Infection par Dr.Guard
Nakum
-
benurrr Messages postés 9766 Statut Contributeur sécurité -
benurrr Messages postés 9766 Statut Contributeur sécurité -
Bonjour,
j'expose mon problème: depuis hier mon antivirus Norton a détecté certains fichiers malveillants (hacktool.rootkit) je n'ai touché à rien je l'ai laissé faire son travail et de stopper la menace. j'ai continué à travaillé normalement jusqu'à un moment donné une application de nom de Dr. Guard avec les skins proches de windows xp commença à s'installer sur mon ordi. j'ai essayé de stopper le processus depuis le gestionnaire des tâches mais l'accès était impossible.
ce Dr. Guard donne l'impression que c'est un nouveau anti virus, il détecte même les virus sur mon ordi (à vérifier si c'est vrai ou pas ^^) et me propose à chaque fois d'acheter le produit. je n'arrive pas non plus à le désinstaller depuis le panneau de configuration ni manuellement....
maintenant toutes les minutes un popup de virus apparait à cause de Dr. Guard.
vraiment j'ai besoin d'aide tant que j'arrive toujours à me connecter au net.
Merci!
j'expose mon problème: depuis hier mon antivirus Norton a détecté certains fichiers malveillants (hacktool.rootkit) je n'ai touché à rien je l'ai laissé faire son travail et de stopper la menace. j'ai continué à travaillé normalement jusqu'à un moment donné une application de nom de Dr. Guard avec les skins proches de windows xp commença à s'installer sur mon ordi. j'ai essayé de stopper le processus depuis le gestionnaire des tâches mais l'accès était impossible.
ce Dr. Guard donne l'impression que c'est un nouveau anti virus, il détecte même les virus sur mon ordi (à vérifier si c'est vrai ou pas ^^) et me propose à chaque fois d'acheter le produit. je n'arrive pas non plus à le désinstaller depuis le panneau de configuration ni manuellement....
maintenant toutes les minutes un popup de virus apparait à cause de Dr. Guard.
vraiment j'ai besoin d'aide tant que j'arrive toujours à me connecter au net.
Merci!
A voir également:
- Infection par Dr.Guard
- Infection par smidfaufix ! ✓ - Forum Virus
- L'ordinateur de simon a été infecté par un virus répertorié récemment - Forum Jeux vidéo
- Infection - Forum Virus
- L'ordinateur d'arthur a été infecté par un virus répertorié récemment ✓ - Forum Virus
- Possible infection par PnkBstrA.exe ✓ - Forum Virus
4 réponses
salut
télécharge
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher
Une fois a jour, le programme va se lancer; clic sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".
A la fin du scan clique sur Afficher les résultats
Vérifier si tout est coché et clic Supprimer la sélection
S'il t'es demandé de redémarrer >>> clique sur "Yes"
Et tu poste le rapport générer
télécharge
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher
Une fois a jour, le programme va se lancer; clic sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".
A la fin du scan clique sur Afficher les résultats
Vérifier si tout est coché et clic Supprimer la sélection
S'il t'es demandé de redémarrer >>> clique sur "Yes"
Et tu poste le rapport générer
essaye en mode sans échec
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Re,
je n'arrive pas à entrer en mode sans échec après avoir choisi cette option. un écran bleu écrit en blanc s'affiche rapidement avant de redémarrer l'ordi (je n'arrive pas à lire le msg d'erreur).
J'ai redémarré l'ordi et je ne sais pas par quel moyen Mbam-setup a pu s'exécuter, j'ai suivi les étapes que tu m'a prescrite. La maj s'est bien passée, mais ca s'arrête ici, le programme ne se lance pas ... même en cliquant sur le raccourci manuellement rien ne se passe ...
je n'arrive pas à entrer en mode sans échec après avoir choisi cette option. un écran bleu écrit en blanc s'affiche rapidement avant de redémarrer l'ordi (je n'arrive pas à lire le msg d'erreur).
J'ai redémarré l'ordi et je ne sais pas par quel moyen Mbam-setup a pu s'exécuter, j'ai suivi les étapes que tu m'a prescrite. La maj s'est bien passée, mais ca s'arrête ici, le programme ne se lance pas ... même en cliquant sur le raccourci manuellement rien ne se passe ...
télécharge Process Explorer (renommer)
http://www3.malekal.com/hihi.exe sur ton bureau
double clic dessus pour le lancer
dans la fenêtre cherche le programme Dr. Guard.
tu fait clic droit dessus et tue le processus et tout ses composant
et ferme le programme et lance mbam
http://www3.malekal.com/hihi.exe sur ton bureau
double clic dessus pour le lancer
dans la fenêtre cherche le programme Dr. Guard.
tu fait clic droit dessus et tue le processus et tout ses composant
et ferme le programme et lance mbam
et re, 1h28 de scan, au fait j'ai pu démarrer mbam en mode sans échec (hasard?)
bref voila le rapport de l'analyse:
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3799
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180
27/02/2010 13:05:41
mbam-log-2010-02-27 (13-05-41).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 309130
Temps écoulé: 1 hour(s), 28 minute(s), 5 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 81
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\_VOID (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-2491329165-1345559022-121870359-0258\nissan.exe,explorer.exe,C:\RECYCLER\S-1-5-21-3037787756-4269896513-138102285-8197\wnzip32.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Utilisateur\SyncMan.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\Microsoft\winlogon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\50aef044.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\aa8de415.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\b0eef352.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\fkdvfge.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\SPAM.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\vmmim.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM14.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM1A.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM1D.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM1F.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM215.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM220.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM22B.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM231.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM25.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM3B6.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM3BF.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\O970P2C9\loaderadv563[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\O970P2C9\ycpxe[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\O970P2C9\ysautnmg[3].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\P85AYCDN\ysautnmg[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\P85AYCDN\zqksqlje[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\W6AT6180\loaderadv563[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\W6AT6180\ycpxe[2].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\W6AT6180\zqksqlje[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\W6AT6180\zqksqlje[2].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\XCQ5XTH9\ycpxe[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\XCQ5XTH9\ysautnmg[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\ihaupd32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2491329165-1345559022-121870359-0258\nissan.exe (Worm.Autorun.B) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-3037787756-4269896513-138102285-8197\wnzip32.exe (Worm.Autorun.B) -> Delete on reboot.
