Virus system fix - Help meRésolu/Fermé

Question

Bonjour, 

J'ai utilisé RogueKiller, le virus System fix est partit, mes icones de raccourcis sont revenues, par contre j'ai perdu tout mes documents, et mes favoris. Comment faire ? 

Merci d'avance 

Configuration: Windows Vista / Firefox 8.0.1

Tigzy · Answer

Salut

Poste les rapports RogueKiller

------

Si ce n'est déjà fait, passe le mode 6

niouk · Answer

¤¤¤ Processus malicieux: 1 ¤¤¤
[LOCKED] mfpmp.exe -- LOCKED -> KILLED [TermProc]

¤¤¤ Entrees de registre: 2 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : {9BB4E102-8AE3-1F39-EA47-DF7892A1C656} (C:\Users\Elodie\AppData\Roaming\Yqapofo\ebondy.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1495769101-3359516702-2696377011-1000[...]\Run : {9BB4E102-8AE3-1F39-EA47-DF7892A1C656} (C:\Users\Elodie\AppData\Roaming\Yqapofo\ebondy.exe) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

Termine : << RKreport[1].txt >>
RKreport[1].txt

niouk · Answer

RogueKiller V6.1.10 [18/11/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Elodie [Droits d'admin]
Mode: Raccourcis RAZ -- Date : 24/11/2011 15:39:49

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

Attributs de fichiers restaures:
Bureau: Success 0 / Fail 0
Lancement rapide: Success 0 / Fail 0
Programmes: Success 0 / Fail 0
Menu demarrer: Success 0 / Fail 0
Dossier utilisateur: Success 3 / Fail 0
Mes documents: Success 0 / Fail 0
Mes favoris: Success 0 / Fail 0
Mes images: Success 0 / Fail 0
Ma musique: Success 0 / Fail 0
Mes videos: Success 0 / Fail 0
Disques locaux: Success 1 / Fail 0
Sauvegarde: [FOUND] Success 0 / Fail 28

Lecteurs:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Termine : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt

niouk · Answer

RogueKiller V6.1.10 [18/11/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Elodie [Droits d'admin]
Mode: Recherche -- Date : 24/11/2011 15:36:09

¤¤¤ Processus malicieux: 1 ¤¤¤
[LOCKED] mfpmp.exe -- LOCKED -> KILLED [TermProc]

¤¤¤ Entrees de registre: 2 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : {9BB4E102-8AE3-1F39-EA47-DF7892A1C656} (C:\Users\Elodie\AppData\Roaming\Yqapofo\ebondy.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1495769101-3359516702-2696377011-1000[...]\Run : {9BB4E102-8AE3-1F39-EA47-DF7892A1C656} (C:\Users\Elodie\AppData\Roaming\Yqapofo\ebondy.exe) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

Termine : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V6.1.10 [18/11/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Elodie [Droits d'admin]
Mode: Suppression -- Date : 24/11/2011 15:37:20

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 1 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : {9BB4E102-8AE3-1F39-EA47-DF7892A1C656} (C:\Users\Elodie\AppData\Roaming\Yqapofo\ebondy.exe) -> DELETED

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].t

RogueKiller V6.1.10 [18/11/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Elodie [Droits d'admin]
Mode: HOSTS RAZ -- Date : 24/11/2011 15:38:40

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

¤¤¤ Nouveau fichier HOSTS: ¤¤¤
127.0.0.1 localhost

Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

RogueKiller V6.1.10 [18/11/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Elodie [Droits d'admin]
Mode: HOSTS RAZ -- Date : 24/11/2011 15:38:51

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

¤¤¤ Nouveau fichier HOSTS: ¤¤¤
127.0.0.1 localhost

Termine : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

RogueKiller V6.1.10 [18/11/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Elodie [Droits d'admin]
Mode: Proxy RAZ -- Date : 24/11/2011 15:39:00

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Entrees de registre: 0 ¤¤¤

Termine : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

RogueKiller V6.1.10 [18/11/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Elodie [Droits d'admin]
Mode: DNS RAZ -- Date : 24/11/2011 15:39:10

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Entrees de registre: 0 ¤¤¤

Termine : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt

Tigzy · Answer

Tu as toujours des soucis?

Télécharger  sur le bureau  Malwarebyte's Anti-Malware

= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Ne pas décocher "Faire la mise à jour"
= si la mise à jour a échoué, la faire après execution du logiciel => onglet "Mise à jour"
= Quand le programme lancé ==> cocher Exécuter un examen complet 
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen 
= En fin de scan ( 1h environ), si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection

un rapport s'ouvre le copier et le coller dans la réponse

niouk · Answer

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8232

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

24/11/2011 20:36:30
mbam-log-2011-11-24 (20-36-30).txt

Type d'examen: Examen complet (C:\|E:\|)
Elément(s) analysé(s): 309642
Temps écoulé: 1 heure(s), 33 minute(s), 43 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 19

Processus mémoire infecté(s):
c:\Windows	emp\fehebx\setup.exe (Trojan.Agent) -> 472 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrightBreezeSA (Adware.HotBar.BB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\brightbreezesa (Adware.HotBar.BB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\BrightBreeze (Adware.HotBar.BB) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9BB4E102-8AE3-1F39-EA47-DF7892A1C656} (Trojan.Downloader) -> Value: {9BB4E102-8AE3-1F39-EA47-DF7892A1C656} -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BrightBreezeSA (Adware.HotBar.BB) -> Value: BrightBreezeSA -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\program files\brightbreeze\bin (Adware.HotBar.BB) -> Quarantined and deleted successfully.
c:\program files\brightbreeze\bin\2.0.12.0 (Adware.HotBar.BB) -> Quarantined and deleted successfully.
c:\programdata\brightbreezesa (Adware.HotBar.BB) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\Windows	emp\fehebx\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Elodie\AppData\Roaming\Yqapofo\ebondy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-1495769101-3359516702-2696377011-1000\$R6II006\ebondy.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-1495769101-3359516702-2696377011-1000\$R6II006\gwdakvoved.exe.vir (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-1495769101-3359516702-2696377011-1000\$R6II006\setup.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-1495769101-3359516702-2696377011-1000\$R6II006\uuccifdedgf7gt.exe.vir (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\program files\brightbreeze\bin\2.0.12.0\brightbreezesacb.exe (Adware.HotBar.BB) -> Quarantined and deleted successfully.
c:\program files\brightbreeze\bin\2.0.12.0\brightbreezeuninstaller.exe (Adware.HotBar.BB) -> Quarantined and deleted successfully.
c:\programdata\uuccifdedgf7gt.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\programdata\gwdakvoved.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\Elodie\AppData\Local\gun.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\Elodie\AppData\Local\qyi.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\assembly\GAC_MSIL\desktop.ini.vir (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\Users\Elodie\AppData\Local	emp\gkxwuk3hvtfvj5.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\Elodie\Desktopk_quarantine\ebondy.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\brightbreeze\bin\2.0.12.0\copyright.txt (Adware.HotBar.BB) -> Quarantined and deleted successfully.
c:\programdata\brightbreezesa\brightbreezesa.dat (Adware.HotBar.BB) -> Quarantined and deleted successfully.
c:\programdata\brightbreezesa\brightbreezesaau.dat (Adware.HotBar.BB) -> Quarantined and deleted successfully.
c:\programdata\brightbreezesa\brightbreezesa_kyf.dat (Adware.HotBar.BB) -> Quarantined and deleted successfully.

Tigzy · Answer

2 possibilités, soit en cliquant sur des pubs infectées, soit parce que tes logiciels tierces ne sont pas à jour (Java / Flash / PDF ...)

* Télécharge DELFix de Xplode
* Lance le.
* A l'invite, tape 2 (suppression)
* Un rapport va s'ouvrir à la fin, colle le dans la réponse

----------

Tu peux lire ce sujet sur les logiciels recommandés, et les attitudes responsables sur le web  
Et celui ci, sur les logiciels gratuits à éviter  

------

Tu peux garder Malwarebytes pour un scan de temps à autres


-----

Pense à marquer le fil comme résolu

niouk · Answer

Ouep, merci.

Virus system fix - Help me

8 réponses

Discussions similaires

Newsletters