Sujet Précédent Sujet Suivant

[virus rootkit downloader] pbs de connection

jimiii Messages postés 31 Statut Membre -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
hey greenday, voici le rapport de avg

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 23:59:36 19/06/2007

+ Résultat de l'analyse:

[3324] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Ignoré.
[3732] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Ignoré.
[556] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Ignoré.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} -> Adware.Generic : Ignoré.
HKU\S-1-5-21-1409082233-308236825-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP116\A0045733.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP116\A0045746.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP116\A0045747.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP116\A0045748.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP119\A0046737.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048728.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048729.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048730.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048731.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048732.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048735.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048736.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048737.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048738.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048739.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048740.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048741.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048746.dll -> Adware.Virtumonde : Ignoré.
C:\documents.exe -> Adware.Virtumonde : Ignoré.
C:\my.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0055126.sys -> Downloader.Agent.acl : Ignoré.
C:\QooBox\Quarantine\catchme2007-06-19_223105.70.zip/al64.dll -> Downloader.Agent.bga : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0061184.dll -> Downloader.Agent.bga : Ignoré.
C:\QooBox\Quarantine\C\WINDOWS\system32\cryptsa.dll.vir -> Downloader.Agent.btd : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0061183.dll -> Downloader.Agent.btd : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP141\A0051999.exe -> Downloader.Alphabet : Ignoré.
C:\QooBox\Quarantine\C\WINDOWS\avp.exe.vir -> Downloader.Alphabet.b : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0061182.exe -> Downloader.Alphabet.b : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP141\A0051998.exe -> Downloader.Small.ddy : Ignoré.
C:\16.tmp -> Proxy.Xorpix.ar : Ignoré.
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Documents\Settings\partnership.dll.vir -> Proxy.Xorpix.ar : Ignoré.
C:\Documents and Settings\Demonn\Cookies\demonn@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Demonn\Cookies\demonn@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Demonn\Cookies\demonn@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Demonn\Cookies\demonn@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Demonn\Cookies\demonn@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP138\A0048904.exe -> Trojan.Agent.aom : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0061168.dll -> Trojan.Agent.j : Ignoré.

Fin du rapport

je continue sur bitdefender. Merci et a tout a l'heure peut-etre. Jim
A voir également:

2 réponses

Réponse 1 / 2
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonsoir,

1) reste sur ton poste, ce sera plus simple pour green Day de te retrouver (coucou Green)

2) (pour gagner du temps) Ignoré. Le scan AVG n'a servi à rien. Règle le comme conseillé pour mettre les ficchiers infectés en quarantaine.
Bonne suite.
0
jimiii Messages postés 31 Statut Membre
 
Bonjour Lyonnais,

J'ai du aller dormir hier soir. Voici le dernier scan de bitdefender et le log de hijackthis. Merci pour votre aide.

BitDefender Online Scanner - Real Time Virus Report
Generated at: Wed, Jun 20, 2007 - 09:09:02

Scan Info
Scanned Files 266798
Infected Files 18


Virus Detected
Trojan.Dropper.Small.NCA 2
Trojan.BHO.BP 1
Trojan.Clicker.Costrat.AZ 1
Trojan.BHO.AR 2
Win32.Grum.A 1
Trojan.Horse3.RJ 2
Trojan.Clicker.CM 2
Application.JS.ForcePopup.I 1
GenPack:Trojan.Vundo.DLZ 1
MemScan:Trojan.Virtumonde.IC 2
Trojan.Vundo.DLY 2
BehavesLike:Win32.ExplorerHijack 1



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.


hijack:
Logfile of HijackThis v1.99.1
Scan saved at 12:54:15, on 20/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
f:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
D:\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} - C:\WINDOWS\system32\qaqfvrie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrojanScanner] d:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcaxwu - ddcaxwu.dll (file missing)
O20 - Winlogon Notify: gebbawu - gebbawu.dll (file missing)
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)
O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)
O20 - Winlogon Notify: ssqnllm - ssqnllm.dll (file missing)
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing)
O23 - Service: A12FF9D8 - - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - ATI Technologies Inc. - (no file)
O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CD76C53C - C-Dilla Ltd - (no file)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



merci encore! Jim
0
Réponse 2 / 2
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

tu dors encore.

J'avais écrit :

1) reste sur ton poste, ce sera plus simple pour green Day de te retrouver (coucou Green)

Bonne suite (avec Green Day)
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Problème Torrent "Connexion aux Pairs" Bloqué
BobbySponger -
michpom -

4 réponses
Code de connexion internet gratuit pour mobile
bara.991 -
lilidurhone -

1 réponse
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses