Help malware Rogues sur mon pc
Dernière réponse : dans Le monde de Windows
Bonjour à tous,
suite à une lecture (mais trop tardive) du très bon topic sécurité et prévention, je me permets de demander de l'aide car j'ai un rogue dans mon pc depuis hier soir...
Comme d'hab pour info, ma config :
CM Abit NF7S
Processeur Athlon XP 2800+
2 x 512 MO RAM G-Skill
ATI RADEON 9200 SE (j'ai honte... je vais changer promis).
Carte tuner tv Leadtek
Précision j'ai formaté mon DD il y a 1 mois ou presque...
Bon alors pour résumé, je surfais tranquilou, les mains dans les potches, quand tout d'un coup, surprise, changement de mon ecran de fond, message de virus qui m'arrive de tout côté et etc... Bizarre...
Après quelques recherches, je vois que c'est un rogue, antispywareexpert pour info, qui m'a infecté. Alors suite à quelques lectures je lance Malware bytes antimalware, dont voici le rapport ici :
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 930
Windows 5.1.2600
00:25:54 08/07/2008
mbam-log-7-8-2008 (00-25-54).txt
Type de recherche: Examen complet (C:\|D:\|H:\|)
Eléments examinés: 87441
Temps écoulé: 1 hour(s), 10 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 18
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 23
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\lhjkxkcl.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\qoMdAtQj.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ljJbAPhH.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\fdxbameg.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\fsrpknov.dll (Trojan.FakeAlert) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34174eb6-fc56-44ee-a11f-e862757bc053} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{34174eb6-fc56-44ee-a11f-e862757bc053} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{33da9e3c-935e-4ec2-977d-afe3a3b5e727} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33da9e3c-935e-4ec2-977d-afe3a3b5e727} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjbaphh (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1ce347d5-97a4-4c62-8281-07b194b783b3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86af81ac-6548-4711-88e1-04c564c50884} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{45cdab3e-cb41-459a-9cde-81647c988c48} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca9afaab-e1d4-4d52-883c-02981238c0da} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca9afaab-e1d4-4d52-883c-02981238c0da} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bbpq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.Fakealert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7cb2a069 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\Source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{33da9e3c-935e-4ec2-977d-afe3a3b5e727} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fdxbameg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdatqj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdatqj -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-0000356-23390) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\qoMdAtQj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jQtAdMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jQtAdMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lhjkxkcl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lckxkjhl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\ebaq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Logiciels\Photos - vidéos\ACDSee\ACDSee5\ACDSeev50WinALLKeymak.Onl\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJbAPhH.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\fdxbameg.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\fsrpknov.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\sqvgnrpx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wbxdpgfeqdb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
Confiant, je redémarre le pc...
bonne nouvelle, je n'ai plus de message fanatique d'attaques fantômes qui me conseil d'aller télécharger tel ou tel logiciel.
Mauvaise nouvelle, je n'ai plus d'écrans de fond, et impossible d'en remettre un via la commande Affichage / propriétés / bureau.
J'ai lancé une analyse complete de mon système avec Antivir (qui au passage ne l'avait pas détecté), je vous donnerais le rapport demain.
Pourriez vous m'aider ??? me dire si il faut que je lance d'autres logiciels ??? (smitfraudFIX ?)
Merci d'avance.
suite à une lecture (mais trop tardive) du très bon topic sécurité et prévention, je me permets de demander de l'aide car j'ai un rogue dans mon pc depuis hier soir...
Comme d'hab pour info, ma config :
CM Abit NF7S
Processeur Athlon XP 2800+
2 x 512 MO RAM G-Skill
ATI RADEON 9200 SE (j'ai honte... je vais changer promis).
Carte tuner tv Leadtek
Précision j'ai formaté mon DD il y a 1 mois ou presque...
Bon alors pour résumé, je surfais tranquilou, les mains dans les potches, quand tout d'un coup, surprise, changement de mon ecran de fond, message de virus qui m'arrive de tout côté et etc... Bizarre...
