trojan infesté disque dur externe (USB) et disque dur

[pear]

Bonsoir,

 

Branchez tous vos périphèriques.

 

Cela peut être long!

Scan en ligne

NOTE: Le scan en ligne sera à faire avec Internet Explorer.

Désactiver l'antivirus actuel

Kaspersky

b]Sous Vista,il faut désactiver l'UAC, et cliquer droit sur Internet Explorer / Exécuter en tant qu'administrateur et coller l'URL de Kaspersky[/b]

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Vider la corbeille.

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisir bureau et nommer le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème

Cybersécurité

 

[furiani34]

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Sunday, December 7, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Sunday, December 07, 2008 09:20:51

Records in database: 1441946

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

 

Scan statistics:

Files scanned: 317210

Threat name: 7

Infected objects: 13

Suspicious objects: 0

Duration of the scan: 03:09:47

 

 

File name / Threat name / Threats count

C:\Program Files\ESET\infected\0Y14PHAA.NQF Infected: Trojan.Win32.Agent.amqg 1

C:\Program Files\ESET\infected\4LXZE5BA.NQF Infected: Worm.Win32.AutoRun.sbr 1

C:\Program Files\ESET\infected\ROM2SHCA.NQF Infected: Worm.Win32.AutoRun.sbr 1

C:\RECYCLER\S-1-5-21-776561741-1078145449-682003330-500\Dc22.7\Crack\all2mp3.exe Infected: Packed.Win32.Krap.b 1

C:\WINDOWS\i386\CMDOW.EX_ Infected: not-a-virus:RiskTool.Win32.HideWindows 1

G:\sauvegarde tera 14\LOGICIELS\Hacking\Spector Pro v6.0 Build 1223 & serial.rar Infected: not-a-virus:Monitor.Win32.SpectorPro.d 1

G:\sauvegarde tera 14\LOGICIELS\Internet\cute ftp 4032\cuteFR4032.exe Infected: not-a-virus:AdWare.Win32.TimeSink 4

G:\sauvegarde tera 14\LOGICIELS\MSN\MessenPass(www.MsnTrucAstuce.fr).zip Infected: not-a-virus:PSWTool.Win32.Messen.104 1

G:\sauvegarde tera 14\LOGICIELS\Scanner\windows\ULTIMATE EDITION V7.iso Infected: not-a-virus:RiskTool.Win32.HideWindows 1

G:\sauvegarde tera 14\LOGICIELS\windows\ULTIMATE EDITION V7.iso Infected: not-a-virus:RiskTool.Win32.HideWindows 1

 

The selected area was scanned.

[pear]

Bonjour,

 

Videz la corbeille,la quarantaine de Eset.

Télécharger sur le bureauOTMoveIt3 by OldTimer .

Double-clic sur OTMoveIt3.exe pour le lancer.

Sous Vista,Clic droit sur le fichier ->Choisir Exécuter en tant qu' Administrateur

Vérifier que Unregister Dll's and Ocx's soit coché.

* Copiez /Collez les lignes ci dessous):

 

:Processes

explorer.exe

:Services

 

:Files

 

C:\WINDOWS\i386\CMDOW.EX_ Infected

G:\sauvegarde tera 14\LOGICIELS\Hacking\Spector Pro v6.0 Build 1223 & serial.rar

G:\sauvegarde tera 14\LOGICIELS\Internet\cute ftp 4032\cuteFR4032.exe

G:\sauvegarde tera 14\LOGICIELS\Scanner\windows\ULTIMATE EDITION V7.iso

G:\sauvegarde tera 14\LOGICIELS\windows\ULTIMATE EDITION V7.iso

 

:Reg

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

Revenez dans OTMoveIt3,

Clic droit sur la fenêtre "Paste Instructions for Items to be Moved" sous la barre jaune et choisir Coller(Paste).

* Click le bouton rouge Moveit!

* Fermez OTMoveIt3

Votre Pc va redémarrer.

Rendez vous dans le dossier C:\_OTMoveIt\MovedFiles ,

ouvrez le dernier fichier .log

Copiez/collez en le contenu dans votre prochaine réponse

 

 

Poisrez un npuvel Hijackthis , svp

[furiani34]

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

========== FILES ==========

File/Folder C:\WINDOWS\i386\CMDOW.EX_ Infected not found.

G:\sauvegarde tera 14\LOGICIELS\Hacking\Spector Pro v6.0 Build 1223 & serial.rar moved successfully.

G:\sauvegarde tera 14\LOGICIELS\Internet\cute ftp 4032\cuteFR4032.exe moved successfully.

G:\sauvegarde tera 14\LOGICIELS\Scanner\windows\ULTIMATE EDITION V7.iso moved successfully.

G:\sauvegarde tera 14\LOGICIELS\windows\ULTIMATE EDITION V7.iso moved successfully.

========== REGISTRY ==========

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_9eGKQ1A4mYJtESjBO43i scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fla1075.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_e08.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_f14.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF11EB.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2C1D.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2C58.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF7959.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF7969.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9BF2.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9C02.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDD0A.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDD6C.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_438.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12102008_185707

 

Files moved on Reboot...

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_9eGKQ1A4mYJtESjBO43i not found!

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fla1075.tmp not found!

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_e08.dat not found!

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_f14.dat not found!

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF11EB.tmp moved successfully.

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2C1D.tmp not found!

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2C58.tmp not found!

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF7959.tmp not found!

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF7969.tmp not found!

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9BF2.tmp not found!

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9C02.tmp not found!

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDD0A.tmp not found!

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDD6C.tmp not found!

File C:\WINDOWS\temp\Perflib_Perfdata_438.dat not found!

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\XUL.mfl moved successfully.

[pear]

Ok.

 

Toujours des ennuis ?

[furiani34]

désolé j,ai mis un peu de temps à vous répondre.

c bon jai nettoyé vérifier etc... tout à l'air niquel

bon quand nettoye la mbr jai été oblige de formater le disque mais sinon tout va bien encore merci pour l'aide apportée