Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

plus d'accès disque, invite de commande, task manager...

michelmichel
 Partager

Messages recommandés

michelmichel Junior Member

michelmichel

Posté(e)
Posté(e)

Bonjour

Quelqu'un pourra-t-il m'aider à neutraliser un virus ?

Les symptômes sont les suivants:

- plus d'accès aux disques autres que le lecteur de disquette

- lorsque je tape CTRL+ALT+DEL, le message suivant apparaît "Le gestionnaire de tâche a été désactivé par votre administrateur" (donc impossible de tuer les process)

- dans le menu démarrer, plus d'accès aux programmes, ni au panneau de configuration ni à l'invite de commande (donc pas moyen d'éditer le registre)

- je ne peux pas lancer SmitFraudFix ("L'invite de commande a été désactivé par votre administrateur")

- j'ai pu installer antivir, mais lors du scan, Windows plante avec écran bleu fatal. Et re-plantage au démarrage suivant, alors j'ai désinstallé antivir.

- même chose lorsque j'ai voulu installer un par-feu.

- le par-feu Windows est désactivé et impossible à réactiver

- des pop-ups apparaissent toute les 30 secondes

- dans sa bonté toute relative, ce virus m'a laissé accès au bureau sur lequel j'avais placé HiJackThis, dont voici le résultat:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:22: VIRUS ALERT!, on 31.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Siemens\Gigaset WLAN Adapter\WLM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\Documents and Settings\a\Bureau\HiJackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [spyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"

O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset WLAN Adapter\WLM.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 4593 bytes

 

Merci d'avance pour votre aide

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Bonjour,

 

Dans le régistre,DisableCMD est àla valeur 1 et peut se trouver sous

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies

ou à`\Explorer et \System de ces clés:

Mettez à 0 la valeur de DisableCMD

 

et de même pour DisableTaskmgr etc...

 

Ensuite,

 

Incompatible avec Vista.

Télécharger SDFix (créé par AndyManchesta)

et le sauvegarder sur le Bureau.

 

* Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur le Bureau.

 

Redémarrer en mode sans échec

 

* Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clic sur RunThis.bat pour lancer le script.

* Appuyer sur Y pour commencer le processus de nettoyage.

* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis demandera d'appuyer sur une touche pour redémarrer.

 

Si Sdfix ne se lance pas:

Démarrer->Exécuter

Copiez/collez ceci:

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

cliquez ok, et validez.

Redémarrez et essayez de nouveau de lancer Sdfix.

 

 

* Le redémarrage sera plus lent qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.

* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

* Postez le rapport ici.

 

Imprimez ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

Télécharger Malwarebytes' Anti-Malware (MBAM)

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes.

Double-cliquer sur l'icône Download_mbam-setup.exe sur le bureau pour démarrer l'installation.

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet).

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

vérifiez que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue.

La fenêtre principale de MBAM s'affiche :

Dans l'onglet analyse, vérifier que "Exécuter une analyse approfondie" est coché et cliquer sur le bouton Rechercher pour démarrer l'analyse.

L' analyse prendra un certain temps, soyez patient !

Un message s'affichera, en indiquant la fin .

Cliquer sur OK pour continuer.

Si des malwares ont été détectés, leur liste s'affiche.

En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

Fermer le bloc-note.

Fermer MBAM en cliquant sur Quitter.

Poster le rapport .

Modifié par pear
michelmichel Junior Member

michelmichel

Posté(e)
  • Auteur
Posté(e)

cher pear

merci pour ton aide j'ai effectué le nettoyage avec SDFix et MalWaerBytes, je crois que ça va beaucoup mieux .

Voici les logs:

 

 

SDFix: Version 1.187

Run by a on 07.06.2008 at 16:44: VIRUS ALERT!

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

Name :

msupdate

BDE18

 

Path :

c:\windows\system32\mssrv32.exe

System32\Drivers\Bde18.sys

 

msupdate - Deleted

BDE18 - Deleted

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Missing SharedAccess Service

 

Rebooting

 

Service BDE18 - Deleted

 

Checking Files :

 

Trojan Files Found:

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted

C:\WINDOWS\system32\ddcBTLcC.dll - Deleted

C:\WINDOWS\system32\kdhxc.exe - Deleted

C:\WINDOWS\system32\drivers\BDE18.sys - Deleted

C:\WINDOWS\SVPEKG~1.DLL - Deleted

C:\WINDOWS\INSTAL~1\{4C83C~1\WINSETUP.DLL - Deleted

 

 

 

Folder C:\DOCUME~1\a\LOCALS~1\Temp\privacy_danger - Removed

Folder C:\WINDOWS\privacy_danger - Removed

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-07 16:52:57

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

BDE18

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Wed 2 Apr 2008 16,652 ..SHR --- "C:\Program Files\tmp0.exe"

Wed 2 Apr 2008 16,652 ..SHR --- "C:\Program Files\tmp1.exe"

Wed 2 Apr 2008 16,652 ..SHR --- "C:\Program Files\tmp2.exe"

Wed 2 Apr 2008 16,652 ..SHR --- "C:\Program Files\tmp3.exe"

Sat 11 Jun 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"

Fri 16 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\069dce5b3a6a576c9856befb57fca0a9\BIT2.tmp"

Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT2.tmp"

Sat 11 Jun 2005 4,348 ...H. --- "C:\Documents and Settings\a\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"

Sun 9 Mar 2008 20 A..H. --- "C:\Documents and Settings\a\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"

Sat 11 Jun 2005 400 ...H. --- "C:\Documents and Settings\a\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

Sun 9 Mar 2008 21,504 A..H. --- "C:\Documents and Settings\a\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"

 

Finished!

