Sujet Précédent Sujet Suivant

Au secours Trojano-1165

Fermé
Ptitlouis5 - 7 nov. 2007 à 18:29
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 11 nov. 2007 à 23:10
Bonjour,
Suis infecté par trojano-1165 dont je n'arrive pas à me débarasser (ad aware, cccleaner, spybot...)
Si quelqu'un pouvait jeter un oeil à mon log ci-dessous, merci d'avance ! :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:39, on 07/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\alg.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ReSchedHPSU.lnk = C:\hp\bin\CLOAKER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00F8D21.dat
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

10 réponses

Réponse 1 / 10
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
7 nov. 2007 à 19:45
Salut

# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.

++
0
Réponse 2 / 10
Ptitlouis5
7 nov. 2007 à 23:12
Voilà le rapport :
SmitFraudFix v2.250

Rapport fait à 23:08:45,98, 07/11/2007
Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\alg.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\__c00DE124.dat"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 15.243.128.51
DNS Server Search Order: 15.243.160.51

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{53B24343-B2D3-4BFB-8A71-3AD2B72E11E3}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{53B24343-B2D3-4BFB-8A71-3AD2B72E11E3}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\{53B24343-B2D3-4BFB-8A71-3AD2B72E11E3}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Merci pour cette réponse rapide !
0
Réponse 3 / 10
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
8 nov. 2007 à 10:51
Salut

fais ce qu'il y a indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++
0
Réponse 4 / 10
Ptitlouis5
8 nov. 2007 à 22:39
Bonjour,

Donc pas à pas...

Premier rapport :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 22:26:57 08/11/2007

+ Résultat de l'analyse:



:mozilla.7:C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\ng8lvd3k.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.


Fin du rapport
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
Ptitlouis5
9 nov. 2007 à 00:26
Voilà le résultat de BitDefender :

BitDefender Online Scanner

Scan report generated at: Thu, Nov 08, 2007 - 23:22:25

Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistics

Time 00:43:07

Files 287297

Folders 6476

Boot Sectors 3

Archives 15554

Packed Files 35729

Results

Identified Viruses 12

Infected Files 39

Suspect Files 0

Warnings 0

Disinfected 0

Deleted Files 38







Engines Info

Virus Definitions


860647

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


14

Archive plugins


38

Unpack plugins


7

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\VundoFix Backups\ssqrr.dll.bad


Detected with: Adware.Virtumonde.GGX

C:\VundoFix Backups\ssqrr.dll.bad


Disinfection failed

C:\VundoFix Backups\ssqrr.dll.bad


Deleted

C:\WINDOWS\system32\aewknekb.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\aewknekb.dll


Disinfection failed

C:\WINDOWS\system32\aewknekb.dll


Deleted

C:\WINDOWS\system32\awtst.dll


Infected with: DeepScan:Generic.Virtumod.00BDBDCA

C:\WINDOWS\system32\awtst.dll


Disinfection failed

C:\WINDOWS\system32\awtst.dll


Deleted

C:\WINDOWS\system32\awvtq.dll


Infected with: DeepScan:Generic.Virtumod.25FFC9B7

C:\WINDOWS\system32\awvtq.dll


Disinfection failed

C:\WINDOWS\system32\awvtq.dll


Deleted

C:\WINDOWS\system32\ayudcsnt.dll


Infected with: Trojan.Agent.AFSK

C:\WINDOWS\system32\ayudcsnt.dll


Disinfection failed

C:\WINDOWS\system32\ayudcsnt.dll


Deleted

C:\WINDOWS\system32\bccsmtww.dll


Infected with: Trojan.Agent.AFSK

C:\WINDOWS\system32\bccsmtww.dll


Disinfection failed

C:\WINDOWS\system32\bccsmtww.dll


Deleted

C:\WINDOWS\system32\boiyesai.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\boiyesai.dll


Disinfection failed

C:\WINDOWS\system32\boiyesai.dll


Deleted

C:\WINDOWS\system32\cfgdpjnh.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\cfgdpjnh.dll


Disinfection failed

C:\WINDOWS\system32\cfgdpjnh.dll


Deleted

C:\WINDOWS\system32\ddaba.dll


Infected with: DeepScan:Generic.Virtumod.199508B9

C:\WINDOWS\system32\ddaba.dll


Disinfection failed

C:\WINDOWS\system32\ddaba.dll


Deleted

C:\WINDOWS\system32\ddabb.dll


Infected with: DeepScan:Generic.Virtumod.B92F2260

C:\WINDOWS\system32\ddabb.dll


Disinfection failed

C:\WINDOWS\system32\ddabb.dll


Deleted

C:\WINDOWS\system32\ddccy.dll


Infected with: DeepScan:Generic.Virtumod.4370E5B4

C:\WINDOWS\system32\ddccy.dll


Disinfection failed

C:\WINDOWS\system32\ddccy.dll


Deleted

C:\WINDOWS\system32\ddcyv.dll


Infected with: DeepScan:Generic.Virtumod.4370E5B4

C:\WINDOWS\system32\ddcyv.dll


Disinfection failed

C:\WINDOWS\system32\ddcyv.dll


Deleted

C:\WINDOWS\system32\enubwayk.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\enubwayk.dll


