Sujet Précédent Sujet Suivant

Help virus spyware trojan et compagnie

fred -  
 pat -
Bonjour,
mon pc bug
je ne peux plus rien faire le systeme antivirus s'ouvre toute les trente seconde
la version d'eval de nod32 ne detecte rien je sais pas quoi faire en plus j'ai une version bidoullée de xp pro !
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
salut,
la prochaine fois,évite de télécharger des codecs pour lire des vidéos pornos
ou alors évite les cracks
c'est une des deux qui fait que tu es infecté...
3
fred
 
j'en toucherais deux mots (peut etre trois ou quarte d'ailleurs) a mon mec car c son portable ;)
0
fred
 
haaaaaaaaaaa
firefox a planté et ensuite mon ordi s'est éteint et s'est rallumé ?????
0
Réponse 2 / 21
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
c'est tout le problème des windows modifiés,
ils ne font pas les mises à jour et du coup les pirates connaissent les failles de sécurité qui incombes se genres de XP
https://forum.malekal.com/viewtopic.php?f=45&t=12405&p=95936#p95936
https://forum.malekal.com/viewtopic.php?t=13629&f=33&sid=6dad73d81b73b277e2b4bd9d752c4763#p104313

tu peux toujours securiser ton ordi via ce lien
https://www.malekal.com/proteger-pc-virus-pirates/?f=3&t=381
1
Réponse 3 / 21
danny386 Messages postés 495 Statut Membre 157
 
Télécharger sur le bureau malwarebytes à cette adresse :

ici

Voici un tuto pour bien l installer et bien l utiliser :

ici

Après l analyse, redémarrer le pc et poste le rapport !!
0
fred
 
je l'ai bien enregistré mais il n'est pas sur mon bureau!
je le trouve pas
0
Réponse 4 / 21
fred
 
j'ai une version spéciale du windows pro c'est proxor tu connais ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
danny386 Messages postés 495 Statut Membre 157
 
Non. Cherche le. Peut être dans "Mes téléchargements". Sinon tu utlises la fonction rechercher de windows.
0
fred
 
youhou c le festival meme ma fille en a attrapé un rhume!!
0
fred
 
ET VOILA
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1166
Windows 5.1.2600 Service Pack 1

23/01/2001 05:58:11
mbam-log-2001-01-23 (05-57-49).txt

Type de recherche: Examen rapide
Eléments examinés: 37893
Temps écoulé: 3 minute(s), 54 second(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 66
Valeur(s) du Registre infectée(s): 30
Elément(s) de données du Registre infecté(s): 41
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 94

Processus mémoire infecté(s):
C:\Documents and Settings\Administrateur\Local Settings\Temp\c.exe (Trojan.Agent) -> No action taken.
C:\Program Files\SAV\sav.exe (Rogue.SystemAntivirus) -> No action taken.
C:\WINDOWS\system32\lphcagej0eg58.exe (Trojan.FakeAlert) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\blphcagej0eg58.scr (Trojan.FakeAlert) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{963916cd-6311-485d-93dc-3bd1b9e2d2cb} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54160f28-994b-48dd-8d83-1b2f6b9eb054} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b0fdc513-46b9-46fc-8e70-d575ee546dae} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963916cd-6311-485d-93dc-3bd1b9e2d2cb} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54160f28-994b-48dd-8d83-1b2f6b9eb054} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcegej0eg58 (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcegej0eg58 (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\actsmart (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ve9dwzs8vk (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcegej0eg58 (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.SystemAntivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.SystemAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcagej0eg58 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdoea.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5 85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{125138f6-d7fa-41f5-ac60-fb8957956354}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{346bd911-92d6-4d2e-8892-e79d326ee8e9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{346bd911-92d6-4d2e-8892-e79d326ee8e9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a33ad5fd-44d9-46ea-b8ce-278b57bfe07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a33ad5fd-44d9-46ea-b8ce-278b57bfe07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cc321314-6891-494c-860d-d6a7cf907aa7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5 85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{125138f6-d7fa-41f5-ac60-fb8957956354}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{346bd911-92d6-4d2e-8892-e79d326ee8e9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{346bd911-92d6-4d2e-8892-e79d326ee8e9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a33ad5fd-44d9-46ea-b8ce-278b57bfe07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a33ad5fd-44d9-46ea-b8ce-278b57bfe07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc321314-6891-494c-860d-d6a7cf907aa7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5 85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{125138f6-d7fa-41f5-ac60-fb8957956354}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{346bd911-92d6-4d2e-8892-e79d326ee8e9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{346bd911-92d6-4d2e-8892-e79d326ee8e9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{a33ad5fd-44d9-46ea-b8ce-278b57bfe07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{a33ad5fd-44d9-46ea-b8ce-278b57bfe07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{cc321314-6891-494c-860d-d6a7cf907aa7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{cc321314-6891-494c-860d-d6a7cf907aa7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> No action taken.

Dossier(s) infecté(s):
C:\WINDOWS\mslagent (Adware.EGDAccess) -> No action taken.
C:\Program Files\akl (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\VirusHeat 4.3 (Rogue.VirusHeat) -> No action taken.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\rhcegej0eg58 (Rogue.Multiple) -> No action taken.
C:\WINDOWS\system32\717305 (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\527631 (Trojan.BHO) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\System32\kdoea.exe (Rootkit.DNSChanger.H) -> No action taken.
C:\WINDOWS\system32\exsxyvuj.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Documents and Settings\All Users\Application Data\mjcpujud\yrizovuv.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temp\c.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\rhcegej0eg58\rhcegej0eg58.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcegej0eg58\database.dat (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcegej0eg58\msvcp71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcegej0eg58\MFC71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcegej0eg58\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcegej0eg58\msvcr71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcegej0eg58\license.txt (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcegej0eg58\rhcegej0eg58.exe.local (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcegej0eg58\Uninstall.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\SAV\sav.exe (Rogue.SystemAntivirus) -> No action taken.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> No action taken.
C:\WINDOWS\system32\sav.cpl (Rogue.SystemAntivirus2008) -> No action taken.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\bdn.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\system32\lphcagej0eg58.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcagej0eg58.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\blphcagej0eg58.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temp\video92.cfg.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\All Users\Menu Démarrer\Security Troubleshooting.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Administrateur\Bureau\System Antivirus 2008.lnk (Rogue.SystemAntivirus2008) -> No action taken.
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt3D.tmp.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Administrateur\Favoris\Online Security Test.url (Rogue.Link) -> No action taken.
0
Réponse 6 / 21
danny386 Messages postés 495 Statut Membre 157
 
OULA !!! Ca en fait un paquet !! (J'pense que c'est le + que j'ai vu lol).

Une seule chose !!! Tu as pas fait supprimer la sélection !!!

Tout était bien expliqué dans le tuto, mais apparemment tu as pas regardé.

Va falloir recommencer l'analyse. Et cette fois ci, regarde bien le TUTO !!!

Et encore une chose !!! J'ai demandé examen complet, pas rapide.
0
fred
 
NOOOOOOOOOOOON
j'y tiens a mon proxor j'ai pas de cd et aucun moyen de le réavoir!!
0
Réponse 7 / 21
danny386 Messages postés 495 Statut Membre 157
 
????? De quoi tu parles ??? Quand je dis supprimer c'est supprimer les virus !!!
0
fred
 
pffffiiioouuuu
voila le rapport
j'ai plus de pb avec antivirus 2008
j'ai un fond d'ecan bleu pétard



Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1166
Windows 5.1.2600 Service Pack 1

23/01/2001 07:10:54
mbam-log-2001-01-23 (07-10-54).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 108944
Temps écoulé: 37 minute(s), 23 second(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 66
Valeur(s) du Registre infectée(s): 30
Elément(s) de données du Registre infecté(s): 41
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 98

