Infecté par des virus ou trojan je ne sais pa Fermé

Question

Bonjour a vous les calé de l'informatique,

Depuis peu mon anti virus détecte assez souvent des virus ou troyen.. avec beaucoup de mal j'ai réussi il me semblait a m'en dépêtré mais je ne pense pas que la menace soit totalement éradiqué.

A explorant le forum afin d'avacancer le travail J'ai pu voir que vous fonctionné beaucoup avec HijackThis J'ai donc fait un scan en voici le rapport.

Je suis prête et disponible a recevoir toutes aides pouvant m'aider.

Merci d'avoir pris quelque minute pour avoir lu ce post et je l'espère recevoir un peu d'aide.

@ bientôt 

Logfile of HijackThis v1.99.1
Scan saved at 11:08:58, on 07/11/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32undll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\services.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\TEMP\winBC76.tmp
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1
ou\LOCALS~1\Temp\Rar$EX00.907\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = LanguedocWarez Rien que pour le plaisir!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\loader8108921.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32pcc.dll (file missing)
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe

Aurelieeee · Answer

Je join un rapport d'ewido ainsi qu'un scan avec Bit defendre Online fin de complété un eventuel manque d'information.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:	14:38:32 07/11/2006

 + Scan result:	



C:\mjbvlado.exe -> Backdoor.Pakes : No action taken.
C:\Documents and Settings
ou\Local Settings\Temp\2.dlb -> Downloader.Tibs.gc : No action taken.
C:\Documents and Settings
ou\Local Settings\Temp\6.dlb -> Downloader.Tibs.gc : No action taken.
C:\Documents and Settings
ou\Local Settings\Temp\7.dlb -> Downloader.Tibs.gc : No action taken.
C:\Documents and Settings
ou\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD2FKPUR\loader[1].exe -> Downloader.Tiny.bm : No action taken.
[1184] C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll -> Proxy.Xorpix.at : No action taken.
C:\Documents and Settings
ou\Cookies
ou@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings
ou\Cookies
ou@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings
ou\Cookies
ou@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings
ou\Cookies
ou@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings
ou\Cookies
ou@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings
ou\Cookies
ou@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : No action taken.
C:\Documents and Settings
ou\Cookies
ou@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings
ou\Cookies
ou@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings
ou\Cookies
ou@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings
ou\Cookies
ou@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings
ou\Cookies
ou@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings
ou\Cookies
ou@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\WINDOWS\system32\msasvc.exe -> Trojan.Sinowal.bh : No action taken.
[964] C:\WINDOWS\System32\msasvc.exe -> Trojan.Sinowal.bh : No action taken.


::Report end

______________________________________________________

BitDefender Online Scanner
  
  
 
Scan report generated at: Tue, Nov 07, 2006 - 12:50:18
 
 
  
  
 
Scan path: A:\;C:\;D:\;E:\;
  
  
 
 
  
  
 
Statistics
 
Time
 01:13:47
 
Files
 131743
 
Folders
 2871
 
Boot Sectors
 2
 
Archives
 2302
 
Packed Files
 8794
 
  
  
 
Results
 
Identified Viruses 
 4
 
Infected Files 
 5
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 5
 
   
 
Engines Info
 
Virus Definitions
 312708
 
Engine build
 AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
 
Scan plugins
 13
 
Archive plugins
 38
 
Unpack plugins
 6
 
E-mail plugins
 6
 
System plugins
 1
 

Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
   
  Scanned File
  Status
 
C:\System Volume Information\_restore{EE5C1D49-E816-48D3-9EEF-82DEDEB6497C}\RP18\A0002648.exe=>(NSIS o)=>zlib_nsis0002
 Infected with: Trojan.Dropper.VB
 
C:\System Volume Information\_restore{EE5C1D49-E816-48D3-9EEF-82DEDEB6497C}\RP18\A0002648.exe=>(NSIS o)=>zlib_nsis0002
 Disinfection failed
 
C:\System Volume Information\_restore{EE5C1D49-E816-48D3-9EEF-82DEDEB6497C}\RP18\A0002648.exe=>(NSIS o)=>zlib_nsis0002
 Deleted
 
C:\System Volume Information\_restore{EE5C1D49-E816-48D3-9EEF-82DEDEB6497C}\RP18\A0002648.exe=>(NSIS o)
 Update failed
 
C:\System Volume Information\_restore{EE5C1D49-E816-48D3-9EEF-82DEDEB6497C}\RP86\A0022921.exe
 Infected with: Trojan.Downloader.Small.CPT
 
C:\System Volume Information\_restore{EE5C1D49-E816-48D3-9EEF-82DEDEB6497C}\RP86\A0022921.exe
 Deleted
 
C:\System Volume Information\_restore{EE5C1D49-E816-48D3-9EEF-82DEDEB6497C}\RP86\A0022991.dll
 Infected with: Generic.Malware.SMdldg.D37C9328
 
C:\System Volume Information\_restore{EE5C1D49-E816-48D3-9EEF-82DEDEB6497C}\RP86\A0022991.dll
 Disinfection failed
 
C:\System Volume Information\_restore{EE5C1D49-E816-48D3-9EEF-82DEDEB6497C}\RP86\A0022991.dll
 Deleted
 
C:\WINDOWS\msagent\agentsvr.exe
 Infected with: Win32.Mixor.A@mm
 
C:\WINDOWS\msagent\agentsvr.exe
 Disinfection failed
 
C:\WINDOWS\msagent\agentsvr.exe
 Deleted
 
C:\WINDOWS\system32\dllcache\agentsvr.exe
 Infected with: Win32.Mixor.A@mm
 
C:\WINDOWS\system32\dllcache\agentsvr.exe
 Disinfection failed
 
C:\WINDOWS\system32\dllcache\agentsvr.exe
 Deleted
 
  
voila voila :/
UNe question aussi, les fichiers placé en quarentaire par ewido doivent-ils etre suprimé ?

Infecté par des virus ou trojan je ne sais pa

1 réponse

Discussions similaires