Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

virus Win32:VBStat-C

kalipette

Par kalipette
dans Analyses et éradication malwares

 Partager

Messages recommandés

kalipette Junior Member

kalipette

Posté(e)
Posté(e)

rapport de clean Option 1:

 

 

*** Recherche de fichiers sur C:

C:\my.exe FOUND

C:\StubInstaller.exe FOUND

 

*** Recherche des fichiers dans C:\WINDOWS\

 

*** Recherche des fichiers dans C:\WINDOWS\system32

 

"C:\Program Files\serial.zip" FOUND

"C:\Program Files\serial.dat" FOUND

"C:\Program Files\serial.zip" FOUND

"C:\Program Files\DivX\Google\Firefox\ffinstaller.exe" FOUND

*** Fin du rapport !

 

 

 

rapport HiJackThis

 

 

Scan started at 01:24:22 07/04/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\hgggebc.dll

C:\WINDOWS\system32\jkkhfcc.dll

C:\WINDOWS\system32\kvfxiqdb.dll

C:\WINDOWS\system32\llnmp.bak1

C:\WINDOWS\system32\llnmp.bak2

C:\WINDOWS\system32\llnmp.ini

C:\WINDOWS\system32\pbgxjwnx.dll

C:\WINDOWS\system32\pmnll.dll

C:\WINDOWS\system32\pmnmmnn.dll

C:\WINDOWS\system32\qomkljj.dll

C:\WINDOWS\system32\rqrpmjk.dll

C:\WINDOWS\system32\urqropq.dll

C:\WINDOWS\system32\vtutstt.dll

C:\WINDOWS\system32\vtuutur.dll

C:\WINDOWS\system32\xnwjxgbp.ini

C:\WINDOWS\system32\xxyxutr.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\hgggebc.dll

C:\WINDOWS\system32\hgggebc.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jkkhfcc.dll

C:\WINDOWS\system32\jkkhfcc.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\kvfxiqdb.dll

C:\WINDOWS\system32\kvfxiqdb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\llnmp.bak1

C:\WINDOWS\system32\llnmp.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\llnmp.bak2

C:\WINDOWS\system32\llnmp.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\llnmp.ini

C:\WINDOWS\system32\llnmp.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pbgxjwnx.dll

C:\WINDOWS\system32\pbgxjwnx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmnll.dll

C:\WINDOWS\system32\pmnll.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\pmnmmnn.dll

C:\WINDOWS\system32\pmnmmnn.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qomkljj.dll

C:\WINDOWS\system32\qomkljj.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rqrpmjk.dll

C:\WINDOWS\system32\rqrpmjk.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\urqropq.dll

C:\WINDOWS\system32\urqropq.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\vtutstt.dll

C:\WINDOWS\system32\vtutstt.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtuutur.dll

C:\WINDOWS\system32\vtuutur.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xnwjxgbp.ini

C:\WINDOWS\system32\xnwjxgbp.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xxyxutr.dll

C:\WINDOWS\system32\xxyxutr.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\pmnll.dll

C:\WINDOWS\system32\pmnll.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\urqropq.dll

C:\WINDOWS\system32\urqropq.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

et le nouveau rapport de HijackThis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 01:37:41, on 07/04/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Java\jre1.5.0\bin\jucheck.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\MSI\Common\RaUI.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\pascal\Bureau\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {18A42CA8-A729-4C9C-BC77-096B1B6D761f} - C:\WINDOWS\system32\flhvpwfl.dll

O2 - BHO: (no name) - {49E340F0-1867-4636-AC5A-ABA8B54C1F50} - C:\WINDOWS\system32\pmnll.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [uSBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] C:\WINDOWS\system32106.exe

O4 - HKLM\..\Run: [0123456789012345678901234567890123456789012345678901234567890123456789012345678

90123456789012345678901234567890123456789012345678901234567890123456789012345678

90123456789012345678901234567890123456789012345678901234567890123456789012345678

9012345678912345678] C:\Program Files\user32.exe

O4 - HKLM\..\Run: [soundService] rundll32.exe "C:\WINDOWS\system32\pbgxjwnx.dll",setvm

O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.antivirus-france.com/kav...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167179147687

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{353FDE7E-B632-4084-A800-683BFD41D4AF}: NameServer = 80.10.246.2,80.10.246.129

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.9 85.255.112.204

O17 - HKLM\System\CS1\Services\Tcpip\..\{353FDE7E-B632-4084-A800-683BFD41D4AF}: NameServer = 80.10.246.2,80.10.246.129

O17 - HKLM\System\CS2\Services\Tcpip\..\{353FDE7E-B632-4084-A800-683BFD41D4AF}: NameServer = 80.10.246.2,80.10.246.129

O17 - HKLM\System\CS3\Services\Tcpip\..\{353FDE7E-B632-4084-A800-683BFD41D4AF}: NameServer = 80.10.246.2,80.10.246.129

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

 

--

End of file - 11553 bytes

 

venez à mon secour pour le virer merci...

Lien vers le commentaire
Partager sur d’autres sites

Invité
Ce sujet ne peut plus recevoir de nouvelles réponses.
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...