Infection loop.exe
Résolu
boxliner
Messages postés
51
Date d'inscription
Statut
Membre
Dernière intervention
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Après un crash, et quelques analyses (comodo, avast, ad aware) il se touve que mon pc était infecté par loop.exe.
Pour savoir si tout était bien parti, j'ai fait une analyse par spybot qui m'a retruové d'autres choses.
Nettoyage effectué, j'ai fait une analyse par malwarebytes car j'ai lu sur ce forum qu'il falait en passer par là. Mais je ne sais pas lire le rapport d'analyse pour savor si tout est ok maintenant.
Je dois me servir de mon portable pour un important travail de lundi à mercredi.
Merci de l'attention porté à ma demande.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Version de la base de données: 5753
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
13/02/2011 17:37:18
mbam-log-2011-02-13 (17-37-09).txt
Type d'examen: Examen complet (C:\|D:\|Z:\|)
Elément(s) analysé(s): 356541
Temps écoulé: 1 heure(s), 27 minute(s), 37 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} (PUP.Dealio) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} (PUP.Dealio) -> No action taken.
HKEY_CLASSES_ROOT\SearchSettings.BHO.1 (PUP.Dealio) -> No action taken.
HKEY_CLASSES_ROOT\SearchSettings.BHO (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\SEARCH@SEARCHSETTINGS.COM\COMPONENTS\SEARCHSETTINGSFF.DLL (PUP.Dealio) -> Value: SEARCHSETTINGSFF.DLL -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\SEARCH SETTINGS\KB128\SEARCHSETTINGSRES409.DLL (PUP.Dealio) -> Value: SEARCHSETTINGSRES409.DLL -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\searchsettingsff.dll (PUP.Dealio) -> No action taken.
c:\program files\search settings\kb128\searchsettingsres409.dll (PUP.Dealio) -> No action taken.
d:\dwnld\all rkchimaira keygens\adobe cs4 keygens\adobe photoshop cs4 keygen [rkchimaira].exe (Trojan.Agent.CK) -> No action taken.
z:\program files\propellerheads.reason.4.0.hybrid.dvdr-airiso\KEYGEN.EXE (RiskWare.Tool.CK) -> No action taken.
z:\Sound\vst\Filtres\aarpeg.exe (Malware.Packer.Gen) -> No action taken.
z:\Sound\vst\Filtres\scratchi.exe (Malware.Packer.Gen) -> No action taken.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Version de la base de données: 5753
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
13/02/2011 17:48:44
mbam-log-2011-02-13 (17-48-44).txt
Type d'examen: Examen complet (C:\|D:\|Z:\|)
Elément(s) analysé(s): 356541
Temps écoulé: 1 heure(s), 27 minute(s), 37 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchSettings.BHO.1 (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchSettings.BHO (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Not selected for removal.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\SEARCH@SEARCHSETTINGS.COM\COMPONENTS\SEARCHSETTINGSFF.DLL (PUP.Dealio) -> Value: SEARCHSETTINGSFF.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\SEARCH SETTINGS\KB128\SEARCHSETTINGSRES409.DLL (PUP.Dealio) -> Value: SEARCHSETTINGSRES409.DLL -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\searchsettingsff.dll (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\search settings\kb128\searchsettingsres409.dll (PUP.Dealio) -> Quarantined and deleted successfully.
d:\dwnld\all rkchimaira keygens\adobe cs4 keygens\adobe photoshop cs4 keygen [rkchimaira].exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
z:\program files\propellerheads.reason.4.0.hybrid.dvdr-airiso\KEYGEN.EXE (RiskWare.Tool.CK) -> Not selected for removal.
z:\Sound\vst\Filtres\aarpeg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
z:\Sound\vst\Filtres\scratchi.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
Après un crash, et quelques analyses (comodo, avast, ad aware) il se touve que mon pc était infecté par loop.exe.
Pour savoir si tout était bien parti, j'ai fait une analyse par spybot qui m'a retruové d'autres choses.
Nettoyage effectué, j'ai fait une analyse par malwarebytes car j'ai lu sur ce forum qu'il falait en passer par là. Mais je ne sais pas lire le rapport d'analyse pour savor si tout est ok maintenant.
Je dois me servir de mon portable pour un important travail de lundi à mercredi.
Merci de l'attention porté à ma demande.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Version de la base de données: 5753
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
13/02/2011 17:37:18
mbam-log-2011-02-13 (17-37-09).txt
Type d'examen: Examen complet (C:\|D:\|Z:\|)
Elément(s) analysé(s): 356541
Temps écoulé: 1 heure(s), 27 minute(s), 37 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} (PUP.Dealio) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} (PUP.Dealio) -> No action taken.
HKEY_CLASSES_ROOT\SearchSettings.BHO.1 (PUP.Dealio) -> No action taken.
HKEY_CLASSES_ROOT\SearchSettings.BHO (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\SEARCH@SEARCHSETTINGS.COM\COMPONENTS\SEARCHSETTINGSFF.DLL (PUP.Dealio) -> Value: SEARCHSETTINGSFF.DLL -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\SEARCH SETTINGS\KB128\SEARCHSETTINGSRES409.DLL (PUP.Dealio) -> Value: SEARCHSETTINGSRES409.DLL -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\searchsettingsff.dll (PUP.Dealio) -> No action taken.
c:\program files\search settings\kb128\searchsettingsres409.dll (PUP.Dealio) -> No action taken.
d:\dwnld\all rkchimaira keygens\adobe cs4 keygens\adobe photoshop cs4 keygen [rkchimaira].exe (Trojan.Agent.CK) -> No action taken.
z:\program files\propellerheads.reason.4.0.hybrid.dvdr-airiso\KEYGEN.EXE (RiskWare.Tool.CK) -> No action taken.
z:\Sound\vst\Filtres\aarpeg.exe (Malware.Packer.Gen) -> No action taken.
z:\Sound\vst\Filtres\scratchi.exe (Malware.Packer.Gen) -> No action taken.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Version de la base de données: 5753
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
13/02/2011 17:48:44
mbam-log-2011-02-13 (17-48-44).txt
Type d'examen: Examen complet (C:\|D:\|Z:\|)
Elément(s) analysé(s): 356541
Temps écoulé: 1 heure(s), 27 minute(s), 37 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchSettings.BHO.1 (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchSettings.BHO (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Not selected for removal.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\SEARCH@SEARCHSETTINGS.COM\COMPONENTS\SEARCHSETTINGSFF.DLL (PUP.Dealio) -> Value: SEARCHSETTINGSFF.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\SEARCH SETTINGS\KB128\SEARCHSETTINGSRES409.DLL (PUP.Dealio) -> Value: SEARCHSETTINGSRES409.DLL -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\searchsettingsff.dll (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\search settings\kb128\searchsettingsres409.dll (PUP.Dealio) -> Quarantined and deleted successfully.
d:\dwnld\all rkchimaira keygens\adobe cs4 keygens\adobe photoshop cs4 keygen [rkchimaira].exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
z:\program files\propellerheads.reason.4.0.hybrid.dvdr-airiso\KEYGEN.EXE (RiskWare.Tool.CK) -> Not selected for removal.
z:\Sound\vst\Filtres\aarpeg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
z:\Sound\vst\Filtres\scratchi.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
A voir également:
- Infection loop.exe
- Infection virus ✓ - Forum Virus
- Infection Bloom ? ✓ - Forum Virus
- Techscam...infection ✓ - Forum Virus
- Infection winrmsrv ✓ - Forum Virus
- Infection fahcore_a8 ✓ - Forum Virus