Sujet Précédent Sujet Suivant

Je suis infecté - aide svp !

dimdim -  
zep2007 Messages postés 21 Statut Membre -
Bonjour,
Je suis infecté c certain parce que je n'ai plus accés a mon gestionnaire des taches et j'ai sans arret des alertes. j'ai mcafee en antivirus.
je laisse le rapport hijackthis. aidez moi s'il vous plait.

Logfile of HijackThis v1.99.1
Scan saved at 06:34:55, on 04/09/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\enmxwbyr\mpqtuxwj.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\VIE7D30.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\dimitri\AppData\Local\Temp\6.tmp.exe
C:\Windows\System32\dgxwrery.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\dimitri\AppData\Local\Temp\b.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\dimitri\AppData\Local\Temp\Rar$EX00.800\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll
O2 - BHO: QXK Olive - {54445830-1BDA-41E6-9E4B-87305FED3DCF} - C:\Windows\vanwxemggdr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: gksraemq - {D0F811AD-FA98-436A-B4CE-B43F178537BE} - C:\Windows\gksraemq.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [\VIE7D30.exe] C:\Windows\System32\VIE7D30.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Somefox] C:\Users\dimitri\AppData\Local\Temp\6.tmp.exe
O4 - HKCU\..\Run: [ActMonUi] C:\Windows\system32\dgxwrery.exe
O4 - HKCU\..\Run: [\VIE7D30.exe] C:\Windows\System32\VIE7D30.exe
O4 - HKCU\..\Run: [\VIE4D44.exe] C:\Windows\System32\VIE4D44.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O21 - SSODL: xrdwbfgn - {89FAB83A-5D27-4A30-BF04-7294942B1E86} - C:\Windows\xrdwbfgn.dll
O21 - SSODL: dgksvbpn - {C8250FBE-3E7B-4FCA-9E73-AFE871942FF9} - C:\Windows\dgksvbpn.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Gestion de l'alimentation de l'adaptateur réseau interne Dell (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Ps : Il y a des fenetre en anglais qui se sont ouvertes pdt le rapport, je ne les ai pas comprises ..

merci.

15 réponses

Réponse 1 / 15
douchka66 Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   46
 
bonjour tu fais un scan complet avec malwarebytes et donne le rapport
0
Réponse 2 / 15
dimdim
 
Merci pour votre reponse. en attendant le scan avec malwarebytes,je vous donne un peu plus d'info sur les symtomes.
Alors tout d'abord
1) mon gestionnaire des taches n'est plus accessible
2) Internet explorer n'est plus utlisable
3) une fenetre IE s'affiche toutes les cinq minutes pour me dire que je suis mal protgé (security center)

Voila je crois que c les pb principaux mais c quand meme pas mal galere/..

deja 20 minutes que malwarebytes tourne et tjr pas fini, c normal?
je poste des que fini ;)
merci pour votrre aide
0
douchka66 Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   46
 
re oui normal en fonction du nombre de fichiers il faut compter environ une heure
0
Réponse 3 / 15
dimdim
 
Cela fait 2h30 maintenant .. :s je me demande si c'est normal... Le fait que mon DD soit repli au 3/4 en est peut etre la cause ?
0
Réponse 4 / 15
Utilisateur anonyme
 
Salut,

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.

Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517

# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Fais un clic droit sur Smitfraudfix.exe
choisi executer en tant qu administrateur
choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
dimdim
 
Douchka, voici le rapport malwarebytes que tu m'as demandé il y a trois heures ^^

j'espere que tu sauras comment procéder.

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1112
Windows 6.0.6000

04/09/2008 15:50:26
mbam-log-2008-09-04 (15-50-11).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 159596
Temps écoulé: 2 hour(s), 36 minute(s), 49 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 50
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 88

Processus mémoire infecté(s):
C:\Windows\System32\VIE7D30.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\dimitri\AppData\Local\Temp\b.exe (Trojan.Agent) -> No action taken.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{1090716b-7276-45bc-8a6e-221190a3ede0} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c22dc5c5-bb23-4025-b738-9173dfddd8f1} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e3aab1ac-8e2a-495a-8221-29b227700c25} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54445830-1bda-41e6-9e4b-87305fed3dcf} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54445830-1bda-41e6-9e4b-87305fed3dcf} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{89215487-a8a4-47c6-bf4a-d82c7b81e40f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{89fab83a-5d27-4a30-bf04-7294942b1e86} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6c31fa92-4feb-402d-b9d1-718c5c68c29e} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ee4cd0f9-6f7d-4928-934b-0cf35c091ac8} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d0f811ad-fa98-436a-b4ce-b43f178537be} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{18fe30e0-8d81-4344-8d5b-e70cdd5db258} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c8250fbe-3e7b-4fca-9e73-afe871942ff9} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\gksraemq.bmwf (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie7d30.exe (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie7d30.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie4d44.exe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xrdwbfgn (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d0f811ad-fa98-436a-b4ce-b43f178537be} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dgksvbpn (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Windows\mslagent (Adware.EGDAccess) -> No action taken.
C:\Program Files\akl (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> No action taken.
C:\Windows\System32\smp (Fake.Dropped.Malware) -> No action taken.

Fichier(s) infecté(s):
C:\Windows\System32\VIE7D30.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\dimitri\AppData\Local\Temp\b.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\dimitri\AppData\Local\Temp\1B15.tmp (Rogue.Installer) -> No action taken.
C:\Windows\elnb.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\mslagent\2_mslagent.dll (Adware.EGDAccess) -> No action taken.
C:\Windows\mslagent\mslagent.exe (Adware.EGDAccess) -> No action taken.
C:\Windows\mslagent\uninstall.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> No action taken.
C:\Windows\System32\smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\SAV\sav0.dat (Rogue.SystemAntivirus) -> No action taken.
C:\Program Files\SAV\sav1.dat (Rogue.SystemAntivirus) -> No action taken.
C:\Windows\a.bat (Fake.Dropped.Malware) -> No action taken.
C:\Windows\base64.tmp (Fake.Dropped.Malware) -> No action taken.
C:\Windows\FVProtect.exe (Fake.Dropped.Malware) -> No action taken.
C:\Windows\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken.
C:\Windows\winsystem.exe (Fake.Dropped.Malware) -> No action taken.
C:\Windows\zip1.tmp (Fake.Dropped.Malware) -> No action taken.
C:\Windows\zip2.tmp (Fake.Dropped.Malware) -> No action taken.
C:\Windows\zip3.tmp (Fake.Dropped.Malware) -> No action taken.
C:\Windows\zipped.tmp (Fake.Dropped.Malware) -> No action taken.
C:\Windows\bdn.com (Trojan.Agent) -> No action taken.
C:\Windows\iTunesMusic.exe (Trojan.Agent) -> No action taken.
C:\Windows\mssecu.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\akttzn.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\anticipator.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\awtoolb.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\bdn.com (Trojan.Agent) -> No action taken.
C:\Windows\System32\bsva-egihsg52.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\dpcproxy.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\emesx.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\hoproxy.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\hxiwlgpm.dat (Trojan.Agent) -> No action taken.
C:\Windows\System32\hxiwlgpm.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\medup012.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\medup020.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\msgp.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\msnbho.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\mssecu.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\msvchost.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\mtr2.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\mwin32.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\netode.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\newsd32.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\ps1.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\psof1.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\psoft1.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\regc64.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\regm64.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\Rundl1.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\sncntr.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\ssurf022.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\ssvchost.com (Trojan.Agent) -> No action taken.
C:\Windows\System32\ssvchost.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\sysreq.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\taack.dat (Trojan.Agent) -> No action taken.
C:\Windows\System32\taack.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\temp#01.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\thun.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\thun32.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\VBIEWER.OCX (Trojan.Agent) -> No action taken.
C:\Windows\System32\vcatchpi.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\winlogonpc.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\winsystem.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\WINWGPX.EXE (Trojan.Agent) -> No action taken.
C:\Windows\System32\vbsys2.dll (Trojan.Clicker) -> No action taken.
C:\Windows\vanwxemggdr.dll (Trojan.FakeAlert) -> No action taken.
C:\Windows\xrdwbfgn.dll (Trojan.FakeAlert) -> No action taken.
C:\Windows\sxmaokgf.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\gksraemq.dll (Trojan.FakeAlert) -> No action taken.
C:\Windows\dgksvbpn.dll (Trojan.FakeAlert) -> No action taken.
C:\Users\dimitri\AppData\Local\Temp\6.tmp.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\dimitri\AppData\Local\Temp\lwpwer.exe (Trojan.FakeAlert) -> No action taken.

chiquitine, est ce vraiment necessaire de faire ce que tu ma demandé apres ce rapport malwarebyts?
0
douchka66 Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   46
 
re je comprends pourquoi 2h30 ce n'est plus une infection mais une gangreine supprime le tout et maintenant ccleaner ensuite tu redemarre l'ordi un conseil de remettre un tour complet de malwarebytes mais avant il faut tjrs faire une mise a jour ok donne réponse merci pour chiquitine a sa demande plus nécessaire
0
Réponse 6 / 15
dimdim
 
oups je crois que je suis allé trop vite, j'ai eu un deuxieme rapport qui est celui ci :

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1112
Windows 6.0.6000

04/09/2008 15:53:39
mbam-log-2008-09-04 (15-53-39).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 159596
Temps écoulé: 2 hour(s), 36 minute(s), 49 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 50
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 88

Processus mémoire infecté(s):
C:\Windows\System32\VIE7D30.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Users\dimitri\AppData\Local\Temp\b.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1090716b-7276-45bc-8a6e-221190a3ede0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c22dc5c5-bb23-4025-b738-9173dfddd8f1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e3aab1ac-8e2a-495a-8221-29b227700c25} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54445830-1bda-41e6-9e4b-87305fed3dcf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54445830-1bda-41e6-9e4b-87305fed3dcf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{89215487-a8a4-47c6-bf4a-d82c7b81e40f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{89fab83a-5d27-4a30-bf04-7294942b1e86} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6c31fa92-4feb-402d-b9d1-718c5c68c29e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ee4cd0f9-6f7d-4928-934b-0cf35c091ac8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d0f811ad-fa98-436a-b4ce-b43f178537be} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18fe30e0-8d81-4344-8d5b-e70cdd5db258} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c8250fbe-3e7b-4fca-9e73-afe871942ff9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gksraemq.bmwf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie7d30.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie7d30.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie4d44.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xrdwbfgn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d0f811ad-fa98-436a-b4ce-b43f178537be} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dgksvbpn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Windows\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\VIE7D30.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\dimitri\AppData\Local\Temp\b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\dimitri\AppData\Local\Temp\1B15.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Windows\elnb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\SAV\sav0.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\SAV\sav1.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Windows\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Windows\vanwxemggdr.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\xrdwbfgn.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\sxmaokgf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\gksraemq.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\dgksvbpn.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\dimitri\AppData\Local\Temp\6.tmp.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\dimitri\AppData\Local\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

désolé pour le nombre de msg..
0
Réponse 7 / 15
Utilisateur anonyme
 
réouvre malewarebyte
va sur quarantaine
supprime tout

oui smithfraude est necessaire a ton infection
0
douchka66 Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   46
 
chiquitine tu es gentille mais regarde mes posts précédents il y a un ordre
0
Réponse 8 / 15
Utilisateur anonyme
 
désolé j a pas fais attention , je vous laisse

bonne suite

@++
0
Réponse 9 / 15
dimdim
 
Douchka, je n'ai pas compris ce que tu me demandes, peux tu etre plus explicite ?
Merci.
0
douchka66 Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   46
 
tu ouvres a nouveau malwarebytes tu supprimes les infections dans la quarantaine
ensuite tu refais un scan mais avant tu dois faire une mise a jour sécurité oblige
tu repostes et ensuite nettoyage avec ccleaner ok
0
Réponse 10 / 15
dimdim
 
Ok j'ai supprimé dans quarantaine de malwarebytes. Mais la mise a jour securité je la fais comment? je suis dsl d'etre aussi .. débutant..
0
douchka66 Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   46
 
regarde en haut quand malwarebytes est ouvert mise a jour et ne pas oublier ccleaner apres ok
0
Réponse 11 / 15
dimdim
 
je possede la version la plus recente de malwarebytes donc pas besoin de mise a jour apparemment.

le rapport est en cours (deux heures, tjr aussi long)

Bonne nouvelle jai acces a mon gestionnaire et jai des alertes que une fois de temps en temps de la part de fenetre de IE "windows security alert" Windows firewall has detected activity of harmful software - name : Trojan-spy.HTML.Bankfraud.dq

je pense que c une fausse alerte mais j'aimerais bien ne plus l'avoir ! comment faire ?

ps : j'ai fais ccleaner .
que reste il a fair ?
0
Réponse 12 / 15
dimdim
 
Voici mon rapport Malwarebytes apres passage de ccleaner

Je tiens à rajouter qu'apres suppression de la quarantaine, jai quand meme les fausses alertes qui persistent.

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1112
Windows 6.0.6000

04/09/2008 18:32:22
mbam-log-2008-09-04 (18-32-22).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 154312
Temps écoulé: 2 hour(s), 11 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\dimitri\AppData\Local\Temp\c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 13 / 15
douchka66 Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   46
 
tu avais encore un fichier infecté mais si je te dis de mettre ajour c'est qu'il faut mettre a jour ok c'est toi qui a besoin de nous pas moi
0
Réponse 14 / 15
dimdim
 
Bin ecoute je veux bien moi, mettre à jour mais je te dis ce qu'il m'arrive quand je clique sur recherche de mise a jour , a savoir : "vous avez deja la derniere version de la base de données".(version 1.26 released)
Apres si j'ai mal fait, je veux bien que tu me dises.

Comment s'appelle le fichier infecté quil me reste ? parce que en effet , il y a encore un ptit truc qui m'embete, c'est la fenetre qui s'ouvre tout le temps qui me dit que je suis pas protégé.

encore merci pour ton aide qui m'est bienutile ! :)
0
douchka66 Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   46
 
ton fichier infecté il faut supprimer dans la quarantaine mainte nant ccleaner stp je te reprends demain bonne soirée
0
Réponse 15 / 15
zep2007 Messages postés 21 Statut Membre 3
 
jete un oeil sur ce lien http://www.ecom-sms.com/cours.html
tu trouvera surment ton bonheur a ce sujet ;-)
0

Discussions similaires

infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
Virus non détecté par mon anti-virus ?
F2L -
cabrier -

12 réponses
suis je infecté
mehditunisien -
buginformatik -

6 réponses
simon
sisititi -
azert1313 -

1 réponse
Suis-je vraiment infecté ?
jn316 -
crapoulou -

13 réponses