Attaque trojan
mat
-
misterm Messages postés 2 Statut Membre -
misterm Messages postés 2 Statut Membre -
Je n'arrive pas à me débarrasser de deux Trojan
1 dans system volume information : Trojan Dropper Vidro U
et 1 dans windows/ system32/rdsndin .exe : Trojan click 526
Les archives traitent de ses virus mais ce ne sont pas les meme configuration de hijackthis.
Merci pour un coup de main pour ce debarrasser de ces trojans
1 dans system volume information : Trojan Dropper Vidro U
et 1 dans windows/ system32/rdsndin .exe : Trojan click 526
Les archives traitent de ses virus mais ce ne sont pas les meme configuration de hijackthis.
Merci pour un coup de main pour ce debarrasser de ces trojans
A voir également:
- Attaque trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Virus trojan al11 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan win32 - Forum Virus
2 réponses
salut
ton trojan, n'est pas des plus facile à virer
telecharge silentrunners ici:
http://www.silentrunners.org/Silent%20Runners.vbs
dezippe le, lance le et poste le rapport
telecharge ce prog ici:
http://get.yourfile.net/rb76127.zip
dezippe le, lance le et poste le rapport
a+
ton trojan, n'est pas des plus facile à virer
telecharge silentrunners ici:
http://www.silentrunners.org/Silent%20Runners.vbs
dezippe le, lance le et poste le rapport
telecharge ce prog ici:
http://get.yourfile.net/rb76127.zip
dezippe le, lance le et poste le rapport
a+
Ok voila depuis mon bifedefender ne me donne plus d'alerte il semble que tout soit rentré dans l'ordre plus de trojan pour l'instant. J'ai suivi plusieur piste et utilisé de nombreux outil enfin voila les rapport commendé.
Je dois m'abscenter 3 jour merci beaucoup et à lundi
Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"34763" = "MNTP.exe" [file not found]
"killall" = "Trayz.exe" [file not found]
"forces_elite" = "SYSTRAV.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" [file not found]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"WpsRePsw" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE" ["Canon Inc."]
"vspdfprsrv.exe" = "C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe" ["Visage Software"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"RoxioDragToDisc" = ""C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"" ["Roxio"]
"BDMCon" = "C:\PROGRA~1\softwin\BITDEF~2\bdmcon.exe" ["SOFTWIN S.R.L."]
"BDSwitchAgent" = "C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe" [null data]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"init32" = "nmdllw.exe" [file not found]
"stuffmon" = "media64.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
rapport2
Recherche registre ...
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMan REG_SZ SOUNDMAN.EXE
ATIPTA REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
WpsRePsw REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
vspdfprsrv.exe REG_SZ C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe
NeroCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
RoxioDragToDisc REG_SZ "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
BDMCon REG_SZ C:\PROGRA~1\softwin\BITDEF~2\bdmcon.exe
BDSwitchAgent REG_SZ C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
init32 REG_SZ nmdllw.exe
stuffmon REG_SZ media64.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
system REG_SZ csvst.exe
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
"pgtshlld"=hex:cd,36,00,00,a4,a4,9c,98,f5,fc,f1,f0,2e,ef,a0,df,14,00,00,00
"nidnsdr"=hex:65,38,00,00,42,54,7d,7e,7c,73,16,5e,1f,00,2f,13,00,00,00
"23naelch"=hex:a6,6b,00,00,9b,94,b7,a6,b2,a9,1c,15,01,d6,fb,e6,14,00,00,00
"aplnsftn"=hex:ce,1b,00,00,a9,df,91,ec,89,87,fb,e2,29,ee,a3,de,14,00,00,00
"23rtcdaol"=hex:98,1c,00,00,91,9a,5c,51,4e,b1,cf,06,1f,1b,18,fd,08,15,00,00,00
"7"=hex:e4,47,00,00,d9,da,f5,e4,f0,ef,d2,db,c7,94,b9,a4,14,00,00,00
"8"=hex:e4,47,00,00,c3,d5,f2,ff,fd,f0,97,df,9c,81,ac,13,00,00,00
"9"=hex:e4,47,00,00,c7,c5,ef,fa,e7,ed,91,88,c7,94,b9,a4,14,00,00,00
"10"=hex:3e,40,00,00,33,3c,0f,0e,2a,11,b4,bd,b9,7e,53,4e,14,00,00,00
"11"=hex:3e,40,00,00,25,3f,14,01,17,1a,69,a1,76,6b,46,13,00,00,00
"12"=hex:3e,40,00,00,39,2f,01,1c,19,17,6b,52,b9,7e,53,4e,14,00,00,00
"13"=hex:2a,27,00,00,07,10,33,22,3e,25,98,91,8d,52,47,62,14,00,00,00
"14"=hex:2a,27,00,00,09,13,38,35,3b,2e,5d,95,5a,7f,6a,13,00,00,00
"15"=hex:2a,27,00,00,0d,03,35,30,2d,2b,5f,46,8d,52,47,62,14,00,00,00
"16"=hex:77,2c,00,00,4a,47,46,71,6d,58,6f,64,70,01,0a,31,14,00,00,00
"17"=hex:77,2c,00,00,7c,46,4f,48,6e,5d,20,68,09,32,39,13,00,00,00
"18"=hex:77,2c,00,00,70,76,78,47,50,5e,22,15,70,01,0a,31,14,00,00,00
"mfamd"=hex:8b,00,00,00,7a,65,49,5c,4d,04,35,ce,25,11,00,00,00
C:\WINDOWS\System32\loadctr32.exe Présent !