 

************************************************************

 

Malwarebytes' Anti-Malware 1.15

Version de la base de données: 838

 

17:50:11 07.06.2008

mbam-log-6-7-2008 (17-50-11).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 88756

Temps écoulé: 25 minute(s), 3 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 3

Clé(s) du Registre infectée(s): 40

Valeur(s) du Registre infectée(s): 4

Elément(s) de données du Registre infecté(s): 10

Dossier(s) infecté(s): 11

Fichier(s) infecté(s): 139

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.

C:\WINDOWS\system32\kieasakh.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\vtUmJBSi.dll (Trojan.Vundo) -> Unloaded module successfully.

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{1674b3c3-c00f-4c9d-afbd-c6ba4d20b27f} (Trojan.Fakealert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3d2da25b-eda9-4160-af0a-e40b5b591b9a} (Trojan.Fakealert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4ee62603-9bb7-462b-8a8d-e9f4bf11be49} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{89a9cc26-4818-4ffd-82e0-9c3cf815feb2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9e6cd9df-5ef9-40f4-84fa-c4842eb1f283} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a8a89de7-456c-4736-9120-90e04bf0893f} (Trojan.Fakealert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bc9c3269-c705-4efd-aaff-79acd6654fd7} (Trojan.Fakealert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c50b4841-0478-449d-ace1-8bcd54e784f8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e738884b-e75d-4ac3-b03f-62f7e7dd853e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f45dc7fe-36c5-4bcd-95b4-e0c82e471731} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\Interface\{de4a7692-b2cb-4d1a-9956-76a8a028caa0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{1c2a0cbe-9c8b-49f3-9e56-bd989db7e8c3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\VCLSDCompression.class (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\atfxqogp.bsog (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\atfxqogp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\elfwgps.bdgn (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\elfwgps.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\labelcommand.labelcommand (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\labelcommand.labelcommand.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\pvnsmfor.belp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\pvnsmfor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f45dc7fe-36c5-4bcd-95b4-e0c82e471731} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaAccumulativeCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaEntertainmentCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mediaaccumulativecodec (Trojan.Fakealert) -> Quarantined and deleted successfully.

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mediaentertainmentcodec (Trojan.Fakealert) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\TacOnlyOne\MalWarrior (Rogue.MalWarrior) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2e529f87-2b52-438c-9e7c-7d0a0dd910ba} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{826a5ed9-1316-4efd-87f8-aa400c5d551a} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2cd97755 (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowNetPlaces (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtumjbsi -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.vundo) -> Data: c:\windows\system32\vtumjbsi -> Delete on reboot.

 

Dossier(s) infecté(s):

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008 (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\a\Application Data\Ultimate Fixer (Rogue.Ultimate.Fixer) -> Quarantined and deleted successfully.

C:\Documents and Settings\a\Application Data\Ultimate Fixer\backup (Rogue.Ultimate.Fixer) -> Quarantined and deleted successfully.

C:\Documents and Settings\a\Application Data\Ultimate Fixer\logs (Rogue.Ultimate.Fixer) -> Quarantined and deleted successfully.

C:\Program Files\MediaAccumulativeCodec (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\MediaEntertainmentCodec (Trojan.Fakealert) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080516024003765.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080517020344140.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080525031857218.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080525180725312.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080526131457531.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080527095653656.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080528112333281.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080528150950781.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080528151425703.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080528154211234.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080528223748234.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080528224025125.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080529080048828.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080529223655531.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080530090805984.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080531002206921.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080531003034609.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080531003955140.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080531171307406.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080531175109093.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080531181709640.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\fetktedc\zopkvghu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\a\Application Data\Ultimate Fixer\settings.dat (Rogue.Ultimate.Fixer) -> Quarantined and deleted successfully.

C:\Documents and Settings\a\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\a\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\a\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\a\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\a\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\a\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\a\Local Settings\Temp\-tl0v1mgks.dat (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\a\Local Settings\Temp\Temporary Internet Files\Content.IE5\CSY18VUU\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\a\Local Settings\Temp\setup_526_1_.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\a\Local Settings\Temp\stdcons.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\MediaAccumulativeCodec\MediaAccumulativeCodec.ocx (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\MediaAccumulativeCodec\Uninstall.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\MediaAccumulativeCodec\install.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\MediaEntertainmentCodec\MediaEntertainmentCodec.ocx (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\MediaEntertainmentCodec\Uninstall.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\MediaEntertainmentCodec\install.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\antiviirus.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\instaler.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\tmp0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\tmp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\tmp2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\tmp3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN1A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN1D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN1E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN1F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN20.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN21.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN22.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN23.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN24.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN25.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN26.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN27.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN28.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN2A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN2B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN2C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN2D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN2E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN2F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN30.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN31.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN32.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN33.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN34.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN35.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN36.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN37.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN38.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN39.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN3A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN3B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN3C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN3D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN3E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN3F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN40.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN41.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN43.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\atfxqogp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\boqnrwdmstg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\boqnrwdmvdr.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\dwltqnmx.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\WINDOWS\edwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\fkdnrwsv.dll (Trojan.FalkeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\fvowketqdsx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\fvowketqonp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\fvqkfsp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\mpfanvqg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\nethop.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\oadkxrts.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\pvnsmfor.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\rmvgor.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\stfngdvw.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\sxfnewqb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\cixipyyt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dgdadsbe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hkasaeik.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iSBJmUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iSBJmUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iusurcrc.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kieasakh.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\ksahflli.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\laoibyvm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ljJBsrqr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mssrv32.exe (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\mvybioal.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ocisyala.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\svquvnax.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tyypixic.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vtUmJBSi.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\xanvuqvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\vbksrofa.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\WINDOWS\vltdfabw.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\vregfwlx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\xmpstean.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...