Sujet Précédent Sujet Suivant

Sos rootkit

Fermé
so6on - 4 sept. 2010 à 17:58
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 - 4 sept. 2010 à 18:00
Bonjour,

Je cherche quelqu'un pour m'aider à supprimer ce rootkit.

Voici le rapport malwrebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4541

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/09/2010 17:49:19
mbam-log-2010-09-04 (17-49-19).txt

Type d'examen: Examen complet (A:\|C:\|D:\|E:\|F:\|)
Elément(s) analysé(s): 243014
Temps écoulé: 1 heure(s), 2 minute(s), 37 seconde(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 15
Fichier(s) infecté(s): 91

Processus mémoire infecté(s):
C:\WINDOWS\Bnozig.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\Bpoteg.exe (Trojan.Downloader) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db38e21a-0133-419d-92ad-ecdfd5244d6d} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb620c54-e229-4942-87ce-e717109fc8c6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{db38e21a-0133-419d-92ad-ecdfd5244d6d} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{eb620c54-e229-4942-87ce-e717109fc8c6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bardiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\20w6rlkx65 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nxexvtle (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nxexvtle (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\anomeswrxc.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbv6rd5szf (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Application Data\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Application Data\ShoppingReport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Application Data\ShoppingReport2\cs\db (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Application Data\ShoppingReport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Application Data\ShoppingReport2\cs\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Application Data\ShoppingReport2\cs\res2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Program Files\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7} (Adware.BarDiscover) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome (Adware.BarDiscover) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults\preferences (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport2\Bin\2.7.8 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\Bnozig.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Bpoteg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Application Data\btfkiswtf\jhfuigashdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\anomeswrxc.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Application Data\Sun\Java\Deployment\cache\6.0\16\1a3682d0-73563d50 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Application Data\btfkiswtf\jhfuigashdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\naeormswxc.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bv0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bv1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bv2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bv3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bv4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bv5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bv6.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bv7.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bv8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\stkqwe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\ufijhxj.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bv9.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bvy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bvz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bws.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bww.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bwx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\0.08053022691171974.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\0.09944791435891731.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\0.10775446391217447.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\0.11382966984642673.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\0.24231855311079775.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\0.3060847434824334.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\0.31274510061982386.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\0.4532559218809361.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\0.5570980412217186.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\0.7754082577340717.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\0.7800335497163594.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\0.8178931714613299.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\0.9198446560178128.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\0.8872722543340875.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\Bnozib.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Bnozic.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Bnozid.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Bnozie.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Bnozif.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Bpotea.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Bpoteb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Bpotec.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Bpoted.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Bpotee.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Bpotef.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ajtizn.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\benji\Application Data\ShoppingReport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Application Data\ShoppingReport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Application Data\ShoppingReport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Application Data\ShoppingReport2\cs\dwld\WhiteList.xip (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Application Data\ShoppingReport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Application Data\ShoppingReport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Application Data\ShoppingReport2\cs\res2\WhiteList.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Program Files\BarDiscover\uninstall.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome.manifest (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\install.rdf (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome\bardiscover.jar (Adware.BarDiscover) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults\preferences\prefs.js (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport2\Uninst.exe (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Documents and Settings\benji\Local Settings\Temp\Bvx.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\benji\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Merci pour votre aide!
A voir également:

1 réponse

Réponse 1 / 1
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
4 sept. 2010 à 18:00
Salut,

Télécharges ComboFix à partir d'un de ces liens :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
la protection en temps réel de ton Antivirus et de tes Antispywares,
qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt,.
est automatiquement sauvegardé et rangé à C:\Combofix.txt)

? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares,
avant de te reconnecter à internet.

? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0

Discussions similaires

Rootkit détecté par AVG mais ne fait rien?
Hakayami -
hellodu95 -

11 réponses
help rootkit
celine746 -
celine746 -

21 réponses
Avast détecte un rootkit
Marie12345 -
Marie12345 -

2 réponses
win32 Rootkit
Mary -
plopus -

8 réponses
hacker defender 100 rootkit
andros -
andros -

22 réponses