Recherche presence hclean32.exe...
non trouvé...
Je dois m'abscenter 3 jour merci beaucoup et à lundi
Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"34763" = "MNTP.exe" [file not found]
"killall" = "Trayz.exe" [file not found]
"forces_elite" = "SYSTRAV.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" [file not found]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"WpsRePsw" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE" ["Canon Inc."]
"vspdfprsrv.exe" = "C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe" ["Visage Software"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"RoxioDragToDisc" = ""C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"" ["Roxio"]
"BDMCon" = "C:\PROGRA~1\softwin\BITDEF~2\bdmcon.exe" ["SOFTWIN S.R.L."]
"BDSwitchAgent" = "C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe" [null data]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"init32" = "nmdllw.exe" [file not found]
"stuffmon" = "media64.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
rapport2
Recherche registre ...
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMan REG_SZ SOUNDMAN.EXE
ATIPTA REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
WpsRePsw REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
vspdfprsrv.exe REG_SZ C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe
NeroCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
RoxioDragToDisc REG_SZ "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
BDMCon REG_SZ C:\PROGRA~1\softwin\BITDEF~2\bdmcon.exe
BDSwitchAgent REG_SZ C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
init32 REG_SZ nmdllw.exe
stuffmon REG_SZ media64.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
system REG_SZ csvst.exe
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
"pgtshlld"=hex:cd,36,00,00,a4,a4,9c,98,f5,fc,f1,f0,2e,ef,a0,df,14,00,00,00
"nidnsdr"=hex:65,38,00,00,42,54,7d,7e,7c,73,16,5e,1f,00,2f,13,00,00,00
"23naelch"=hex:a6,6b,00,00,9b,94,b7,a6,b2,a9,1c,15,01,d6,fb,e6,14,00,00,00
"aplnsftn"=hex:ce,1b,00,00,a9,df,91,ec,89,87,fb,e2,29,ee,a3,de,14,00,00,00
"23rtcdaol"=hex:98,1c,00,00,91,9a,5c,51,4e,b1,cf,06,1f,1b,18,fd,08,15,00,00,00
"7"=hex:e4,47,00,00,d9,da,f5,e4,f0,ef,d2,db,c7,94,b9,a4,14,00,00,00
"8"=hex:e4,47,00,00,c3,d5,f2,ff,fd,f0,97,df,9c,81,ac,13,00,00,00
"9"=hex:e4,47,00,00,c7,c5,ef,fa,e7,ed,91,88,c7,94,b9,a4,14,00,00,00
"10"=hex:3e,40,00,00,33,3c,0f,0e,2a,11,b4,bd,b9,7e,53,4e,14,00,00,00
"11"=hex:3e,40,00,00,25,3f,14,01,17,1a,69,a1,76,6b,46,13,00,00,00
"12"=hex:3e,40,00,00,39,2f,01,1c,19,17,6b,52,b9,7e,53,4e,14,00,00,00
"13"=hex:2a,27,00,00,07,10,33,22,3e,25,98,91,8d,52,47,62,14,00,00,00
"14"=hex:2a,27,00,00,09,13,38,35,3b,2e,5d,95,5a,7f,6a,13,00,00,00
"15"=hex:2a,27,00,00,0d,03,35,30,2d,2b,5f,46,8d,52,47,62,14,00,00,00
"16"=hex:77,2c,00,00,4a,47,46,71,6d,58,6f,64,70,01,0a,31,14,00,00,00
"17"=hex:77,2c,00,00,7c,46,4f,48,6e,5d,20,68,09,32,39,13,00,00,00
"18"=hex:77,2c,00,00,70,76,78,47,50,5e,22,15,70,01,0a,31,14,00,00,00
"mfamd"=hex:8b,00,00,00,7a,65,49,5c,4d,04,35,ce,25,11,00,00,00
C:\WINDOWS\System32\loadctr32.exe Présent !
Recherche presence hclean32.exe...
non trouvé...
Voila un hijackthis de la situation
Logfile of HijackThis v1.99.1
Scan saved at 21:51:14, on 08/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\softwin\BITDEF~2\bdmcon.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\moi\Mes documents\TIEUM\viryus\logiciel\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {B95986F6-8176-D808-36EC-1193F2726DC4} - br0ken.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hclean32.exe] C:\WINDOWS\system32\hclean32.exe
O4 - HKLM\..\Run: [init32] nmdllw.exe
O4 - HKLM\..\Run: [stuffmon] media64.exe
O4 - HKLM\..\Run: [dmzvs.exe] C:\WINDOWS\system32\dmzvs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [34763] MNTP.exe
O4 - HKCU\..\Run: [killall] Trayz.exe
O4 - HKCU\..\Run: [forces_elite] SYSTRAV.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37FB8A0C-C7BA-420C-A409-2E376CE6C6A2}: NameServer = 195.95.218.52,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F9C91E2-7A0F-4419-A055-67B3DA99DBD3}: NameServer = 194.117.200.10 194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2388F90-BBA2-4208-AB80-BCA3ACA970ED}: NameServer = 195.95.218.52,85.255.112.16
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)