Sujet Précédent Sujet Suivant

Infecte par plusieurs virus worm, spywares...

Fermé
golk52 - 28 oct. 2007 à 17:20
golk52 Messages postés 3 Date d'inscription dimanche 28 octobre 2007 Statut Membre Dernière intervention 29 octobre 2007 - 29 oct. 2007 à 06:37
Bonjour, je suis un newbie sur le forum . C'est en suivant les conseils de Christopher, methode preliminaire de desinfection ,que je suis sur ce site aujourd'hui (merci a Christopher). Voila je suis in fecte (ordi) et apres utilisation de HijackThis V2.02 , voila le rapport obtenu ( excusez moi je n'ai pas pu sauvegarder les 2 rapports precedents comme conseiller par Christopher afin de vous les faire voir sur le forum):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:00:17, on 2007-10-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Thunder\Program\Thunder5.exe
D:\Downloads\install_en.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: SrchHook Class - {F08555B0-9CC3-11D2-AA8E-000000000000} - C:\WINDOWS\system32\IEBHO.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {02478D37-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SrchHook Class - {F08555B0-9CC3-11D2-AA8E-000000000000} - C:\WINDOWS\system32\IEBHO.dll
O3 - Toolbar: 快捷工具条3.1.5 - {BE830FD4-E393-417F-9F4B-CC70ABB3384C} - C:\WINDOWS\system32\IETool.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [switch] c:\windows\system32\壁纸自动换.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "D:\Downloads\install_en.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?a4e0d2e0f16649ebac3d2902b78b21b6
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?a4e0d2e0f16649ebac3d2902b78b21b6
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{102B2A5E-F301-4FAA-A4F1-17B94076512A}: NameServer = 202.96.128.86 202.96.128.166
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: boardwalk - {75a65a53-15c9-4a0c-bb40-a7ca8b24f544} - C:\WINDOWS\system32\ugbtna.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

3 réponses

Réponse 1 / 3
Darkness_Angel Messages postés 88 Date d'inscription lundi 18 décembre 2006 Statut Membre Dernière intervention 26 septembre 2008 19
28 oct. 2007 à 17:24
Coucou
commence par un coup de Panda : (il faut arreter la protection d'avast pour pouvoir faire le scan (AUCUN risque de virus ) )

http://pandasoftware.fr

suit par Spybot - Search & Destroy

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

Bonne continuation
0
Réponse 2 / 3
golk52 Messages postés 3 Date d'inscription dimanche 28 octobre 2007 Statut Membre Dernière intervention 29 octobre 2007
29 oct. 2007 à 06:23
Bonjour et merci a toi ( et a tous) Darkness__Angel , mais apres avoir suivit tes conseils voila qu'
il y a tjs le smitfraud-c et qques uns qui st presents. Excusez moi je suis un newbie. Mais voila le rapport de spybot apres 2 tentatives

Merci d'avance a tous et si marie et regis59 pouvaient s'ajouter je crois qu'on irait plus vite , ils me semblent bcp experimenter avec smitfraud selon ce que j'ai pu voir sur le forum. Anyway merci a tous.


:--- Search result list ---
Smitfraud-C.: [SBI $10577975] R間lages Autorun (Valeur du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\some

Smitfraud-C.: [SBI $8F732AAF] R間lages Autorun (Valeur du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\start

Zlob.ImageActiveXObject: [SBI $BDBC49C1] Browser helper object (Cl?du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}

Zlob.ImageActiveXObject: [SBI $BDBC49C1] Class ID (Cl?du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}

AdRevolver: [SBI $4CDCC3D5] Cookie traceur (Firefox: default) (Cookie, fixed)


DoubleClick: [SBI $4CDCC3D5] Cookie traceur (Firefox: default) (Cookie, fixed)


Tradedoubler: [SBI $4CDCC3D5] Cookie traceur (Firefox: default) (Cookie, fixed)


Tradedoubler: [SBI $4CDCC3D5] Cookie traceur (Firefox: default) (Cookie, fixed)


AdRevolver: [SBI $4CDCC3D5] Cookie traceur (Firefox: default) (Cookie, fixed)


AdRevolver: [SBI $4CDCC3D5] Cookie traceur (Firefox: default) (Cookie, fixed)


AdRevolver: [SBI $4CDCC3D5] Cookie traceur (Firefox: default) (Cookie, fixed)


AdRevolver: [SBI $4CDCC3D5] Cookie traceur (Firefox: default) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-10-29 unins000.exe (51.46.0.0)
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-10-24 Includes\Revision.sbi (*)
2007-10-24 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-10-24 Includes\Malware.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-10-24 Includes\Spybots.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-10-24 Includes\Trojans.sbi (*)
2007-10-24 Includes\DialerC.sbi (*)
2007-10-24 Includes\HijackersC.sbi (*)
2007-10-24 Includes\KeyloggersC.sbi (*)
2007-10-24 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPSC.sbi (*)
2007-10-24 Includes\SecurityC.sbi (*)
2007-10-24 Includes\SpybotsC.sbi (*)
2007-10-24 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Microsoft .NET Framework 2.0: This Hotfix is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Hotfix will be uninstalled automatically. \n
For more information, visit https://support.microsoft.com/en-us/help/922981
/ Microsoft .NET Framework 2.0: This Hotfix is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Hotfix will be uninstalled automatically. \n
For more information, visit https://support.microsoft.com/en-us/help/923319
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit https://support.microsoft.com/en-us/help/928365/description-of-the-security-update-for-the-net-framework-2-0-for-windo
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11
0
Réponse 3 / 3
golk52 Messages postés 3 Date d'inscription dimanche 28 octobre 2007 Statut Membre Dernière intervention 29 octobre 2007
29 oct. 2007 à 06:37
Slvp je rajoute le rapport du scan effectue avec panda avant celui donne par spybot , si cela peut etre utile :


Scan details
High danger level (0)
Medium danger level (3)
Trj/Dropper.WF Virus
Latent
Hide + Info
C:\WINDOWS\快速关机(Ctrl+Alt+End).exe
Adware/PC-Prot Adware
Active
Hide + Info
C:\Program Files\Video Add-on\ICTUN.EXE
C:\PROGRAM FILES\VIDEO ADD-ON\ISFMDL.DLL
C:\PROGRAM FILES\VIDEO ADD-ON\ICMNTR.EXE
spyware/shopna... Spyware
Latent
Show + Info
hkey_classes_root\searchhook.srchhook
HKEY_LOCAL_MACHINE\softwa...D-11D2-AA90-000000000000}
hkey_classes_root\searchhook.srchhook.1
hkey_classes_root\clsid\{...d-11d2-aa90-000000000000}
Low danger level (24)
Application/Wi... Tracking Application
Latent
Hide + Info
C:\Program Files\WinSpyControl\RPT.DLL
Generic Malwar... Virus
Latent
Hide + Info
C:\WINDOWS\SYSTEM32\DRIVERS\FMTR.SYS
C:\Program Files\WinSpyControl\FMTR.SYS
Cookie/Doublec... Tracking Cookie
Latent
Hide + Info
C:\Documents and Settings...ES.TXT[.doubleclick.net/]
Cookie/Bluestr... Tracking Cookie
Latent
Hide + Info
C:\Documents and Settings...IES.TXT[.bluestreak.com/]
Application/Su... Tracking Application
Latent
Hide + Info
C:\Ghost\QuickReboot.exe
Generic Malwar... Virus
Active
Hide + Info
C:\PROGRAM FILES\WINSPYCONTROL\TOOLS\PG.DLL
Generic Malwar... Virus
Latent
Hide + Info
C:\Program Files\WinSpyControl\SCNKRNL.DLL
Generic Malwar... Virus
Latent
Hide + Info
Not disinfectable
C:\System Volume Informat...E[GreenBrowserUpdate.exe]
C:\Program Files\GreenBro...ce\GreenBrowserUpdate.exe
Cookie/Atlas D... Tracking Cookie
Latent
Hide + Info
C:\Documents and Settings...\COOKIES.TXT[.atdmt.com/]
Cookie/Adrevol... Tracking Cookie
Latent
Hide + Info
C:\Documents and Settings...IES.TXT[.adrevolver.com/]
Cookie/Adverti... Tracking Cookie
Latent
Hide + Info
C:\Documents and Settings...ES.TXT[.advertising.com/]
Generic Malwar... Virus
Latent
Hide + Info
C:\Program Files\WinSpyControl\Restart.exe
Generic Malwar... Virus
Latent
Hide + Info
C:\Program Files\WinSpyControl\FOPNL.DLL
Application/An... Tracking Application
Latent
Hide + Info
Not disinfectable
C:\Documents and Settings...01[AntiSpygolden 5.1.exe]
C:\Documents and Settings...xe[AntiSpygolden 5.1.exe]
Generic Malwar... Virus
Latent
Hide + Info
C:\Program Files\WinSpyControl\RTasks.exe
Cookie/Tradedo... Tracking Cookie
Latent
Hide + Info
C:\Documents and Settings...S.TXT[.tradedoubler.com/]
Cookie/Weboram... Tracking Cookie
Latent
Hide + Info
C:\Documents and Settings...OOKIES.TXT[.weborama.fr/]
Cookie/Serving... Tracking Cookie
Latent
Hide + Info
C:\Documents and Settings...ES.TXT[.serving-sys.com/]
Cookie/Smartad... Tracking Cookie
Latent
Hide + Info
C:\Documents and Settings....TXT[.smartadserver.com/]
Cookie/Serving... Tracking Cookie
Latent
Hide + Info
C:\Documents and Settings...TXT[.bs.serving-sys.com/]
Adware/Borland... Adware
Latent
Hide + Info
C:\Program Files\Ringz St...\Storm Codec\STORMUPD.DLL
Adware/BaiduBa... Adware
Latent
Hide + Info
C:\WINDOWS\SYSTEM32\HOTUNIST.EXE
Cookie/Xiti Tracking Cookie
Latent
Hide + Info
C:\Documents and Settings...t\COOKIES.TXT[.xiti.com/]
adware/keenval... Adware
Latent
Hide + Info
HKEY_CLASSES_ROOT\Interfa...3-11d2-aa8e-000000000000}
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Virus détecté
Koony -
MisteryBean -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses