Sujet Précédent Sujet Suivant

Suite

Fermé
fred1972 Messages postés 12 Date d'inscription jeudi 22 mars 2007 Statut Membre Dernière intervention 22 mars 2007 - 22 mars 2007 à 16:35
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 22 mars 2007 à 20:13
< 2 > fred1972 (jeudi 22 mars 2007 à 16:30:21)

suite virus isa...
Voici le rapport smitfraud:
SmitFraudFix v2.152

Rapport fait à 16:24:14,71, 22/03/2007
Executé à partir de C:\Documents and Settings\user\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\fyxkaah.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\Favoris

C:\DOCUME~1\user\Favoris\Online Security Test.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b292ec9f-a074-4115-8342-1f459702d8d2}"="characterizing"

[HKEY_CLASSES_ROOT\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32]
@="C:\WINDOWS\system32\fyxkaah.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32]
@="C:\WINDOWS\system32\fyxkaah.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


VOICI RAPPORT DE MON ANTIVIRUS BULGARD APRES ANALYSE

BullGuard Scan Report
Scan Profile: "Poste de travail"
___________________________________________________________


----[ System Info ]------------

OS Version: Microsoft Windows XP Home Edition - Service Pack 2 (Build 2600) [1 * x86 CPUs]
Physical memory: 960 MB
System up-time: 0 days, 00 hours, 54 minutes, 27 seconds
BullGuard up-time: 0 days, 00 hours, 53 minutes, 31 seconds
TopLayer Version: 6, 1, 0, 2
FileSpy5 Version: 1.0.11 built by: WinDDK
BdFileSpy Version: N/A
FileSpy svc Version: 6, 1, 0, 5
Reconn Version: N/A
MailProxy Version: 6, 1, 0, 5
AntiVirus Version: 6, 1, 0, 12

----[ Scan Parameters ]------------

Folders to scan:
C:\
D:\

Excluded folders:
None

Files to scan:
None

Scan type:
[o] Scan all files
[ ] Scan program files only
[ ] Scan custom extensions:

[X] Exclude user extensions: lnk

[X] Scan boot sectors
[X] Scan packed files
[X] Scan archives
[X] Scan emails
[X] Enable heuristic detection

[ ] Scan default action
___________________________________________________________

Scan Statistics
___________________________________________________________

Scan started: Thursday, March 22, 2007 13:22:25
Scan duration: 0 days, 00 hours, 52 minutes, 42 seconds
Completion status: Successful

Total files scanned: 388247
Total files skipped: 62
Identified viruses: 5
Scan speed: 122.79 files/sec

Files skipped:
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [Open Failed]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
C:\Documents and Settings\LocalService\NTUSER.DAT [Open Failed]
C:\Documents and Settings\LocalService\ntuser.dat.LOG [Open Failed]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [Open Failed]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
C:\Documents and Settings\NetworkService\NTUSER.DAT [Open Failed]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG [Open Failed]
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [Open Failed]
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>Ad-Aware SE Default.skn [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>arrow1.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>arrow2.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bck1.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt11.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt12.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt13.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt21.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt22.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt23.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt31.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt32.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt33.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt41.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt42.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt43.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt51.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt52.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt53.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt61.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>bt62.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>checkbox1.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>checkbox2.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>checkbox3.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>checkbox4.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>defbtn1.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>defbtn2.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>defbtn3.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>glyph1.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>glyph2.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>glyph3.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>glyph4.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>glyph5.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>glyph6.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>glyph7.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>main.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>preview.bmp [Password protected]
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SNHB6MBP\aawsepersonal[1].exe=>wise0021=>sprite1.bmp [Password protected]
C:\Documents and Settings\user\ntuser.dat [Open Failed]
C:\Documents and Settings\user\ntuser.dat.LOG [Open Failed]
C:\System Volume Information\MountPointManagerRemoteDatabase [Open Failed]
C:\WINDOWS\system32\config\default [Open Failed]
C:\WINDOWS\system32\config\default.LOG [Open Failed]
C:\WINDOWS\system32\config\SAM [Open Failed]
C:\WINDOWS\system32\config\SAM.LOG [Open Failed]
C:\WINDOWS\system32\config\SECURITY [Open Failed]
C:\WINDOWS\system32\config\SECURITY.LOG [Open Failed]
C:\WINDOWS\system32\config\software [Open Failed]
C:\WINDOWS\system32\config\software.LOG [Open Failed]
C:\WINDOWS\system32\config\system [Open Failed]
C:\WINDOWS\system32\config\system.LOG [Open Failed]
D:\System Volume Information\MountPointManagerRemoteDatabase [Open Failed]

