Jump to content

[LOGICIEL] VIRUS Magic.Control


Recommended Posts

Salut !

Après avoir 'installé' un Abobechépakoi, j'ai eu des popups du genre 'Windows Antispyware 2008'. J'ai su tout de suite que c'était des virus car j'avais deja vu ca chez qqun d'autre. Après des recherches pour supprimer le mal, j'ai utilisé Navilog1 dont voici le rapport :

Search Navipromo version 3.6.5 commencé le 30/08/2008 à 11:44:42,10

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis D:\Program Files\navilog1
Session actuelle : "seb" 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "D:\WINDOWS2" ***

D:\WINDOWS2\mslagent trouvé !

*** Recherche dossiers dans "D:\Program Files" ***


*** Recherche dossiers dans "D:\Documents and Settings\All Users.WINDOWS2\menudm~1\progra~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\All Users.WINDOWS2\menudm~1" ***


*** Recherche dossiers dans "d:\docume~1\alluse~1.win\applic~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\seb.SEB-5462D6492CF\applic~1" *** 


*** Recherche dossiers dans "D:\DOCUME~1\Jo\applic~1" *** 


*** Recherche dossiers dans "D:\Documents and Settings\seb.SEB-5462D6492CF\locals~1\applic~1" *** 


*** Recherche dossiers dans "D:\DOCUME~1\Jo\locals~1\applic~1" *** 


*** Recherche dossiers dans "D:\Documents and Settings\seb.SEB-5462D6492CF\menudm~1\progra~1" *** 


*** Recherche dossiers dans "D:\DOCUME~1\Jo\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "D:\WINDOWS2\system32" *

* Recherche dans "D:\Documents and Settings\seb.SEB-5462D6492CF\locals~1\applic~1" * 

* Recherche dans "D:\DOCUME~1\Jo\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "D:\WINDOWS2\system32" :


* Dans "D:\Documents and Settings\seb.SEB-5462D6492CF\locals~1\applic~1" : 


* Dans "D:\DOCUME~1\Jo\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 30/08/2008 à 11:53:22,95 ***

J'ai aussi utilisé Malwarebytes, le rapport :

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1097
Windows 5.1.2600 Service Pack 2

12:20:32 30/08/2008
mbam-log-08-30-2008 (12-20-32).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 122812
Temps écoulé: 34 minute(s), 19 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 32
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 67

Processus mémoire infecté(s):
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\s9201 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
D:\WINDOWS2\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
D:\WINDOWS2\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\WINDOWS2\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\WINDOWS2\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080830110119265.log (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\WINDOWS2\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.

Comme je ne sais pas analyser tout ca, je vous demande conseil pour arriver a supprimer tous ces virus !!

Merci d'avance.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...