Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Virus ?

Koffie

Par Koffie
dans Analyses et éradication malwares

 Partager

Messages recommandés

Koffie Junior Member

Koffie

Posté(e)
Posté(e)

Bonjour j'ai un problème avec mon pc, je penses a un virus mais pour na pas m'avancer je post mon rapport HijeckThis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:23:01, on 29/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\DOCUME~1\MACTAI~1\LOCALS~1\Temp\c.exe

C:\WINDOWS\msa.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\DOCUME~1\MACTAI~1\LOCALS~1\Temp\tzy6jb6kr.exe

C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\reader_s.exe

C:\DOCUME~1\MACTAI~1\LOCALS~1\Temp\n41k40nl.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,

O2 - BHO: C:\WINDOWS\system32\m9z5gkahi0.dll - {A5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\m9z5gkahi0.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)

O4 - HKLM\..\Run: [Calc32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe

O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\MACTAI~1\LOCALS~1\Temp\n41k40nl.exe

O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Mactail60\reader_s.exe

O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: FSL Launcher.lnk = C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe

O8 - Extra context menu item: Download All by FlashGet3 - C:\Documents and Settings\Mactail60\Application Data\FlashGetBHO\GetAllUrl.htm

O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Mactail60\Application Data\FlashGetBHO\GetUrl.htm

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGam...S.cab109791.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O22 - SharedTaskScheduler: ujhsf879fiosdfhgs98fudifmnddfdfd - {A5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\m9z5gkahi0.dll

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

 

--

End of file - 6633 bytes

 

 

Voila j'ai plusieurs zone rouge et impossible a supprimer...

Merci de votre aide.

Koffie.

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonjour,

 

Ouille! Infecté jusqu'à la moëlle.

 

1) Télécharger ATF Cleaner par Atribune.

  • Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)
     
    Double-clique ATF-Cleaner.exe afin de lancer le programme.
    --> Sous Vista/Seven: Clic droit/exécuter en temps qu'administrateur.
     
    Sous l'onglet Main, choisis : Select All
    Cliquer sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

  • Clique Firefox au haut et choisis : Select All
    Cliquer le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

  • Clique Opera au haut et choisis : Select All
    Cliquer le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

--------

2) Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Ce logiciel est à garder.

 

Uniquement en cas de problème de mise à jour:

 

Télécharger mises à jour MBAM

 

Exécute le fichier après l'installation de MBAM

 

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complet"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Si MBAM demande à redémarrer le pc, fais-le.

 

!!! Ne pas vider la quarantaine de MBAM sans avis !!! (en cas de faux-positifs toujours possibles.)

 

Poste également un nouveau log Hijackthis stp.

 

@++

Koffie Junior Member

Koffie

Posté(e)
  • Auteur
Posté(e)

Alors le rapport MBAM :

 

Malwarebytes' Anti-Malware 1.42

Version de la base de données: 3449

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

29/12/2009 16:30:01

mbam-log-2009-12-29 (16-30-01).txt

 

Type de recherche: Examen complet (C:\|H:\|)

Eléments examinés: 254050

Temps écoulé: 1 hour(s), 29 minute(s), 47 second(s)

 

Processus mémoire infecté(s): 5

Module(s) mémoire infecté(s): 3

Clé(s) du Registre infectée(s): 22

Valeur(s) du Registre infectée(s): 12

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 71

 

Processus mémoire infecté(s):

C:\Documents and Settings\Mactail60\Local Settings\Temp\tzy6jb6kr.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\n41k40nl.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\c.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\msa.exe (Trojan.Agent) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\notepad.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\m9z5gkahi0.dll (Trojan.Downloader) -> Delete on reboot.

c:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{a5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Downloader) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fffc57db-1de3-4303-b24d-cee6dcdd3d86} (Adware.MyCentria) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{fffc57db-1de3-4303-b24d-cee6dcdd3d86} (Adware.MyCentria) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{805db24c-e271-9190-b403-ce326bd33162} (Adware.BHO.AR) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\LEO0WTUNO7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\J8RPLTROBQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ygua8e7yhuiesfha876yfauy8fe (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\j8rpltrobq (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\m9z5gkahi0.dll (Trojan.Zlob.H) -> Delete on reboot.

C:\Documents and Settings\Mactail60\Local Settings\Application Data\dadax_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Application Data\dadax_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Application Data\dadax.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\notepad.dll (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Mactail60\Local Settings\Temp\tzy6jb6kr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\n41k40nl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\c.exe (Trojan.Downloader) -> Delete on reboot.

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\temp\update.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\qwghr.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\t22s264fz.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vzfbt.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\g14uqp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gtxnta7ss.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\NzNXzxv-LGiDJ2.dll (Adware.BHO.AR) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ja6zi45c2.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jgmojuzg3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ye7f9t.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hxjgcs.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\i2h7mis5o.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lx4m0j.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fiu8oz8ku7.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\ktski.sys (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\Web\Wallpaper\Wallpaper23.jpg (Backdoor.Core) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-2467126251-0698277724-314666923-8075\wnzip32.exe (Worm.Autorun.B) -> Delete on reboot.

C:\Documents and Settings\Mactail60\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Application Data\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\ume9t4m.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\v18ltm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\vgr8mmir.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\gskyc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\i.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\qubndt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\rnvghtfy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\rvp94i1h.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\ji6uxnt4xz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\l9q6g.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\vyd99.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\xiyfo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\yfsuc4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\yyz6zubsce.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\z4wz3r.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\ou3rh1og.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\oxz01.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\ozh0asuqbq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\cxjvdsz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\t3zz7.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Local Settings\Temp\IXP001.TMP\dmc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Menu Démarrer\Programmes\Démarrage\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Menu Démarrer\Programmes\Démarrage\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\net.net (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vhosts.exe (Rootkit.Agent) -> Delete on reboot.

C:\Documents and Settings\Mactail60\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Mactail60\Local Settings\Temp]®6-pOæ] (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mactail60\Application Data\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

C:\ntldrs (Pwned.Zbot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\Mactail60\Local Settings\Temp\sshnas.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

Et le nouveau log hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:36:37, on 29/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe

C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)

O4 - HKLM\..\Run: [Calc32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [notepad] rundll32.exe C:\DOCUME~1\MACTAI~1\ntload.dll,_IWMPEvents@0

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: FSL Launcher.lnk = C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe

O8 - Extra context menu item: Download All by FlashGet3 - C:\Documents and Settings\Mactail60\Application Data\FlashGetBHO\GetAllUrl.htm

O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Mactail60\Application Data\FlashGetBHO\GetUrl.htm

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGam...S.cab109791.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

 

--

End of file - 5425 bytes

 

Merci.

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Installe un antivirus et fais une analyse complète.

 

Antivir est un antivirus gratuit, efficace et léger, maintenant en français, dont les mises à jour sont quotidiennes et les nouvelles menaces sont rapidement intégrées dans sa base virale. (D'où la meilleure protection).

 

 

 

PS: Quand un fichier infecté est détecté par Antivir, une fenêtre semblable à celle-ci s'ouvre:

 

Avira-Francais-037.jpg

 

Antivir te demande ce qu'il doit faire du fichier infecté.

Choisis Déplacer en quarantaine puis clique sur OK.

 

Tu peux automatiser ce type d'action en cochant une case), comme ci dessous :

 

img-221315ynxxt.jpg

Cela permet de ne pas rester à la surveiller.:P

 

Mets-le à jour puis lance une analyse complète.

Poste le rapport obtenu stp.

 

@++

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...