Processus mémoire infecté(s):
C:\Documents and Settings\Administrateur\Local Settings\Temp\c.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Program Files\SAV\sav.exe (Rogue.SystemAntivirus) -> Unloaded process successfully.
C:\WINDOWS\system32\lphcagej0eg58.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\blphcagej0eg58.scr (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{963916cd-6311-485d-93dc-3bd1b9e2d2cb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54160f28-994b-48dd-8d83-1b2f6b9eb054} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0fdc513-46b9-46fc-8e70-d575ee546dae} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963916cd-6311-485d-93dc-3bd1b9e2d2cb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54160f28-994b-48dd-8d83-1b2f6b9eb054} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcegej0eg58 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcegej0eg58 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\actsmart (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ve9dwzs8vk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcegej0eg58 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcagej0eg58 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdoea.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5 85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{125138f6-d7fa-41f5-ac60-fb8957956354}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{346bd911-92d6-4d2e-8892-e79d326ee8e9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{346bd911-92d6-4d2e-8892-e79d326ee8e9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a33ad5fd-44d9-46ea-b8ce-278b57bfe07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a33ad5fd-44d9-46ea-b8ce-278b57bfe07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cc321314-6891-494c-860d-d6a7cf907aa7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5 85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{125138f6-d7fa-41f5-ac60-fb8957956354}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{346bd911-92d6-4d2e-8892-e79d326ee8e9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{346bd911-92d6-4d2e-8892-e79d326ee8e9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a33ad5fd-44d9-46ea-b8ce-278b57bfe07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a33ad5fd-44d9-46ea-b8ce-278b57bfe07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc321314-6891-494c-860d-d6a7cf907aa7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5 85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{125138f6-d7fa-41f5-ac60-fb8957956354}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{346bd911-92d6-4d2e-8892-e79d326ee8e9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{346bd911-92d6-4d2e-8892-e79d326ee8e9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{a33ad5fd-44d9-46ea-b8ce-278b57bfe07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{a33ad5fd-44d9-46ea-b8ce-278b57bfe07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{cc321314-6891-494c-860d-d6a7cf907aa7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{cc321314-6891-494c-860d-d6a7cf907aa7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.5,85.255.112.65 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\rhcegej0eg58 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\717305 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\527631 (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\System32\kdoea.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
C:\WINDOWS\system32\exsxyvuj.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\mjcpujud\yrizovuv.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Temp\c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\mIRC\mirc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\Documents and Settings\xp_home\Mes documents\programmes\logiciel musique\SOUND FORGE\Sony.Sound.Forge.v8.0a.Incl.Keygen-SSG\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\rhcegej0eg58\rhcegej0eg58.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcegej0eg58\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcegej0eg58\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcegej0eg58\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcegej0eg58\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcegej0eg58\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcegej0eg58\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcegej0eg58\rhcegej0eg58.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcegej0eg58\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\SAV\sav.exe (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sav.cpl (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcagej0eg58.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcagej0eg58.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcagej0eg58.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\video92.cfg.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Bureau\System Antivirus 2008.lnk (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt3D.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Favoris\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
0
fred
 
j'ai un disque dur partitionné il m'a nettoyé les deux ??
0
Réponse 8 / 21
Utilisateur anonyme
 
AIE! AIE! AIE! chimay je crois que t'a fais une gaffe, lol!!!!!! edit: aux sujet des pornos biensur lol
0
Réponse 9 / 21
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
oui,il a nettoyé les deux

D:\Documents and Settings\xp_home\Mes documents\programmes\logiciel musique\SOUND FORGE\Sony.Sound.Forge.v8.0a.Incl.Keygen-SSG\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

et ce sont des cracks
0
fred
 
merci bcp et pour ce qu'il viens de se passer? c normal que firefox plante et que je redémarre après ???
0
Réponse 10 / 21
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
on va vérifier

- Télécharge HiJackThis.zip de Merijn sur ton bureau.
- Dézippe le dans un dossier prévu à cet effet.
** exemple C:\hijackthis < Enregistre le bien dans c : !

