SanSNoNloOOol Posté(e) le 30 août 2008 Partager Posté(e) le 30 août 2008 Salut ! Après avoir 'installé' un Abobechépakoi, j'ai eu des popups du genre 'Windows Antispyware 2008'. J'ai su tout de suite que c'était des virus car j'avais deja vu ca chez qqun d'autre. Après des recherches pour supprimer le mal, j'ai utilisé Navilog1 dont voici le rapport : Search Navipromo version 3.6.5 commencé le 30/08/2008 à 11:44:42,10 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis D:\Program Files\navilog1 Session actuelle : "seb" Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.13 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "D:\WINDOWS2" *** D:\WINDOWS2\mslagent trouvé ! *** Recherche dossiers dans "D:\Program Files" *** *** Recherche dossiers dans "D:\Documents and Settings\All Users.WINDOWS2\menudm~1\progra~1" *** *** Recherche dossiers dans "D:\Documents and Settings\All Users.WINDOWS2\menudm~1" *** *** Recherche dossiers dans "d:\docume~1\alluse~1.win\applic~1" *** *** Recherche dossiers dans "D:\Documents and Settings\seb.SEB-5462D6492CF\applic~1" *** *** Recherche dossiers dans "D:\DOCUME~1\Jo\applic~1" *** *** Recherche dossiers dans "D:\Documents and Settings\seb.SEB-5462D6492CF\locals~1\applic~1" *** *** Recherche dossiers dans "D:\DOCUME~1\Jo\locals~1\applic~1" *** *** Recherche dossiers dans "D:\Documents and Settings\seb.SEB-5462D6492CF\menudm~1\progra~1" *** *** Recherche dossiers dans "D:\DOCUME~1\Jo\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "D:\WINDOWS2\system32" * * Recherche dans "D:\Documents and Settings\seb.SEB-5462D6492CF\locals~1\applic~1" * * Recherche dans "D:\DOCUME~1\Jo\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "D:\WINDOWS2\system32" : * Dans "D:\Documents and Settings\seb.SEB-5462D6492CF\locals~1\applic~1" : * Dans "D:\DOCUME~1\Jo\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 30/08/2008 à 11:53:22,95 *** J'ai aussi utilisé Malwarebytes, le rapport : Malwarebytes' Anti-Malware 1.25 Version de la base de données: 1097 Windows 5.1.2600 Service Pack 2 12:20:32 30/08/2008 mbam-log-08-30-2008 (12-20-32).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 122812 Temps écoulé: 34 minute(s), 19 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 32 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 10 Fichier(s) infecté(s): 67 Processus mémoire infecté(s): D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\s9201 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): D:\WINDOWS2\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully. D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully. D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> Quarantined and deleted successfully. D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully. D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> Quarantined and deleted successfully. D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully. Fichier(s) infecté(s): D:\WINDOWS2\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\WINDOWS2\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\WINDOWS2\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Quarantined and deleted successfully. D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080830110119265.log (Rogue.Multiple) -> Quarantined and deleted successfully. D:\WINDOWS2\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\WINDOWS2\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\WINDOWS2\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\WINDOWS2\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\WINDOWS2\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\WINDOWS2\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\WINDOWS2\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\WINDOWS2\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\WINDOWS2\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. D:\WINDOWS2\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully. D:\WINDOWS2\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully. Comme je ne sais pas analyser tout ca, je vous demande conseil pour arriver a supprimer tous ces virus !! Merci d'avance. Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 30 août 2008 Partager Posté(e) le 30 août 2008 Salut , inutile de "quoter" les rapports ! ils sont illisibles comme ça ... Lance Clean v2.0 by FRUiT , procédure 1. Lance RogueRemover Free : http://www.malwarebytes.org/rogueremover.php Redémarre le pc et poste un rapport Hijackthis ( sans les balises ... juste un copier/coller ! ) Lien vers le commentaire Partager sur d’autres sites More sharing options...
Messages recommandés
Archivé
Ce sujet est désormais archivé et ne peut plus recevoir de nouvelles réponses.