Ordinateur infecté par un rootkit

90 fichiers infectés trouvés!
Voilà le rapport

------------------------- RAPPORT -----------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4419

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

11/08/2010 16:29:35
mbam-log-2010-08-11 (16-29-35).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 141861
Temps écoulé: 6 minute(s), 44 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 88

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\system32\Drivers\miqwwsk.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\285.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\725.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\294.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\313.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\330.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\340.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\344.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\394.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\415.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\428.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\445.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\453.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\458.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\461.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\542.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\560.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\563.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\566.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\573.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\589.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\607.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\613.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\618.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\637.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\645.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\655.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\661.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\671.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\679.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\698.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\716.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\026.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\049.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\061.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\065.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\096.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\102.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\105.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\119.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\120.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\131.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\161.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\164.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\165.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\214.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\226.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\237.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\243.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\257.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\262.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\281.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\crf.exe (Trojan.Oficla) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\~TM10F1.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\~TM14CC.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\~TM3910.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\~TM4EBE.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\~TM5362.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\~TM622D.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\~TM8359.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\~TM8549.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\~TMA353.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\~TMA55A.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\~TMF377.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\779.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\784.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\800.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\801.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\810.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\826.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\829.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\830.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\869.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\871.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\884.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\892.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\917.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\922.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\928.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\930.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\938.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\951.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\957.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\968.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\994.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Denis\AppData\Local\Temp\nsy9CF6.tmp\Resource.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Windows\Temp\522bfb93.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Windows\Temp\cea98a51.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.


--------------- FIN DU RAPPORT -------------------------------------------------

Est-ce que je dois faire quelque chose d'autre?

L'examen complet n'était pas vraiment nécessaire.

Poursuis ici avec Jawaryinti : https://forums.commentcamarche.net/forum/affich-18802094-ordinateur-infecte-par-un-rootkit#12

Bonne continuation

@+

BOn alors, j'ai téléchargé ZHPDiag.
Lors de l'installation, il m'a dit qu'il ne pouvait pas le lancer : il a parlé d'une nécessaire élévation (mais je n'ai pas eu le temps de tout lire).
Il y avait quand même un lien sur le bureau : je l'ai lancé mais le diagnostique bloque systématiquement à 80%.....
Que puis-je faire?

Bien sûr!
Mais je l'ai fait plusieurs fois déjà (et quelques soit le type de recherche, il trouve le même problème). Là, j'ai une recherche complète qui est en train de tourner (ça prend deux heures à chaque fois...).

Regarde mon message précédent.
Tu peux stopper ton analyse complète mais mets à jour et relance une analyse rapide.

et la mise à jour de Malwarebyte ? (actuellement la base de données est la 4419)

Oups!!! Merci pour votre rapidité!
Je croyais avoir mis à jour hier encore et ... en fait non.

Bon, alors j'ai lu rapidement, donc j'ai mis à jour et lancé une analyse .... complète! Vaut-il mieux arrêter la complète, relancer une rapide pour savoir ce qu'il en est ou attendre que la complète se termine (deux bonnes heures)?

En tout cas, Malwarebyte's trouve beaucoup plus de fichiers infectés (déjà 4.....). Ca me rassure, bizarrement!

Autre question : j'ai sûrement été infecté par une clef USB. Pour la nettoyer, il suffit de la brancher, de ne pas l'ouvrir et de lancer un scan avec Malwarebyte's ? Dans l'hypothèse où la mise à jour résoudrait mon problème?

Tu peux stopper ton analyse complète et lancer une rapide comme je l'ai écris plus haut.

Ensuite on lancera un outil d'analyse afin de résoudre les autres infections

Je ne comptais absolument pas prendre ta place, d'ailleurs, je ne désinfecte pas encore..

J'essayais juste de limiter la casse des autres commentaires, excuses-moi.

Au plaisir ;)

Aucun problème ;-)

Je laisse Jawaryinti poursuivre.

Bonne continuation

Non, puisqu'il ne termine jamais l'analyse. Et quand je vais dans C:, je ne trouve pas de rapport...

Oui, j'ai vidé la quarantaine et j'ai Vista.

Re-bonjour,

Un ami qui s'y connaît bien est venu chez moi et a fait tout ça. Il a ensuite nettoyé le PC. Merci tout de même de votre aide précieuse.

Cordialement,