- Double-clique dessus
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur "Do a scan and save log file".
- Le rapport s'ouvre sur le Bloc-Note.
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
- ** ne pas fixer de lignes sans notre avis **
Aide : N'hésite pas à consulter l'aide HiJackThis de Malekal_morte
En image
0
Réponse 11 / 21
fred
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:45:45, on 23/01/2001
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - C:\PROGRA~1\ZEROPO~1\ZERO-P~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Ad-Watch - {D0281F6F-F450-4baa-A932-16EDDFD9F39A} - C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O22 - SharedTaskScheduler: frowardness - {b0fdc513-46b9-46fc-8e70-d575ee546dae} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
0
Réponse 12 / 21
fred
 
firefox a replanté sans redémarrer et maintenant je dois accepter les certificats pour ovrir la page
0
Réponse 13 / 21
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
relance HJT(scan only) et coche ces lignes
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O22 - SharedTaskScheduler: frowardness - {b0fdc513-46b9-46fc-8e70-d575ee546dae} - (no file)

clic sur fix checked

faut faire des mises à jour
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Adobe\Acrobat 5.0
Java\jre1.6.0_06

pour XP
https://www.01net.com/telecharger/windows/Utilitaire/dll_librairies/fiches/29989.html

pour IE6
http://www.microsoft.com/downloads/details.aspx?familyid=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=fr

pour adobe,désinstalle la via ajout suppression des programmes
https://get2.adobe.com/reader/otherversions/

pour java
Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.

pour firefox,faut faire les mises à jour aussi
0
Réponse 14 / 21
fred
 
Alors voilà je viens de voir qu'il y avait une note sur le bureau qui me déconseille de faire les mises a jour de windows
cette note c selui qui a consu le programme qui l'a fait
pfffffffffffffffffffffffff
je sais pas quoi faire et ds le forum de proxor personne ne veux m'aider (ils ont la grosse tete et n'aiment pas les nuls en informatique)
0
Réponse 15 / 21
fred
 
merci de ton aide
je peux mettre pb résolu ?
0
Réponse 16 / 21
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
fais ceci avant

Télécharges : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ).

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
! déconnectes toi et fermes toutes applications en cours !
* vas dans "nettoyeur" : fait analyse puis nettoyage
* vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

***très important***

Suppression des points de restauration :
1.Ouvre le Menu Démarrer
2.Clique-droit sur Poste de travail
3.Clique sur Propriétés
4.Positionne-toi dans l'onglet Restauration du système
5.Coche "Désactiver la restauration système"
6.Valide par Ok
7.Redémarre ton pc
8.Reproduis les manipulations 1 à 3
9.Décoche "Désactiver la restauration système"
10.Valide par Ok
0
fred
 
heuuuu
je sais ou c'est sur mon pc mais là y'a rien
0
fred
 
sur la restauration systeme je le trouve pâs
0
fred
 
c confirmé je n'ai pas de restauration system
0
Réponse 17 / 21
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
ha mais y a rien à voir...
les malwares s'installent souvent dans la restauration système comme ça quand tu restaure ton pc tu restaure les malwares avec!!
c'est pour ça qu'il faut la vider et recréer un nouveau point de restauration sain

Donc,si tu as suivi les manips,t'as plus de fichiers dans la resto système
0
fred
 
voila le message lorsque j'essaye de creer un nouveau point de restauration

"la restauration du systeme a ete mise hors tension par la stratégie du groupe pour mettre la restauration du systeme sous tension, contactez votre administrateur de domaine"


(j'ai suivi toute les manips)
0
Réponse 18 / 21
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
bin les bizarre ton XP???
0
Réponse 19 / 21
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
bon,bin laisse tomber la resto système...
tu pourras toujours essayer avec les droits administrateur...mais je suis septiques
0
fred
 
merci de ton aide
0
Réponse 20 / 21
pat
 
Voir ca avec le copain de Céline

notre ami Rénée
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses