Desinfection Mabezat
Gaston1975
Messages postés
1
Statut
Membre
-
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
Bonjour,
ci joint le rapport generer apres la scan par HiJackThis
que dois je faire SVP ???
ce pc est tres important dans la sté ou je travaille
N.B : J'ai essayé d'executer le patch que tu as sugrerer dans ton sujet mais il ne s'execute pas sur le PC infecté
Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:26:58, on 13/01/2011
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\Lectra\IManager\bin\fontserver.exe
C:\Program Files\Lectra\Lectradmin\Licenses\bin\wlserv1_3.exe
C:\PROGRA~1\Lectra\IManager\bin\lpdaemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\MGE\RunSC.exe
C:\PROGRA~1\LECTRA~1\MODASE~1.2C4\modaserv.exe
C:\WINDOWS\system32\MGE\PCtl.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Lectra\IManager\bin\osidaemon.exe
C:\WINDOWS\system32\MGE\BIL.EXE
C:\WINDOWS\system32\MGE\CILRS232.EXE
C:\WINDOWS\system32\MGE\CILUSB.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Lectra\VigiPrint\bin\vpdaemon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Lectra\ButtonBox\bin\microclavier.exe
C:\Program Files\Lectra\Digitizer\bin\digitizer.exe
C:\Documents and Settings\tazebama.dl_
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\mmc.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Lectra\IManager\bin\calljava.exe
C:\Program Files\Lectra\AlysPilot\JustPrint\jre\bin\javaw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lectra.com/?LNG=FR
O1 - Hosts: 192.9.200.35 Columbia
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [mxsioz] C:\Documents and Settings\Administrator\mxsioz.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: ButtonBox.lnk = ?
O4 - Global Startup: Digitizer.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Lectra Font Service (FontServer) - Unknown owner - C:\PROGRA~1\Lectra\IManager\bin\fontserver.exe
O23 - Service: GhostStartService - Unknown owner - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe (file missing)
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LicenseServ - Unknown owner - C:\Program Files\Lectra\Lectradmin\Licenses\bin\wlserv1_3.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lectra Print Service (LpDaemon) - Unknown owner - C:\PROGRA~1\Lectra\IManager\bin\lpdaemon.exe
O23 - Service: MGE Service module - Unknown owner - C:\WINDOWS\system32\MGE\RunSC.exe
O23 - Service: Modaservice - Unknown owner - C:\PROGRA~1\LECTRA~1\MODASE~1.2C4\modaserv.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Unknown owner - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE (file missing)
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups2.exe (file missing)
O23 - Service: Lectra VigiPrint Service (VPDaemon) - Unknown owner - C:\Program Files\Lectra\VigiPrint\bin\vpdaemon.exe
O23 - Service: Lectra XChangCutOut Service (XCDaemon) - Unknown owner - C:\Program Files\Lectra\XChangCutOut\bin\xcdaemon.exe
End of file - 7809 bytes
ci joint le rapport generer apres la scan par HiJackThis
que dois je faire SVP ???
ce pc est tres important dans la sté ou je travaille
N.B : J'ai essayé d'executer le patch que tu as sugrerer dans ton sujet mais il ne s'execute pas sur le PC infecté
Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:26:58, on 13/01/2011
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\Lectra\IManager\bin\fontserver.exe
C:\Program Files\Lectra\Lectradmin\Licenses\bin\wlserv1_3.exe
C:\PROGRA~1\Lectra\IManager\bin\lpdaemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\MGE\RunSC.exe
C:\PROGRA~1\LECTRA~1\MODASE~1.2C4\modaserv.exe
C:\WINDOWS\system32\MGE\PCtl.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Lectra\IManager\bin\osidaemon.exe
C:\WINDOWS\system32\MGE\BIL.EXE
C:\WINDOWS\system32\MGE\CILRS232.EXE
C:\WINDOWS\system32\MGE\CILUSB.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Lectra\VigiPrint\bin\vpdaemon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Lectra\ButtonBox\bin\microclavier.exe
C:\Program Files\Lectra\Digitizer\bin\digitizer.exe
C:\Documents and Settings\tazebama.dl_
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\mmc.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Lectra\IManager\bin\calljava.exe
C:\Program Files\Lectra\AlysPilot\JustPrint\jre\bin\javaw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lectra.com/?LNG=FR
O1 - Hosts: 192.9.200.35 Columbia
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [mxsioz] C:\Documents and Settings\Administrator\mxsioz.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: ButtonBox.lnk = ?
O4 - Global Startup: Digitizer.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Lectra Font Service (FontServer) - Unknown owner - C:\PROGRA~1\Lectra\IManager\bin\fontserver.exe
O23 - Service: GhostStartService - Unknown owner - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe (file missing)
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LicenseServ - Unknown owner - C:\Program Files\Lectra\Lectradmin\Licenses\bin\wlserv1_3.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lectra Print Service (LpDaemon) - Unknown owner - C:\PROGRA~1\Lectra\IManager\bin\lpdaemon.exe
O23 - Service: MGE Service module - Unknown owner - C:\WINDOWS\system32\MGE\RunSC.exe
O23 - Service: Modaservice - Unknown owner - C:\PROGRA~1\LECTRA~1\MODASE~1.2C4\modaserv.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Unknown owner - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE (file missing)
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups2.exe (file missing)
O23 - Service: Lectra VigiPrint Service (VPDaemon) - Unknown owner - C:\Program Files\Lectra\VigiPrint\bin\vpdaemon.exe
O23 - Service: Lectra XChangCutOut Service (XCDaemon) - Unknown owner - C:\Program Files\Lectra\XChangCutOut\bin\xcdaemon.exe
End of file - 7809 bytes
A voir également:
- Desinfection Mabezat
- Désinfection du linge - Guide
- Demande de désinfection SVP !!! - Forum Virus
- Prévention et désinfection ✓ - Forum Virus
- Aide pour désinfection pc ✓ - Forum Virus
- [XP] Desinfection smitfraud ✓ - Forum Virus
2 réponses
Salut,
Ton infection est pas simple à éradiquer.
N'insère pas de clef USB etc avant que la désinfection soit terminée.
Passe un coup de Dr. Web CureIT : https://free.drweb.com/cureit/
Poste le rapport ici.
Remember when you were young, you shone like the sun.
Shine on you crazy diamond.
Now there's a look in your eyes, like black holes in the sky.
Shine on you crazy diamond.
Ton infection est pas simple à éradiquer.
N'insère pas de clef USB etc avant que la désinfection soit terminée.
Passe un coup de Dr. Web CureIT : https://free.drweb.com/cureit/
Poste le rapport ici.
Remember when you were young, you shone like the sun.
Shine on you crazy diamond.
Now there's a look in your eyes, like black holes in the sky.
Shine on you crazy diamond.
