Antivirus security alert
since33
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour a tous, je suis nouveau, et je pote ici pour un problème de spy-ware ( je pense ?)
Voila je suis sur windows vista et depuis hier s'est installé ANTIVIRUS SECURITY ALERT sur mon PC.
Pensant que je n'étais pas le seul, j'ai fouillé le net a la recherche d'une solution. Ayant essayé tout ce que je maitrisais, je ne suis toujours pas venu a bout du probleme.
J'ai essayé malware byte bien entendu mais ca ne change rien.
Voici mes rapports malwarebyte :
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Version de la base de données: 5214
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18999
25/12/2010 12:21:52
mbam-log-2010-12-25 (12-21-52).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 189188
Temps écoulé: 19 minute(s), 8 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 39
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 46
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\I.P services (Adware.InstallPedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IP Network (Adware.InstallPedia) -> Value: IP Network -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cnamxsrewo.exe (Trojan.FakeAlert) -> Value: cnamxsrewo.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cnamxsrewo.exe (Trojan.FakeAlert) -> Value: cnamxsrewo.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Agent) -> Value: hf8wefhuaihf8ewfydiujhfdsfdf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\COM+ Manager (Trojan.Downloader) -> Value: COM+ Manager -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.VirTool) -> Value: hsf87efjhdsf87f3jfsdi7fhsujfd -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Metropolis (Trojan.FakeAlert) -> Value: Metropolis -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlppf (Password.Stealer) -> Value: Lvbhiejlppf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlppf (Password.Stealer) -> Value: Lvbhiejlppf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlq+ (Trojan.Agent) -> Value: Lvbhiejlq+ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlq+ (Trojan.Agent) -> Value: Lvbhiejlq+ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mquse (Trojan.Agent) -> Value: Mquse -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mquse (Trojan.Agent) -> Value: Mquse -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSUpdate (Trojan.Agent) -> Value: MSUpdate -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{6B92E364-23AB-7A2E-F545-FC8C5304BB6E} (Trojan.ZbotR.Gen) -> Value: {6B92E364-23AB-7A2E-F545-FC8C5304BB6E} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NaLYJsiv (Trojan.Downloader.Gen) -> Value: uPc+kt0NaLYJsiv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NaLYJsiv (Trojan.Downloader.Gen) -> Value: uPc+kt0NaLYJsiv -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NkVJsiv (Trojan.Downloader.Gen) -> Value: uPc+kt0NkVJsiv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NkVJsiv (Trojan.Downloader.Gen) -> Value: uPc+kt0NkVJsiv -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvbhiejltOY (Trojan.Downloader.Gen) -> Value: LvbhiejltOY -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvbhiejltOY (Trojan.Downloader.Gen) -> Value: LvbhiejltOY -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvbhiejlZx_ (Trojan.Downloader.Gen) -> Value: LvbhiejlZx_ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvbhiejlZx_ (Trojan.Downloader.Gen) -> Value: LvbhiejlZx_ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NtWqIVLZEWZU (Trojan.FakeAlert) -> Value: NtWqIVLZEWZU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlmc (Trojan.Downloader.Gen) -> Value: Lvbhiejlmc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlmc (Trojan.Downloader.Gen) -> Value: Lvbhiejlmc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsZ (Trojan.Downloader) -> Value: MqsZ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsZ (Trojan.Downloader) -> Value: MqsZ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlqc (Trojan.Downloader.Gen) -> Value: Lvbhiejlqc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlqc (Trojan.Downloader.Gen) -> Value: Lvbhiejlqc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlprc (Trojan.Downloader.Gen) -> Value: Lvbhiejlprc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlprc (Trojan.Downloader.Gen) -> Value: Lvbhiejlprc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlud (Trojan.Downloader.Gen) -> Value: Lvbhiejlud -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlud (Trojan.Downloader.Gen) -> Value: Lvbhiejlud -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlqb (Trojan.Downloader.Gen) -> Value: Lvbhiejlqb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlqb (Trojan.Downloader.Gen) -> Value: Lvbhiejlqb -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
c:\program files\installpedia (Adware.InstallPedia) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\program files\installpedia\lnetworker.exe (Adware.InstallPedia) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\cnamxsrewo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\fxl2vtl6fy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Alex\.commgr\complmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\drweb.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
c:\program files\installpedia\service.exe (Adware.InstallPedia) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\tmp8583a58a\setup1003.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Alex\downloads\VLCSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\installpedia\networker.exe (Adware.InstallPedia) -> Quarantined and deleted successfully.
c:\program files\installpedia\pref_updater.exe (Adware.InstallPedia) -> Quarantined and deleted successfully.
c:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\services.exe (Password.Stealer) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\win16.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\bnbvkw_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\cynrh_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\dqfcqeap_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\eqgcy_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\zfqtgkwj_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\bkwjmg_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\bmymqk_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\bnbvkw_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\cynrh_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\dqfcqeap_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\eqgcy_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\jesvkh_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\zfqtgkwj_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\MSup1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Roaming\Amzad\nihep.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\vh100gfle.dll (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\aofab.dll (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\rny18apbk.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\w0bspxl83.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\Yqu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\mdm.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Windows\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\win.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\install.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\system.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\winamp.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\program files\installpedia\ionic.zip.reduced.dll (Adware.InstallPedia) -> Quarantined and deleted successfully.
c:\program files\installpedia\Utils.dll (Adware.InstallPedia) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4698
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18943
26/09/2010 15:46:57
mbam-log-2010-09-26 (15-46-57).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 326930
Temps écoulé: 1 heure(s), 18 minute(s), 25 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 62
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\usaflkxe (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\712089 (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{6b92e364-23ab-7a2e-f545-fc8c5304bb6e} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msupdate (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\Users\Alex\AppData\Local\usaflkxe.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\fxl2vtl6fy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Alex\.COMMgr\complmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\drweb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\712089.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\ewmsroxacn.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\F2EF.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\foqr4nt0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\khvcol.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\mdm.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\notepad.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\rxmoacesnw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\taskmgr.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\winamp.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\ycap6can3.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\~TM14F2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\VirtualStore\Windows\System32\syce.xto (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Alex\Downloads\install_FullPackCodecs_FR.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Temp\41884873.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\56f26500.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\73c592c7.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\82cd4b1b.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\a0cd2d50.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\a3daa89f.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\cd0f75d1.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\e932a527.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\efa84a5d.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\~os628.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~os628.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~os628.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~os628.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~os628.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\czwliw_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\dgpfh_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\ebbiheul_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\oqrtuv_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\czwliw_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\dgpfh_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\ebbiheul_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\oqrtuv_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\usaflkxe_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\Amzad\nihep.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\MSup1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Meme apres avoir supprimé les fichier, le virus est toujours présent.
Donc si quelqu'un pourrait m'aider a me sortir de ce pétrin ..
Je vous remerci d'avance et vous souhaite un joyeux noel a tous ! :)
Voila je suis sur windows vista et depuis hier s'est installé ANTIVIRUS SECURITY ALERT sur mon PC.
Pensant que je n'étais pas le seul, j'ai fouillé le net a la recherche d'une solution. Ayant essayé tout ce que je maitrisais, je ne suis toujours pas venu a bout du probleme.
J'ai essayé malware byte bien entendu mais ca ne change rien.
Voici mes rapports malwarebyte :
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Version de la base de données: 5214
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18999
25/12/2010 12:21:52
mbam-log-2010-12-25 (12-21-52).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 189188
Temps écoulé: 19 minute(s), 8 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 39
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 46
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\I.P services (Adware.InstallPedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IP Network (Adware.InstallPedia) -> Value: IP Network -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cnamxsrewo.exe (Trojan.FakeAlert) -> Value: cnamxsrewo.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cnamxsrewo.exe (Trojan.FakeAlert) -> Value: cnamxsrewo.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Agent) -> Value: hf8wefhuaihf8ewfydiujhfdsfdf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\COM+ Manager (Trojan.Downloader) -> Value: COM+ Manager -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.VirTool) -> Value: hsf87efjhdsf87f3jfsdi7fhsujfd -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Metropolis (Trojan.FakeAlert) -> Value: Metropolis -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlppf (Password.Stealer) -> Value: Lvbhiejlppf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlppf (Password.Stealer) -> Value: Lvbhiejlppf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlq+ (Trojan.Agent) -> Value: Lvbhiejlq+ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlq+ (Trojan.Agent) -> Value: Lvbhiejlq+ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mquse (Trojan.Agent) -> Value: Mquse -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mquse (Trojan.Agent) -> Value: Mquse -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSUpdate (Trojan.Agent) -> Value: MSUpdate -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{6B92E364-23AB-7A2E-F545-FC8C5304BB6E} (Trojan.ZbotR.Gen) -> Value: {6B92E364-23AB-7A2E-F545-FC8C5304BB6E} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NaLYJsiv (Trojan.Downloader.Gen) -> Value: uPc+kt0NaLYJsiv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NaLYJsiv (Trojan.Downloader.Gen) -> Value: uPc+kt0NaLYJsiv -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NkVJsiv (Trojan.Downloader.Gen) -> Value: uPc+kt0NkVJsiv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NkVJsiv (Trojan.Downloader.Gen) -> Value: uPc+kt0NkVJsiv -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvbhiejltOY (Trojan.Downloader.Gen) -> Value: LvbhiejltOY -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvbhiejltOY (Trojan.Downloader.Gen) -> Value: LvbhiejltOY -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvbhiejlZx_ (Trojan.Downloader.Gen) -> Value: LvbhiejlZx_ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvbhiejlZx_ (Trojan.Downloader.Gen) -> Value: LvbhiejlZx_ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NtWqIVLZEWZU (Trojan.FakeAlert) -> Value: NtWqIVLZEWZU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlmc (Trojan.Downloader.Gen) -> Value: Lvbhiejlmc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlmc (Trojan.Downloader.Gen) -> Value: Lvbhiejlmc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsZ (Trojan.Downloader) -> Value: MqsZ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsZ (Trojan.Downloader) -> Value: MqsZ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlqc (Trojan.Downloader.Gen) -> Value: Lvbhiejlqc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlqc (Trojan.Downloader.Gen) -> Value: Lvbhiejlqc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlprc (Trojan.Downloader.Gen) -> Value: Lvbhiejlprc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlprc (Trojan.Downloader.Gen) -> Value: Lvbhiejlprc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlud (Trojan.Downloader.Gen) -> Value: Lvbhiejlud -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlud (Trojan.Downloader.Gen) -> Value: Lvbhiejlud -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlqb (Trojan.Downloader.Gen) -> Value: Lvbhiejlqb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvbhiejlqb (Trojan.Downloader.Gen) -> Value: Lvbhiejlqb -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
c:\program files\installpedia (Adware.InstallPedia) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\program files\installpedia\lnetworker.exe (Adware.InstallPedia) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\cnamxsrewo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\fxl2vtl6fy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Alex\.commgr\complmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\drweb.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
c:\program files\installpedia\service.exe (Adware.InstallPedia) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\tmp8583a58a\setup1003.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Alex\downloads\VLCSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\installpedia\networker.exe (Adware.InstallPedia) -> Quarantined and deleted successfully.
c:\program files\installpedia\pref_updater.exe (Adware.InstallPedia) -> Quarantined and deleted successfully.
c:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\services.exe (Password.Stealer) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\win16.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\bnbvkw_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\cynrh_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\dqfcqeap_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\eqgcy_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\zfqtgkwj_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\bkwjmg_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\bmymqk_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\bnbvkw_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\cynrh_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\dqfcqeap_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\eqgcy_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\jesvkh_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\application data\zfqtgkwj_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\Users\Alex\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\MSup1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Roaming\Amzad\nihep.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\vh100gfle.dll (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\aofab.dll (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\rny18apbk.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\w0bspxl83.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\Yqu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\mdm.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Windows\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\win.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\install.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\system.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\winamp.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\program files\installpedia\ionic.zip.reduced.dll (Adware.InstallPedia) -> Quarantined and deleted successfully.
c:\program files\installpedia\Utils.dll (Adware.InstallPedia) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4698
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18943
26/09/2010 15:46:57
mbam-log-2010-09-26 (15-46-57).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 326930
Temps écoulé: 1 heure(s), 18 minute(s), 25 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 62
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\usaflkxe (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\712089 (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{6b92e364-23ab-7a2e-f545-fc8c5304bb6e} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msupdate (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\Users\Alex\AppData\Local\usaflkxe.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\fxl2vtl6fy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Alex\.COMMgr\complmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\drweb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\712089.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\ewmsroxacn.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\F2EF.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\foqr4nt0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\khvcol.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\mdm.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\notepad.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\rxmoacesnw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\taskmgr.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\winamp.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\ycap6can3.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\~TM14F2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\VirtualStore\Windows\System32\syce.xto (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Alex\Downloads\install_FullPackCodecs_FR.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Temp\41884873.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\56f26500.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\73c592c7.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\82cd4b1b.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\a0cd2d50.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\a3daa89f.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\cd0f75d1.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\e932a527.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\efa84a5d.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\~os628.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~os628.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~os628.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~os628.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~os628.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osAAEE.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\Temp\~osE6F7.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\czwliw_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\dgpfh_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\ebbiheul_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\oqrtuv_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\czwliw_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\dgpfh_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\ebbiheul_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\oqrtuv_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\Local Settings\Application Data\usaflkxe_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Alex\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\Amzad\nihep.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\MSup1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Meme apres avoir supprimé les fichier, le virus est toujours présent.
Donc si quelqu'un pourrait m'aider a me sortir de ce pétrin ..
Je vous remerci d'avance et vous souhaite un joyeux noel a tous ! :)
A voir également:
- Antivirus security alert
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Antivirus gratuit norton internet security - Télécharger - Antivirus & Antimalwares
- Comodo antivirus - Télécharger - Sécurité
- Panda antivirus - Télécharger - Antivirus & Antimalwares
- Echec de l'analyse antivirus - Astuces et Solutions
13 réponses
Il faut virer le proxy, c'est cette cochonnerie qui doit empêcher la connexion
Ouvre internet Explorer
Clique sur outils
Sélectionne options internet
ouvre l'onglet connexions
clique sur le bouton paramètre réseau
décoche utiliser un serveur proxy pour votre réseau local
clique sur OK
Ouvre internet Explorer
Clique sur outils
Sélectionne options internet
ouvre l'onglet connexions
clique sur le bouton paramètre réseau
décoche utiliser un serveur proxy pour votre réseau local
clique sur OK
Bonjour
Malwarebytes n'est pas à jour
* Télécharge sur le bureau RogueKiller (par tigzy)
* Quitte tous tes programmes en cours
* Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur
* Lance RogueKiller.exe.
* Lorsque demandé, tape 1 et valide
* Si le programme demande pour supprimer le proxy, tape 1 si tu es sûr que ce n'est pas toi qui l'a mis, sinon taper 2
* Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
* Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.
NOTE: taper 2 pour mode suppression
NOTE: S'il y a un proxy de trouvé , taper 1 pour la suppression
Malwarebytes n'est pas à jour
* Télécharge sur le bureau RogueKiller (par tigzy)
* Quitte tous tes programmes en cours
* Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur
* Lance RogueKiller.exe.
* Lorsque demandé, tape 1 et valide
* Si le programme demande pour supprimer le proxy, tape 1 si tu es sûr que ce n'est pas toi qui l'a mis, sinon taper 2
* Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
* Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.
NOTE: taper 2 pour mode suppression
NOTE: S'il y a un proxy de trouvé , taper 1 pour la suppression
Merci pour ta reponse :)
Voila le rapport :
RogueKiller V3.5.1 by Tigzy
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows Vista (6.0.6001 Service Pack 1) version 32 bits
Mode: Scan -- Time : 25/12/2010 17:19:37
Bad processes:
Found:
HKCU\...\RUN\ cacaoweb : "C:\Users\Alex\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
HKCU\...\RUN\ eqgcy : "c:\users\alex\appdata\local\eqgcy.exe" eqgcy
HKCU\...\RUN\ JP595IR86O : C:\Users\Alex\AppData\Local\Temp\Yql.exe
HKCU\...\RUN\ aofjoggd : C:\Users\Alex\AppData\Local\Temp\esmrpoxca\onybmcjlajb.exe
HKCU\...\RUN\ vdgbxssj : C:\Users\Alex\AppData\Local\Temp\cgiqpgltn\ovmuufllajb.exe
HKCU\...\Internet Settings\ ProxyServer : http=127.0.0.1:8074
Finished
Voila le rapport :
RogueKiller V3.5.1 by Tigzy
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows Vista (6.0.6001 Service Pack 1) version 32 bits
Mode: Scan -- Time : 25/12/2010 17:19:37
Bad processes:
Found:
HKCU\...\RUN\ cacaoweb : "C:\Users\Alex\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
HKCU\...\RUN\ eqgcy : "c:\users\alex\appdata\local\eqgcy.exe" eqgcy
HKCU\...\RUN\ JP595IR86O : C:\Users\Alex\AppData\Local\Temp\Yql.exe
HKCU\...\RUN\ aofjoggd : C:\Users\Alex\AppData\Local\Temp\esmrpoxca\onybmcjlajb.exe
HKCU\...\RUN\ vdgbxssj : C:\Users\Alex\AppData\Local\Temp\cgiqpgltn\ovmuufllajb.exe
HKCU\...\Internet Settings\ ProxyServer : http=127.0.0.1:8074
Finished
Clic droit sur Rogue Killer, et sur exécuter en tant qu'administrateur
Tape 2 mode suppression, et poste le rapport
Tape 2 mode suppression, et poste le rapport
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Je ne sais pas si s'est ca que tu me demande ? :
RogueKiller V3.5.1 by Tigzy
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows Vista (6.0.6001 Service Pack 1) version 32 bits
Mode: Remove -- Time : 25/12/2010 17:53:07
Bad processes:
Deregistred:
Finished
RogueKiller V3.5.1 by Tigzy
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows Vista (6.0.6001 Service Pack 1) version 32 bits
Mode: Remove -- Time : 25/12/2010 17:53:07
Bad processes:
Deregistred:
Finished
ca y est je l'ai lancé, je ne suis plus en mode sans echec car le spy semble avoir disparu ( plus d'alerte ) Mais l'ordi est très lent. Est-ce normal ?
on va regarder
* Télécharge ZHPDiag (de Nicolas Coolman)
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
Héberge le rapport ICI
* Télécharge ZHPDiag (de Nicolas Coolman)
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
Héberge le rapport ICI
A la fin de l'installation :
" Impossible d'exécuter le fichier
Create process a échoué ; code 740
L'opération demandé nécessite une élévation "
Donc impossible d'installer ZHPDiag ...
" Impossible d'exécuter le fichier
Create process a échoué ; code 740
L'opération demandé nécessite une élévation "
Donc impossible d'installer ZHPDiag ...
Bonjour Tu fait clic droit sur l'icône de ZHPDiag présent sur le bureau
Clique sur propriétés, et sur l'onglet compatibilité
En bas, coche Exécuter ce programme en tant qu'administrateur
Clique sur Appliquer, puis sur OK
Ensuite, clic droit sur l'icône de ZHPDiag, et clique exécuter en tant
qu'administrateur
O.o°*??? Ex Nathandre aux 12938 messages depuis le 27.10.2008 °.Oø¤º°'°º¤ø
Clique sur propriétés, et sur l'onglet compatibilité
En bas, coche Exécuter ce programme en tant qu'administrateur
Clique sur Appliquer, puis sur OK
Ensuite, clic droit sur l'icône de ZHPDiag, et clique exécuter en tant
qu'administrateur
O.o°*??? Ex Nathandre aux 12938 messages depuis le 27.10.2008 °.Oø¤º°'°º¤ø
pour info, RogueKiller vire le proxy quand la manip est fait correctement
En mode 2, l'outil demande si on veut virer le proxy. Si oui, il faut alors taper 1.
PS: Le rapport RogueKiller n'est pas complet, il y a uniquement le dernier scan qui a été fait.