'inscription
mardi 5 août 2008
Statut
Membre
Dernière intervention
5 août 2008
5 août 2008 à 08:49
5 août 2008 à 08:49
Kk, Merci bcp :)
Xam Danlref
Messages postés
11
Date d'inscription
mardi 5 août 2008
Statut
Membre
Dernière intervention
5 août 2008
5 août 2008 à 08:50
5 août 2008 à 08:50
avant de partir ce topic jai downloader AVG anti spyware, esce que je dois le desinstallé avant de mettre HJT?
chefpunky
Messages postés
673
Date d'inscription
mercredi 21 mai 2008
Statut
Membre
Dernière intervention
1 décembre 2011
31
5 août 2008 à 08:51
5 août 2008 à 08:51
non touche a rien sauf HJT
Xam Danlref
Messages postés
11
Date d'inscription
mardi 5 août 2008
Statut
Membre
Dernière intervention
5 août 2008
5 août 2008 à 09:10
5 août 2008 à 09:10
LE telechargement de HJT ne commence pas... je ne peux tjrs pas désinstallé Antivirus XP2008 qui se declence a toute les 2 sec et l'Ordi est extremement lent... je vais essayé de mettre a jour avg
chefpunky
Messages postés
673
Date d'inscription
mercredi 21 mai 2008
Statut
Membre
Dernière intervention
1 décembre 2011
31
5 août 2008 à 09:13
5 août 2008 à 09:13
non telecharge MBAM
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
1.1 installe le
1.2 fai une recherche complete
1.3 a la fin affiche le resultat
1.4 nettoit tout
1.5 post le rapport ici.
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
1.1 installe le
1.2 fai une recherche complete
1.3 a la fin affiche le resultat
1.4 nettoit tout
1.5 post le rapport ici.
Xam Danlref
Messages postés
11
Date d'inscription
mardi 5 août 2008
Statut
Membre
Dernière intervention
5 août 2008
5 août 2008 à 10:18
5 août 2008 à 10:18
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1026
Windows 5.1.2600 Service Pack 3
04:11:37 2008-08-05
mbam-log-8-5-2008 (04-11-37).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 86964
Temps écoulé: 47 minute(s), 58 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 43
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mLeBSJcd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yrnodswv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jljehd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuVmmNeB.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53aca347-ee58-4f05-a4c1-9f86cd1c0334} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{53aca347-ee58-4f05-a4c1-9f86cd1c0334} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa3af88a-063d-4825-bcee-c6d2b177f726} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aa3af88a-063d-4825-bcee-c6d2b177f726} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{109be732-8f8c-49d4-a3f4-fedcac7f0a25} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{109be732-8f8c-49d4-a3f4-fedcac7f0a25} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc1kej0ecd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc1kej0ecd3 (Rogue.Multiple) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintss32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvmmneb (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmc7e56e00 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc1kej0ecd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{109be732-8f8c-49d4-a3f4-fedcac7f0a25} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc5kej0ecd3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\mlebsjcd -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mlebsjcd -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\rhc1kej0ecd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\mLeBSJcd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dcJSBeLm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dcJSBeLm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jljehd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yrnodswv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuVmmNeB.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\B0HDFE35\17PHolmes[1].cmt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\B0HDFE35\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\B0HDFE35\lrxherblpj[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CRWLFHZI\yflhrol[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CRWLFHZI\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GIH3JA5K\mpvspl[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GIH3JA5K\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\LQKGQZKN\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EEABD26-FC4D-48E4-B86B-B23469D204D3}\RP51\A0018013.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EEABD26-FC4D-48E4-B86B-B23469D204D3}\RP51\A0018019.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EEABD26-FC4D-48E4-B86B-B23469D204D3}\RP51\A0018020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu2000352.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buhsbqok.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yppfeuqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\14dba3e.sys (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\rhc1kej0ecd3.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\rhc1kej0ecd3.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintss32.dll (Dialer) -> Delete on reboot.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Disk (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\svchost.exe:exe.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXroLDs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7e56e00.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7e56e00.txt (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\blphc5kej0ecd3.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc5kej0ecd3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc5kej0ecd3.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Version de la base de données: 1026
Windows 5.1.2600 Service Pack 3
04:11:37 2008-08-05
mbam-log-8-5-2008 (04-11-37).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 86964
Temps écoulé: 47 minute(s), 58 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 43
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mLeBSJcd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yrnodswv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jljehd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuVmmNeB.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53aca347-ee58-4f05-a4c1-9f86cd1c0334} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{53aca347-ee58-4f05-a4c1-9f86cd1c0334} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa3af88a-063d-4825-bcee-c6d2b177f726} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aa3af88a-063d-4825-bcee-c6d2b177f726} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{109be732-8f8c-49d4-a3f4-fedcac7f0a25} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{109be732-8f8c-49d4-a3f4-fedcac7f0a25} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc1kej0ecd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc1kej0ecd3 (Rogue.Multiple) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintss32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvmmneb (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmc7e56e00 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc1kej0ecd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{109be732-8f8c-49d4-a3f4-fedcac7f0a25} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc5kej0ecd3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\mlebsjcd -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mlebsjcd -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\rhc1kej0ecd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\rhc1kej0ecd3\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\mLeBSJcd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dcJSBeLm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dcJSBeLm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jljehd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yrnodswv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuVmmNeB.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\B0HDFE35\17PHolmes[1].cmt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\B0HDFE35\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\B0HDFE35\lrxherblpj[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CRWLFHZI\yflhrol[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CRWLFHZI\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GIH3JA5K\mpvspl[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GIH3JA5K\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\LQKGQZKN\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EEABD26-FC4D-48E4-B86B-B23469D204D3}\RP51\A0018013.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EEABD26-FC4D-48E4-B86B-B23469D204D3}\RP51\A0018019.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EEABD26-FC4D-48E4-B86B-B23469D204D3}\RP51\A0018020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu2000352.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buhsbqok.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yppfeuqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\14dba3e.sys (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\rhc1kej0ecd3.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\rhc1kej0ecd3.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1kej0ecd3\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintss32.dll (Dialer) -> Delete on reboot.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Disk (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\svchost.exe:exe.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXroLDs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7e56e00.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7e56e00.txt (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\blphc5kej0ecd3.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc5kej0ecd3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc5kej0ecd3.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Xam Danlref
Messages postés
11
Date d'inscription
mardi 5 août 2008
Statut
Membre
Dernière intervention
5 août 2008
5 août 2008 à 19:35
5 août 2008 à 19:35
Bon ... jai fais 2 recherche, jai trouvé des logiciel malveillant les 2 fois... et maintenant je ne vois plus mon deskop du tout kan jouvre mon ordinateur, et un processus nommé Isass.exe est apparu dans mon gestionnaire de tache (seul chose que je peux voir) sinon , pas de bar de demarrage pas dicone etc. Ce phénomène c'est produit après avoir redemarré mon ordinateur pr deleter les fichier ''on reboot''. La je suis sur un portable pr vous ecrire ca, un coup de main serais le bienvenu :s.
Xam Danlref
Messages postés
11
Date d'inscription
mardi 5 août 2008
Statut
Membre
Dernière intervention
5 août 2008
5 août 2008 à 20:55
5 août 2008 à 20:55
De plus, MBAM de marche plus du tout et ce message apparait kan je le démarre ''Run time error 372''.
FAiled to load control ''Vbalgrid''from vbalsgrid.ocx. Your version of Vbalsgrid.ocx might be outdated. Make sure you are using the version of the application that was provided with your application.
S.O.S, je sais vrm plus quoi faire
FAiled to load control ''Vbalgrid''from vbalsgrid.ocx. Your version of Vbalsgrid.ocx might be outdated. Make sure you are using the version of the application that was provided with your application.
S.O.S, je sais vrm plus quoi faire
