Adresse IP 213.146.05.46 est cotée à la CBL

s2oO Messages postés 32 Statut Membre -  
s2oO Messages postés 32 Statut Membre -
Bonjour,
voila en me connecte sur un cite jai resoi un lien http://cbl.abuseat.org/lookup.cgi?ip=213.146.05.46

jai enlve mon ip de leur liste jai fai un scanne je treuve un (chevale de troi et dautre verusse )jai tous suprime mai quan je me reconnecte dan cite le probleme revien me revoila a la case depar ci quelle qun de cool pe m aide ou au moin mexplique ce que ma rive ok merci

Adresse IP 213.140.59.46 est cotée à la CBL. Il semble être infecté par un trojan envoi de spam ou de procuration.

Il a été détecté au dernier 01/07/2011 13:00 GMT (+ / - 30 minutes), il ya environ 3 heures.

Il a été remis en vente suite à un retrait précédent à 29/06/2011 17:43 GMT (1 jour, 22 heures, 17 minutes)

Cette adresse IP est infecté (ou NATting pour un ordinateur qui est infecté) avec le maazben spambot.

8 réponses

  1. s2oO Messages postés 32 Statut Membre 1
     
    salu merci de rependre oui jai qun odri
    0
  2. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Merci de faire un effort et d'écrire correctement.

    Fais ça :
    Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
    !!! Malwarebyte doit être à jour avant de faire le scan !!!

    ETAPE 3:

    Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

    * Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

    * Lance OTL
    * Sous Peronnalisation, copie-colle ce qu'il y a dans le cadre ci-dessous :
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %temp%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    CREATERESTOREPOINT
    nslookup www.google.fr /c
    SAVEMBR:0
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs

    * Clique sur le bouton Analyse.
    * Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
    Donnes le liens pjjoint ici ensuite pour pouvoir être consultés.

    0
  3. s2oO
     
    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Version de la base de données: 7004

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    02/07/2011 17:23:20
    mbam-log-2011-07-02 (17-23-20).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 200082
    Temps écoulé: 14 minute(s), 18 seconde(s)

    Processus mémoire infecté(s): 2
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 10
    Valeur(s) du Registre infectée(s): 12
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 15

    Processus mémoire infecté(s):
    c:\documents and settings\all users\application data\questscan\questscan129.exe (Adware.Agent.Gen) -> 1780 -> Unloaded process successfully.
    c:\program files\questscan\questscan.exe (Adware.Agent.Gen) -> 584 -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    c:\program files\questscan\questscan.dll (Adware.Agent.Gen) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestScan Service (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan (Adware.QuestScan) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwwinxp.exe (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSConfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTSCAN_SERVICE (Adware.QuestScan) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regdiit (Backdoor.PoisonIvy) -> Value: regdiit -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> Value: 1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan\DisplayName (Adware.QuestScan) -> Value: DisplayName -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan\DllPath (Adware.QuestScan) -> Value: DllPath -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\documents and settings\all users\application data\questscan\questscan129.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    c:\program files\questscan\questscan.dll (Adware.Agent.Gen) -> Delete on reboot.
    c:\program files\questscan\questscan.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\wa2x\mes documents\downloads\Programs\Setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\documents and settings\wa2x\mes documents\downloads\Programs\VLCSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\documents and settings\WAAX G T\local settings\temporary internet files\Content.IE5\W1E7CLMZ\images[1].jpg (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\program files\ad-remover\quarantine\C\program files\clickpotatolite\bin\10.0.682.0\clickpotatolitesaax.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\ad-remover\quarantine\C\program files\clickpotatolite\bin\10.0.682.0\clickpotatolitesabho.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\ad-remover\quarantine\C\program files\clickpotatolite\bin\10.0.682.0\clickpotatoliteuninstaller.exe.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\ad-remover\quarantine\C\program files\clickpotatolite\bin\10.0.682.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\ad-remover\quarantine\C\program files\shoppingreport2\uninst.exe.vir (Adware.ShoppingReports2) -> Quarantined and deleted successfully.
    c:\program files\ad-remover\quarantine\C\program files\shoppingreport2\Bin\2.7.34\shoppingreport.dll.vir (Adware.SmartShopper) -> Quarantined and deleted successfully.
    c:\program files\questscan\uninstall.exe (Adware.QuestScan) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\wirelessnetview.exe (PUP.WirelessNetworkTool) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\winxp.exe (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
    _______________________________________________________________
    http://pjjoint.malekal.com/files.php?id=7c11a8a9171296
    0
    1. s2oO
       
      salut ^^ et je reçois ce message a l'ouverture de ma session .
      windows script host
      impossible de treuver le fichier script "C:\WINDOWS\system32\imwin.jpg"
      0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Tu n'a pas fait un scan avec le script personnalisé.
    0
    1. s2oO
       
      a si j'ai utilisé tan script dan OTL
      0
    2. s2oO
       
      j'ai refait le scanner et j'ai commepare OTL.text et sont editantique
      0
  6. s2oO Messages postés 32 Statut Membre 1
     
    desole de mon apsence mon pc sai plente cest la cart mer a grie et pour scan Kaspersky jai pas pu car je suis connecte avec une clé 3g bonjour la galer mon pc et completment contaminne je croi meme que on me pirat la danc je veux le formate mai je les deja fai je suprime les partition ex le proble rest comme pour l hisoit de l ip contanaminé alor je remerici de m aide jai vrement besoin d aid stp ja temp ta repence
    0
  7. s2oO Messages postés 32 Statut Membre 1
     
    cest urgent la je sai plu quoi fair !
    0