Virtumonde coriace

Résolu
intense33 Messages postés 107 Date d'inscription   Statut Membre Dernière intervention   -  
 Bisounours - 15 janv. 2009 à 15:21
Bonjour,
Voila spybot a détecté virtumonde sur mon pc, il le supprime mais bien évidement il revient à chaque reboot.
Symantec Fixvundo ne voit rien, virtumondubegone non plus. (meme en mode sans echec)

Voici le rapport de bitdefender :





//-----------------------------------------------------------------
//
// Produit BitDefender Free Edition v10
// Produit 10.2
//
// Créé le: 14/01/2009 13:38:03
//
//-----------------------------------------------------------------


Statistiques

Chemin cible: C:\WINDOWS
C:\Program Files
Dossiers : 2614
Fichiers : 100791
Processus Mémoire analysés : 0
Archives : 85
Fichiers enpaquetés : 2336
Virus trouvés : 16
Fichiers infectés : 49
Processus Mémoire infectés : 0
Fichiers suspects : 0
Alertes : 0
Fichiers désinfectés : 0
Fichiers effacés : 31
Fichiers déplacés : 18
Erreurs I/O : 11
Temps d'analyse :=00:12:35
Fichiers/seconde :133

Définitions virus : 2449448
Plugins d'analyse : 17
Plugins archives : 45
Plug-ins décompression : 7
Plug-ins messagerie : 6
Plug-ins système : 5

Options d'analyse

Détection
[X] Analyser le secteur de boot
[ ] Processus mémoire
[ ] Analyser les archives
[X] Analyser les fichiers enpaquetés
[X] Analyser la messagerie

Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;

Action

Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action

Seconde action
[ ] Ignorer
[ ] Effacer
[X] Mettre en quarantaine
[ ] Demander l'action

Options d'analyse
[X] Activer les alertes
[ ] Activer l'heuristique
[ ] Afficher tous les fichiers dans le journal
[X] Fichier journal: C:\DOCUME~1\intense\LOCALS~1\Temp\1231936683.log

Options d'analyse Spyware

[X] Analyse contre les risques non-viraux
[ ] Ecarter de l'analyse les dialers et les applications
[ ] Clés de registres
[ ] Cookies


Résumé:

C:\WINDOWS\system32\bekalite.dll Infecté: Trojan.Vundo.GAI
C:\WINDOWS\system32\bekalite.dll Effacé
C:\WINDOWS\system32\bevukeyo.dll.tmp Infecté: Trojan.Vundo.GDB
C:\WINDOWS\system32\bevukeyo.dll.tmp Effacé
C:\WINDOWS\system32\biheseya.dll.tmp Infecté: Trojan.Vundo.GGJ
C:\WINDOWS\system32\biheseya.dll.tmp Effacé
C:\WINDOWS\system32\bozikuyo.dll.tmp Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\bozikuyo.dll.tmp Désinfection impossible
C:\WINDOWS\system32\bozikuyo.dll.tmp Déplacé
C:\WINDOWS\system32\buyaneju.dll Infecté: Trojan.Generic.1308375
C:\WINDOWS\system32\buyaneju.dll Effacé
C:\WINDOWS\system32\dahihiwi.dll Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\dahihiwi.dll Désinfection impossible
C:\WINDOWS\system32\dahihiwi.dll Déplacé
C:\WINDOWS\system32\dehokiju.dll Infecté: Trojan.Generic.1307511
C:\WINDOWS\system32\dehokiju.dll Effacé
C:\WINDOWS\system32\dileloso.dll.tmp Infecté: Gen:Trojan.Heur.13
C:\WINDOWS\system32\dileloso.dll.tmp Désinfection impossible
C:\WINDOWS\system32\dileloso.dll.tmp Déplacé
C:\WINDOWS\system32\dimisawo.dll.tmp Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\dimisawo.dll.tmp Désinfection impossible
C:\WINDOWS\system32\dimisawo.dll.tmp Déplacé
C:\WINDOWS\system32\dodowato.dll Infecté: Trojan.Vundo.GDO
C:\WINDOWS\system32\dodowato.dll Effacé
C:\WINDOWS\system32\dudeheru.dll.tmp Infecté: Trojan.Vundo.GDK
C:\WINDOWS\system32\dudeheru.dll.tmp Effacé
C:\WINDOWS\system32\dujiyera.dll Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\dujiyera.dll Désinfection impossible
C:\WINDOWS\system32\dujiyera.dll Déplacé
C:\WINDOWS\system32\fuvoriru.dll Infecté: Trojan.Generic.1300315
C:\WINDOWS\system32\fuvoriru.dll Effacé
C:\WINDOWS\system32\gazanudu.dll.tmp Infecté: Trojan.Vundo.GEI
C:\WINDOWS\system32\gazanudu.dll.tmp Effacé
C:\WINDOWS\system32\geligehu.dll.tmp Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\geligehu.dll.tmp Désinfection impossible
C:\WINDOWS\system32\geligehu.dll.tmp Déplacé
C:\WINDOWS\system32\gewofawu.dll Infecté: Trojan.Vundo.GEU
C:\WINDOWS\system32\gewofawu.dll Effacé
C:\WINDOWS\system32\gurabimi.dll Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\gurabimi.dll Désinfection impossible
C:\WINDOWS\system32\gurabimi.dll Déplacé
C:\WINDOWS\system32\halojoge.dll Infecté: Trojan.Generic.1301977
C:\WINDOWS\system32\halojoge.dll Effacé
C:\WINDOWS\system32\hemafovi.dll Infecté: Trojan.Vundo.GEA
C:\WINDOWS\system32\hemafovi.dll Effacé
C:\WINDOWS\system32\hozekopo.dll Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\hozekopo.dll Désinfection impossible
C:\WINDOWS\system32\hozekopo.dll Déplacé
C:\WINDOWS\system32\jawegafa.dll Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\jawegafa.dll Désinfection impossible
C:\WINDOWS\system32\jawegafa.dll Déplacé
C:\WINDOWS\system32\jetebusu.dll.tmp Infecté: Trojan.Vundo.GGJ
C:\WINDOWS\system32\jetebusu.dll.tmp Effacé
C:\WINDOWS\system32\juwefisi.dll.tmp Infecté: Trojan.Vundo.GDB
C:\WINDOWS\system32\juwefisi.dll.tmp Effacé
C:\WINDOWS\system32\kibivegi.dll.tmp Infecté: Gen:Trojan.Heur.13
C:\WINDOWS\system32\kibivegi.dll.tmp Désinfection impossible
C:\WINDOWS\system32\kibivegi.dll.tmp Déplacé
C:\WINDOWS\system32\kozodobe.dll Infecté: Trojan.Vundo.GDK
C:\WINDOWS\system32\kozodobe.dll Effacé
C:\WINDOWS\system32\luveteyo.dll Infecté: Trojan.Vundo.GGJ
C:\WINDOWS\system32\luveteyo.dll Effacé
C:\WINDOWS\system32\nuteyozo.dll Infecté: Backdoor.Generic.139842
C:\WINDOWS\system32\nuteyozo.dll Effacé
C:\WINDOWS\system32\pihuyeha.dll.tmp Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\pihuyeha.dll.tmp Désinfection impossible
C:\WINDOWS\system32\pihuyeha.dll.tmp Déplacé
C:\WINDOWS\system32\punagazi.dll Infecté: Trojan.Generic.1308375
C:\WINDOWS\system32\punagazi.dll Effacé
C:\WINDOWS\system32\puvutabo.dll.tmp Infecté: Trojan.Vundo.GGJ
C:\WINDOWS\system32\puvutabo.dll.tmp Effacé
C:\WINDOWS\system32\resowuki.dll Infecté: Trojan.Generic.1308375
C:\WINDOWS\system32\resowuki.dll Effacé
C:\WINDOWS\system32\rimuwuka.dll.tmp Infecté: Trojan.Vundo.GEI
C:\WINDOWS\system32\rimuwuka.dll.tmp Effacé
C:\WINDOWS\system32\ruhefife.dll.tmp Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\ruhefife.dll.tmp Désinfection impossible
C:\WINDOWS\system32\ruhefife.dll.tmp Déplacé
C:\WINDOWS\system32\senegese.dll Infecté: Trojan.Generic.1308375
C:\WINDOWS\system32\senegese.dll Effacé
C:\WINDOWS\system32\sobamehu.dll.tmp Infecté: Gen:Trojan.Heur.13
C:\WINDOWS\system32\sobamehu.dll.tmp Désinfection impossible
C:\WINDOWS\system32\sobamehu.dll.tmp Déplacé
C:\WINDOWS\system32\sudinasu.dll Infecté: Trojan.Generic.1302119
C:\WINDOWS\system32\sudinasu.dll Effacé
C:\WINDOWS\system32\tilufewa.dll.tmp Infecté: Trojan.Vundo.GEI
C:\WINDOWS\system32\tilufewa.dll.tmp Effacé
C:\WINDOWS\system32\tipezuku.dll Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\tipezuku.dll Désinfection impossible
C:\WINDOWS\system32\tipezuku.dll Déplacé
C:\WINDOWS\system32\titodopu.dll.tmp Infecté: Trojan.Vundo.GDB
C:\WINDOWS\system32\titodopu.dll.tmp Effacé
C:\WINDOWS\system32\vabazaja.dll Infecté: Trojan.Vundo.GDK
C:\WINDOWS\system32\vabazaja.dll Effacé
C:\WINDOWS\system32\viyiyini.dll.tmp Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\viyiyini.dll.tmp Désinfection impossible
C:\WINDOWS\system32\viyiyini.dll.tmp Déplacé
C:\WINDOWS\system32\vuranune.dll Infecté: Trojan.Generic.1301977
C:\WINDOWS\system32\vuranune.dll Effacé
C:\WINDOWS\system32\wijumube.dll Infecté: Trojan.Vundo.GDK
C:\WINDOWS\system32\wijumube.dll Effacé
C:\WINDOWS\system32\wokohebu.dll Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\wokohebu.dll Désinfection impossible
C:\WINDOWS\system32\wokohebu.dll Déplacé
C:\WINDOWS\system32\wupudihi.dll Infecté: Trojan.Vundo.GDK
C:\WINDOWS\system32\wupudihi.dll Effacé
C:\WINDOWS\system32\yejimoya.dll.tmp Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\yejimoya.dll.tmp Désinfection impossible
C:\WINDOWS\system32\yejimoya.dll.tmp Déplacé
C:\WINDOWS\system32\zejitune.dll.tmp Infecté: Gen:Trojan.Heur.22
C:\WINDOWS\system32\zejitune.dll.tmp Désinfection impossible
C:\WINDOWS\system32\zejitune.dll.tmp Déplacé
C:\WINDOWS\system32\zewobihu.dll Infecté: Trojan.Vundo.GEI
C:\WINDOWS\system32\zewobihu.dll Effacé
C:\WINDOWS\system32\zumijasa.dll Infecté: Trojan.Generic.1300315
C:\WINDOWS\system32\zumijasa.dll Effacé



Aidez moi svp^^

4 réponses

Réponse 1 / 4
Utilisateur anonyme
 
Bonjour,

* Telecharges Malwarebytes antimalware :
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
-- à la fin du telechargement,Mbam se met à jour automatiquement ( important)

* Une fois installé, fermes tous les programmes en cours
* Ouvres Mbam et clique sur Recherche.
* Executes un examen Rapide et ne touche à rien pendant l'analyse

* A la fin du scan, cliques sur Afficher les resultats
puis sur Supprimer la selection.

* un rapport sera généré, postes le
0
Réponse 2 / 4
intense33 Messages postés 107 Date d'inscription   Statut Membre Dernière intervention  
 
Voila le rapport, j'ai rebooté après.

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1650
Windows 5.1.2600 Service Pack 2

14/01/2009 14:41:28
mbam-log-2009-01-14 (14-41-28).txt

Type de recherche: Examen rapide
Eléments examinés: 49535
Temps écoulé: 5 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 40

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\junetike.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fibanana.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vuyumijo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\pipidesa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wifariti.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\umtokf.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c27e117-09f2-4b73-b6bd-c1db5308aec0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0c27e117-09f2-4b73-b6bd-c1db5308aec0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d17a0dcf-f04b-4577-af22-b5d7d37497f3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17a0dcf-f04b-4577-af22-b5d7d37497f3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d17a0dcf-f04b-4577-af22-b5d7d37497f3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c27e117-09f2-4b73-b6bd-c1db5308aec0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e08976f0 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zejuboyuve (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpme3ba456c (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\vuyumijo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\vuyumijo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\vuyumijo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pipidesa.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\pipidesa.dll -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\umtokf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gidalepu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\upeladig.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hatutiza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azitutah.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hotiyado.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\odayitoh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\junetike.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ekitenuj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lajiwoti.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\itowijal.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mebetewu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uwetebem.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vamitihu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhitimav.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wifariti.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\pipidesa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fibanana.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\intense\Local Settings\Application Data\siuag_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\intense\Local Settings\Application Data\siuag_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\intense\Local Settings\Application Data\siuag.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\intense\Local Settings\Application Data\siuag.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vuyumijo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pevoholo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pudimege.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tebetiba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\teyasoge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vawevoyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hawinigi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\neduwozi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nelezuga.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jezewisa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kokufara.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yeniyike.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zomibole.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vupodawa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vutofudi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\befomita.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ARK10.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ARKF.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
0
Réponse 3 / 4
Utilisateur anonyme
 
Ok, tu ouvres Mbam et tu vides la Quarantaine:
--> cliques sur Quarantaine et supprimes tout
--> si tu dois redemarrer le pc pour finir la desinfection, fais le

* Ensuite postes un rapport hijackthis , telecharges là :
http://www.trendsecure.com/portal/en-US/tools/Security_tools/hijackthis

* Fermes tous les programmes en cours
--> double clique sur hijackthis
--> executes le en cliquant sur :
Do a scan and save a log file

* Le rapport s'ouvre sur le bloc-note

* Enregistres le et postes son contenu stp
0
intense33 Messages postés 107 Date d'inscription   Statut Membre Dernière intervention  
 
Ok voila le rapport :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:20, on 14/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Razer2\Diamondback\razerhid.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Razer2\Diamondback\razertra.exe
C:\Program Files\Razer2\Diamondback\razerofa.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://melanthios-ana.com/zcvisitor/1624d318-3614-11eb-87b9-12a1ab6c324d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=47f83760-f118-11ea-9bc8-0ac2bbf4ada7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer2\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [agcyo] "c:\documents and settings\intense\local settings\application data\agcyo.exe" agcyo
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [zejuboyuve] Rundll32.exe "C:\WINDOWS\system32\wifariti.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: c:\windows\system32\tupabezu.dll c:\windows\system32\fatenuva.dll c:\windows\system32\sivotumo.dll c:\windows\system32\bigivofo.dll c:\windows\system32\bezayedo.dll c:\windows\system32\ c:\windows\system32\ umtokf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 4 / 4
Bisounours
 
BitDéfender aussi détecté chez moi Gen:Trojan.Heur.13

J'ai chargé Malwarebytes' Anti-Malware mais il n'a rien trouvé...

J'ai mis un message ici : http://www.commentcamarche.net/forum/affich 10508610 infecte par gen trojan heur 13 que faire
Pouvez-vous m'aider ?
0

Discussions similaires

Virtumonde.dll/.sci virus ?
core_quad -
scaravenger -

4 réponses