2pac4250
-
Compteur de contenus
1 -
Inscription
-
Dernière visite
2pac4250's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
infection Trojan et worm.autorun help!!!
2pac4250 a posté un sujet dans Analyses et éradication malwares
bonjour, mon pc est infecté , j'ai fait un scan avec kaspersky , j'ai desinfecté le pc mais ils reviennet , je ne sais plus quoi faire , j'ai les rapports de hijackthis et malwarebytes aidé moi s'il vous plait j'ai effacé le fichier autochk.exe dans le dossier system32 je voulais savoir si c'est grave et comment le remmetre dans system32. rapport de hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:30:08, on 11/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\MIC\HAWAII\Hawaii.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\vVX3000.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\SimpleCenter\bin\win\sclauncher.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\DOCUME~1\Ercan\LOCALS~1\Temp\d8ild.exe C:\DOCUME~1\Ercan\LOCALS~1\Temp\d8ild.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.live.com/9uxp9en-us/hpg_lnk1 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file) O2 - BHO: HelloWorldBHO - {d88e1558-7c2d-407a-953a-c044f5607cea} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [MM_MODULE] C:\Program Files\MIC\HAWAII\Hawaii.exe O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [] C:\DOCUME~1\Ercan\LOCALS~1\Temp\d8ild.exe O4 - HKCU\..\Run: [uidenhiufgsduiazghs] C:\DOCUME~1\Ercan\LOCALS~1\Temp\d8ild.exe O4 - HKCU\..\Run: [ptidle] "C:\Documents and Settings\Ercan\Application Data\ptidle\ptidle.exe" 61A847B5BBF728103A9831466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\Ercan\protect.dll,_IWMPEvents@16 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'Default user') O4 - Startup: ChkDisk.lnk = ? O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1222024871015 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: iifcbCUM - C:\WINDOWS\ O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Google Update Service (gupdate1c9860350374ca) (gupdate1c9860350374ca) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\ O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 8805 bytes rapport de malwarebytes : Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2105 Windows 5.1.2600 Service Pack 2 11/05/2009 00:52:28 mbam-log-2009-05-11 (00-52-24).txt Type de recherche: Examen complet (C:\|D:\|E:\|) Eléments examinés: 164331 Temps écoulé: 19 minute(s), 38 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 18 Valeur(s) du Registre infectée(s): 6 Elément(s) de données du Registre infecté(s): 4 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 22 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\Documents and Settings\Ercan\protect.dll (Worm.Autorun) -> No action taken. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\AppID\{26a98aa8-07fe-46e6-b6df-26704f3b895f} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> No action taken. HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\AppID\BHO_CPV.DLL (Trojan.BHO) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ptidle (Trojan.Downloader) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Dossier(s) infecté(s): C:\Program Files\WWShow (Trojan.Agent) -> No action taken. Fichier(s) infecté(s): C:\Documents and Settings\Ercan\protect.dll (Worm.Autorun) -> No action taken. C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> No action taken. C:\Documents and Settings\LocalService\protect.dll (Worm.Autorun) -> No action taken. C:\Program Files\WWShow\WWShow.dll (Trojan.BHO) -> No action taken. C:\Documents and Settings\Ercan\Local Settings\Temp\DFUninstall.exe (Trojan.Dropper) -> No action taken. C:\Documents and Settings\Ercan\Local Settings\Temp\Uninstall.exe (Trojan.Dropper) -> No action taken. C:\Documents and Settings\NetworkService\protect.dll (Worm.Autorun) -> No action taken. C:\System Volume Information\_restore{DAAF839F-E25E-46F2-8D61-F868B286F10C}\RP234\A0037514.dll (Trojan.BHO) -> No action taken. C:\System Volume Information\_restore{DAAF839F-E25E-46F2-8D61-F868B286F10C}\RP235\A0038600.dll (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{DAAF839F-E25E-46F2-8D61-F868B286F10C}\RP235\A0038603.exe (Trojan.Backdoor) -> No action taken. C:\System Volume Information\_restore{DAAF839F-E25E-46F2-8D61-F868B286F10C}\RP242\A0040139.exe (Trojan.Dropper) -> No action taken. C:\System Volume Information\_restore{DAAF839F-E25E-46F2-8D61-F868B286F10C}\RP242\A0040197.exe (Trojan.Dropper) -> No action taken. C:\System Volume Information\_restore{DAAF839F-E25E-46F2-8D61-F868B286F10C}\RP242\A0040215.exe (Trojan.Dropper) -> No action taken. C:\System Volume Information\_restore{DAAF839F-E25E-46F2-8D61-F868B286F10C}\RP242\A0040216.dll (Trojan.Agent.V) -> No action taken. C:\System Volume Information\_restore{DAAF839F-E25E-46F2-8D61-F868B286F10C}\RP261\A0042558.dll (Trojan.BHO) -> No action taken. C:\WINDOWS\system32\config\systemprofile\protect.dll (Worm.Autorun) -> No action taken. C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll (Worm.Autorun) -> No action taken. C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> No action taken. C:\Documents and Settings\Ercan\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken. C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken. C:\Documents and Settings\Ercan\Local Settings\Temp\sfjh3e87huid.exe (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\lmn_setup.exe (Trojan.Downloader) -> No action taken.