C:\System Volume Information\_restore{B681D4F3-D6E0-4CDB-A905-F172583915C2}\RP112\A0091930.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B681D4F3-D6E0-4CDB-A905-F172583915C2}\RP113\A0092103.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B681D4F3-D6E0-4CDB-A905-F172583915C2}\RP113\A0092941.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B681D4F3-D6E0-4CDB-A905-F172583915C2}\RP113\A0092944.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B681D4F3-D6E0-4CDB-A905-F172583915C2}\RP113\A0093943.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B681D4F3-D6E0-4CDB-A905-F172583915C2}\RP113\A0094954.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SyncMan.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\RSUSBSTORq.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\RSUSBSTORr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Secdrvq.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Secdrvr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxsltsso.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDadqnjiqdjr.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDdcrrfabakg.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDghsfvltvod.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDponcsxsujo.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDpsnsdaxoee.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDvjmrhcnueq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDblftasfodh.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDfhwehnduku.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDvjelxllsmy.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDytneuimeer.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_VOID41fa.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_VOIDae95.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOID4d0c.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOID4d1c.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOID5123.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOIDdb15.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOIDea18.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOIDfa42.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOIDfa52.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOIDfb8a.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\asr64_ldm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
bref voila le rapport de l'analyse:
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3799
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180
27/02/2010 13:05:41
mbam-log-2010-02-27 (13-05-41).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 309130
Temps écoulé: 1 hour(s), 28 minute(s), 5 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 81
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\_VOID (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-2491329165-1345559022-121870359-0258\nissan.exe,explorer.exe,C:\RECYCLER\S-1-5-21-3037787756-4269896513-138102285-8197\wnzip32.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Utilisateur\SyncMan.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\Microsoft\winlogon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\50aef044.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\aa8de415.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\b0eef352.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\fkdvfge.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\SPAM.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\vmmim.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM14.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM1A.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM1D.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM1F.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM215.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM220.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM22B.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM231.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM25.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM3B6.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\~TM3BF.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\O970P2C9\loaderadv563[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\O970P2C9\ycpxe[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\O970P2C9\ysautnmg[3].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\P85AYCDN\ysautnmg[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\P85AYCDN\zqksqlje[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\W6AT6180\loaderadv563[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\W6AT6180\ycpxe[2].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\W6AT6180\zqksqlje[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\W6AT6180\zqksqlje[2].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\XCQ5XTH9\ycpxe[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\XCQ5XTH9\ysautnmg[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\ihaupd32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2491329165-1345559022-121870359-0258\nissan.exe (Worm.Autorun.B) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-3037787756-4269896513-138102285-8197\wnzip32.exe (Worm.Autorun.B) -> Delete on reboot.
C:\System Volume Information\_restore{B681D4F3-D6E0-4CDB-A905-F172583915C2}\RP112\A0091930.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B681D4F3-D6E0-4CDB-A905-F172583915C2}\RP113\A0092103.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B681D4F3-D6E0-4CDB-A905-F172583915C2}\RP113\A0092941.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B681D4F3-D6E0-4CDB-A905-F172583915C2}\RP113\A0092944.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B681D4F3-D6E0-4CDB-A905-F172583915C2}\RP113\A0093943.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B681D4F3-D6E0-4CDB-A905-F172583915C2}\RP113\A0094954.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SyncMan.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\RSUSBSTORq.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\RSUSBSTORr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Secdrvq.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Secdrvr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxsltsso.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDadqnjiqdjr.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDdcrrfabakg.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDghsfvltvod.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDponcsxsujo.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDpsnsdaxoee.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDvjmrhcnueq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDblftasfodh.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDfhwehnduku.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDvjelxllsmy.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDytneuimeer.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_VOID41fa.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_VOIDae95.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOID4d0c.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOID4d1c.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOID5123.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOIDdb15.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOIDea18.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOIDfa42.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOIDfa52.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\_VOIDfb8a.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Temp\asr64_ldm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Mbam a bien travailler
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
Branche clés usb , disques durs externes , mp3 , mp4 , etc..
double clique ( clic droit "exécuter en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "créer une icône sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis la langue puis choisis l'option 1 = Mode Recherche
laisse travailler l'outil
à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
Branche clés usb , disques durs externes , mp3 , mp4 , etc..
double clique ( clic droit "exécuter en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "créer une icône sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis la langue puis choisis l'option 1 = Mode Recherche
laisse travailler l'outil
à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"
j'ai téléchargé Mbam-setup comme tu m'as dis, mais je n'arrive pas à l'exécuter. Après plusieurs tentatives, dr.guard le détecte comme menace virale et me propose de supprimer l'application ... j'ai refusé ...