Après quelques recherches, je vois que c'est un rogue, antispywareexpert pour info, qui m'a infecté. Alors suite à quelques lectures je lance Malware bytes antimalware, dont voici le rapport ici :
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 930
Windows 5.1.2600
00:25:54 08/07/2008
mbam-log-7-8-2008 (00-25-54).txt
Type de recherche: Examen complet (C:\|D:\|H:\|)
Eléments examinés: 87441
Temps écoulé: 1 hour(s), 10 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 18
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 23
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\lhjkxkcl.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\qoMdAtQj.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ljJbAPhH.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\fdxbameg.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\fsrpknov.dll (Trojan.FakeAlert) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34174eb6-fc56-44ee-a11f-e862757bc053} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{34174eb6-fc56-44ee-a11f-e862757bc053} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{33da9e3c-935e-4ec2-977d-afe3a3b5e727} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33da9e3c-935e-4ec2-977d-afe3a3b5e727} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjbaphh (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1ce347d5-97a4-4c62-8281-07b194b783b3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86af81ac-6548-4711-88e1-04c564c50884} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{45cdab3e-cb41-459a-9cde-81647c988c48} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca9afaab-e1d4-4d52-883c-02981238c0da} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca9afaab-e1d4-4d52-883c-02981238c0da} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bbpq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.Fakealert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7cb2a069 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\Source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{33da9e3c-935e-4ec2-977d-afe3a3b5e727} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fdxbameg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdatqj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdatqj -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-0000356-23390) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\qoMdAtQj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jQtAdMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jQtAdMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lhjkxkcl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lckxkjhl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\ebaq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Logiciels\Photos - vidéos\ACDSee\ACDSee5\ACDSeev50WinALLKeymak.Onl\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJbAPhH.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\fdxbameg.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\fsrpknov.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\sqvgnrpx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wbxdpgfeqdb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
Confiant, je redémarre le pc...
bonne nouvelle, je n'ai plus de message fanatique d'attaques fantômes qui me conseil d'aller télécharger tel ou tel logiciel.
Mauvaise nouvelle, je n'ai plus d'écrans de fond, et impossible d'en remettre un via la commande Affichage / propriétés / bureau.
J'ai lancé une analyse complete de mon système avec Antivir (qui au passage ne l'avait pas détecté), je vous donnerais le rapport demain.
Pourriez vous m'aider ??? me dire si il faut que je lance d'autres logiciels ??? (smitfraudFIX ?)
Merci d'avance.
Autres pages sur : help malware rogues
Lassé par la pub ? Créez un compte
salut,
>>Mauvaise nouvelle, je n'ai plus d'écrans de fond, et impossible d'en remettre un >>via la commande Affichage / propriétés / bureau.
Vérifie en éditant la BdR avec regedit.exe si *toutes* tes valeurs sont bien à zéro (dword:00000000).
http://www.kellys-korner-xp.com/regs_edits/wallpaperena...
précaution d'usage: sauvegarde la clé, ou la branche, voire la ruche avant toutes modifs.
>>Mauvaise nouvelle, je n'ai plus d'écrans de fond, et impossible d'en remettre un >>via la commande Affichage / propriétés / bureau.
Vérifie en éditant la BdR avec regedit.exe si *toutes* tes valeurs sont bien à zéro (dword:00000000).
http://www.kellys-korner-xp.com/regs_edits/wallpaperena...
précaution d'usage: sauvegarde la clé, ou la branche, voire la ruche avant toutes modifs.
Hello,
merci houba 78.
Oui, toutes mes valeurs sont bien à 0000000.
Pour info j'ai tester un scan de mon pc avec rogueremover mais il a rien trouvé.
Est ce qu'un clean register pourrait arranger le tout ?
Pour info je colle mon rapport d'antivir qui a apparemment trouvé d'autres éléments...
Avira AntiVir Personal
Report file date: mardi 8 juillet 2008 00:30
Scanning for 1382539 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DJE-PC
Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 17:01:56
ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 09:33:05
ANTIVIR3.VDF : 7.0.5.59 51712 Bytes 07/07/2008 18:13:59
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 03/07/2008 06:14:17
AESCN.DLL : 8.1.0.22 119157 Bytes 23/06/2008 05:54:21
AERDL.DLL : 8.1.0.20 418165 Bytes 17/06/2008 22:26:33
AEPACK.DLL : 8.1.1.6 364918 Bytes 23/06/2008 05:54:20
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 23/06/2008 05:54:20
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 03/07/2008 06:14:15
AEHELP.DLL : 8.1.0.15 115063 Bytes 17/06/2008 22:26:30
AEGEN.DLL : 8.1.0.29 307573 Bytes 23/06/2008 05:54:18
AEEMU.DLL : 8.1.0.6 430451 Bytes 17/06/2008 22:26:28
AECORE.DLL : 8.1.0.32 168311 Bytes 03/07/2008 06:14:10
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 8 juillet 2008 00:30
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WTS_KEY.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SATARaid.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'WFWIZ.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'Kmaestro.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'sstray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '28' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004181.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a300d1.qua'!
C:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004183.exe
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[NOTE] The file was moved to '48a300d3.qua'!
C:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004184.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a300da.qua'!
C:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004185.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\fdxbameg.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\fsrpknov.dll
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[NOTE] The file was deleted!
C:\WINDOWS\system32\lhjkxkcl.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\ljJbAPhH.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\qoMdAtQj.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
Begin scan in 'D:\'
D:\Logiciels\Photos - vidéos\CyberLink PowerDVD XP 4.0\FO-PDVD4.EXE
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Logiciels\WinACE\WinACE_2bcalvi\W211_FR.EXE
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP49\A0003968.exe
[DETECTION] Contains detection pattern of the dropper DR/Gator.3202.12
[NOTE] The file was deleted!
D:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004182.EXE
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
Begin scan in 'H:\' <Documents>
End of the scan: mardi 8 juillet 2008 08:17
Used time: 7:47:39 min
The scan has been done completely.
3972 Scanning directories
229592 Files were scanned
11 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
8 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
229581 Files not concerned
4055 Archives were scanned
4 Warnings
11 Notes
Je n'ai plus du tout de message ou d'alerte de antispywareexpert, néanmoins j'ai toujours mon écran blanc, et quelques modif dans mon menu démarrer (àmon avis je peux m attendre à d'autres choses au fur et a mesure).
merci houba 78.
Oui, toutes mes valeurs sont bien à 0000000.
Pour info j'ai tester un scan de mon pc avec rogueremover mais il a rien trouvé.
Est ce qu'un clean register pourrait arranger le tout ?
Pour info je colle mon rapport d'antivir qui a apparemment trouvé d'autres éléments...
Avira AntiVir Personal
Report file date: mardi 8 juillet 2008 00:30
Scanning for 1382539 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DJE-PC
Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 17:01:56
ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 09:33:05
ANTIVIR3.VDF : 7.0.5.59 51712 Bytes 07/07/2008 18:13:59
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 03/07/2008 06:14:17
AESCN.DLL : 8.1.0.22 119157 Bytes 23/06/2008 05:54:21
AERDL.DLL : 8.1.0.20 418165 Bytes 17/06/2008 22:26:33
AEPACK.DLL : 8.1.1.6 364918 Bytes 23/06/2008 05:54:20
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 23/06/2008 05:54:20
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 03/07/2008 06:14:15
AEHELP.DLL : 8.1.0.15 115063 Bytes 17/06/2008 22:26:30
AEGEN.DLL : 8.1.0.29 307573 Bytes 23/06/2008 05:54:18
AEEMU.DLL : 8.1.0.6 430451 Bytes 17/06/2008 22:26:28
AECORE.DLL : 8.1.0.32 168311 Bytes 03/07/2008 06:14:10
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 8 juillet 2008 00:30
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WTS_KEY.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SATARaid.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'WFWIZ.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'Kmaestro.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'sstray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '28' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004181.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a300d1.qua'!
C:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004183.exe
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[NOTE] The file was moved to '48a300d3.qua'!
C:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004184.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a300da.qua'!
C:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004185.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\fdxbameg.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\fsrpknov.dll
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[NOTE] The file was deleted!
C:\WINDOWS\system32\lhjkxkcl.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\ljJbAPhH.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\qoMdAtQj.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
Begin scan in 'D:\'
D:\Logiciels\Photos - vidéos\CyberLink PowerDVD XP 4.0\FO-PDVD4.EXE
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Logiciels\WinACE\WinACE_2bcalvi\W211_FR.EXE
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP49\A0003968.exe
[DETECTION] Contains detection pattern of the dropper DR/Gator.3202.12
[NOTE] The file was deleted!
D:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004182.EXE
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
Begin scan in 'H:\' <Documents>
End of the scan: mardi 8 juillet 2008 08:17
Used time: 7:47:39 min
The scan has been done completely.
3972 Scanning directories
229592 Files were scanned
11 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
8 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
229581 Files not concerned
4055 Archives were scanned
4 Warnings
11 Notes
Je n'ai plus du tout de message ou d'alerte de antispywareexpert, néanmoins j'ai toujours mon écran blanc, et quelques modif dans mon menu démarrer (àmon avis je peux m attendre à d'autres choses au fur et a mesure).
re,
>>(àmon avis je peux m attendre à d'autres choses au fur et a mesure).
Je le pense aussi, que la souche n'est pas complètement éradiquée...
Viré par MBAM...
C:\WINDOWS\system32\ljJbAPhH.dll (Trojan.Vundo) -> Delete on reboot.
Il s'est auto-recrée entre temps puisqu' antivir l'avait re-viré...
C:\WINDOWS\system32\ljJbAPhH.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
Je te laisse le lien général sur les malveillants, pour les prochaines fois.![:D]( ":D")
http://www.malekal.com/guide_supression_spywares.php
Dans ton cas, amha c'est cette section qui devrait t'intéresser:
Virtumonde / Msevents / Trojan.vundo
ps: 2bcalvi
Dany s'est fait choper il y a 4/5 ans ?, le site avait même disparu de la Toile durant 3-6 mois ?. Puis quelq'un d'autre avait repris le flambeau, en se faisant passer pour Dany ?, mais de qualité moindre voire douteuse.
Perso je me méfierais...
>>(àmon avis je peux m attendre à d'autres choses au fur et a mesure).
Je le pense aussi, que la souche n'est pas complètement éradiquée...
Viré par MBAM...
C:\WINDOWS\system32\ljJbAPhH.dll (Trojan.Vundo) -> Delete on reboot.
Il s'est auto-recrée entre temps puisqu' antivir l'avait re-viré...
C:\WINDOWS\system32\ljJbAPhH.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
Je te laisse le lien général sur les malveillants, pour les prochaines fois.
http://www.malekal.com/guide_supression_spywares.php
Dans ton cas, amha c'est cette section qui devrait t'intéresser:
Virtumonde / Msevents / Trojan.vundo
ps: 2bcalvi
Dany s'est fait choper il y a 4/5 ans ?, le site avait même disparu de la Toile durant 3-6 mois ?. Puis quelq'un d'autre avait repris le flambeau, en se faisant passer pour Dany ?, mais de qualité moindre voire douteuse.
Perso je me méfierais...
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumHelp clavier pc portable
- ForumHelp me probleme avec ce pc portable
- ForumHelp branchement pc sur la tele
- ForumHelp branchement pc a plasma
- ForumHelp compatibilite composants pc
- ForumHelp pc neuf mais rien ne saffiche
- ForumScanner un pc horsconnexion help
- ForumProbleme demarrage pc help
- ForumAvast est bloque sur mon pc help
- ForumHelp probleme avec mon pc portable acer
- Voir plus