___________________________________________________________

Infected Files
___________________________________________________________

----[ Infected Files ]------------

Virus: Trojan.Downloader.Zlob.ZQT
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\isadd.dll
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\isamini.exe
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\isamntr.exe

Virus: Trojan.Downloader.Zlob.ZQU
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\iesplugin.dll

Virus: Trojan.Downloader.Zlob.ZQV
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\iesuninst.exe

Virus: Trojan.Downloader.Zlob.ZQW
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\pmunst.exe

Virus: Trojan.Downloader.Zlob.ZQX
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\pmmnt.exe

___________________________________________________________

Results after ROUND 0
___________________________________________________________

Scan started: Thursday, March 22, 2007 13:22:25
Scan duration: 0 days, 00 hours, 52 minutes, 42 seconds
Infections solved: 0
Infections left: 7
Viruses left: 5

----[ Files Still Infected ]------------

Virus: Trojan.Downloader.Zlob.ZQT
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\isadd.dll
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\isamini.exe
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\isamntr.exe

Virus: Trojan.Downloader.Zlob.ZQU
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\iesplugin.dll

Virus: Trojan.Downloader.Zlob.ZQV
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\iesuninst.exe

Virus: Trojan.Downloader.Zlob.ZQW
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\pmunst.exe

Virus: Trojan.Downloader.Zlob.ZQX
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\pmmnt.exe

___________________________________________________________

Results after ROUND 1
___________________________________________________________

Scan started: Thursday, March 22, 2007 14:49:56
Scan duration: 0 days, 00 hours, 00 minutes, 00 seconds
Infections solved: 0
Infections left: 7
Viruses left: 5

----[ Files Still Infected ]------------

Virus: Trojan.Downloader.Zlob.ZQT
Status: Disinfect Failed
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\isadd.dll
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\isamini.exe
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\isamntr.exe

Virus: Trojan.Downloader.Zlob.ZQU
Status: Disinfect Failed
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\iesplugin.dll

Virus: Trojan.Downloader.Zlob.ZQV
Status: Disinfect Failed
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\iesuninst.exe

Virus: Trojan.Downloader.Zlob.ZQW
Status: Disinfect Failed
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\pmunst.exe

Virus: Trojan.Downloader.Zlob.ZQX
Status: Disinfect Failed
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\pmmnt.exe

___________________________________________________________

Results after ROUND 2
___________________________________________________________

Scan started: Thursday, March 22, 2007 14:50:08
Scan duration: 0 days, 00 hours, 00 minutes, 00 seconds
Infections solved: 7
Infections left: 0
Viruses left: 0

----[ Files Solved ]------------

Virus: Trojan.Downloader.Zlob.ZQT
Status: Moved To Quarantine
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\isadd.dll
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\isamini.exe
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\isamntr.exe

Virus: Trojan.Downloader.Zlob.ZQU
Status: Moved To Quarantine
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\iesplugin.dll

Virus: Trojan.Downloader.Zlob.ZQV
Status: Moved To Quarantine
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\iesuninst.exe

Virus: Trojan.Downloader.Zlob.ZQW
Status: Moved To Quarantine
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\pmunst.exe

Virus: Trojan.Downloader.Zlob.ZQX
Status: Moved To Quarantine
C:\RECYCLER\S-1-5-21-3824822333-3227673675-1234450408-500\Dc1\pmmnt.exe

Merci d'etre explicite car suis novice.
En Vous remerciant de l'aide
Coordialement

3 réponses

Réponse 1 / 3
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
22 mars 2007 à 18:47
Salut

reste sur ton poste initial

a+
0
Réponse 2 / 3
fred1972 Messages postés 12 Date d'inscription jeudi 22 mars 2007 Statut Membre Dernière intervention 22 mars 2007
22 mars 2007 à 19:07
je vais sur mon post principal.J'ai scanné tout avec avg et maintenant que dois je faire?
0
Réponse 3 / 3
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
22 mars 2007 à 20:13
Salut,

Continue avec Phiale

Bye
0