Disinfection failed

C:\WINDOWS\system32\enubwayk.dll


Deleted

C:\WINDOWS\system32\fpnnnhci.dll


Infected with: Trojan.Agent.AFSK

C:\WINDOWS\system32\fpnnnhci.dll


Disinfection failed

C:\WINDOWS\system32\fpnnnhci.dll


Deleted

C:\WINDOWS\system32\gebya.dll


Infected with: DeepScan:Generic.Virtumod.00BDBDCA

C:\WINDOWS\system32\gebya.dll


Disinfection failed

C:\WINDOWS\system32\gebya.dll


Deleted

C:\WINDOWS\system32\geedc.dll


Infected with: DeepScan:Generic.Virtumod.F1B758F8

C:\WINDOWS\system32\geedc.dll


Disinfection failed

C:\WINDOWS\system32\geedc.dll


Deleted

C:\WINDOWS\system32\ihyrjyob.dll


Infected with: Trojan.Agent.AFSK

C:\WINDOWS\system32\ihyrjyob.dll


Disinfection failed

C:\WINDOWS\system32\ihyrjyob.dll


Deleted

C:\WINDOWS\system32\jkhfc.dll


Detected with: Adware.Virtumonde.GGX

C:\WINDOWS\system32\jkhfc.dll


Disinfection failed

C:\WINDOWS\system32\jkhfc.dll


Deleted

C:\WINDOWS\system32\jkkli.dll


Infected with: DeepScan:Generic.Virtumod.101D988B

C:\WINDOWS\system32\jkkli.dll


Disinfection failed

C:\WINDOWS\system32\jkkli.dll


Deleted

C:\WINDOWS\system32\jkklm.dll


Infected with: DeepScan:Generic.Virtumod.101D988B

C:\WINDOWS\system32\jkklm.dll


Disinfection failed

C:\WINDOWS\system32\jkklm.dll


Deleted

C:\WINDOWS\system32\jsfcjtjv.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\jsfcjtjv.dll


Disinfection failed

C:\WINDOWS\system32\jsfcjtjv.dll


Deleted

C:\WINDOWS\system32\latahekr.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\latahekr.dll


Disinfection failed

C:\WINDOWS\system32\latahekr.dll


Deleted

C:\WINDOWS\system32\mxbuvxvw.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\mxbuvxvw.dll


Disinfection failed

C:\WINDOWS\system32\mxbuvxvw.dll


Deleted

C:\WINDOWS\system32\olmlcgrx.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\olmlcgrx.dll


Disinfection failed

C:\WINDOWS\system32\olmlcgrx.dll


Deleted

C:\WINDOWS\system32\peyspyqs.dll


Infected with: Trojan.Agent.AFSK

C:\WINDOWS\system32\peyspyqs.dll


Disinfection failed

C:\WINDOWS\system32\peyspyqs.dll


Deleted

C:\WINDOWS\system32\pmnli.dll


Infected with: DeepScan:Generic.Virtumod.B92F2260

C:\WINDOWS\system32\pmnli.dll


Disinfection failed

C:\WINDOWS\system32\pmnli.dll


Deleted

C:\WINDOWS\system32\pmxpvlai.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\pmxpvlai.dll


Disinfection failed

C:\WINDOWS\system32\pmxpvlai.dll


Deleted

C:\WINDOWS\system32\prwtkkdj.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\prwtkkdj.dll


Disinfection failed

C:\WINDOWS\system32\prwtkkdj.dll


Deleted

C:\WINDOWS\system32\pyfjpqpn.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\pyfjpqpn.dll


Disinfection failed

C:\WINDOWS\system32\pyfjpqpn.dll


Deleted

C:\WINDOWS\system32\qrgtebsb.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\qrgtebsb.dll


Disinfection failed

C:\WINDOWS\system32\qrgtebsb.dll


Deleted

C:\WINDOWS\system32\sehxbhxv.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\sehxbhxv.dll


Disinfection failed

C:\WINDOWS\system32\sehxbhxv.dll


Deleted

C:\WINDOWS\system32\ssqpm.dll


Infected with: Trojan.Vundo.DPY

C:\WINDOWS\system32\ssqpm.dll


Disinfection failed

C:\WINDOWS\system32\ssqpm.dll


Delete failed

C:\WINDOWS\system32\suyjqegn.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\suyjqegn.dll


Disinfection failed

C:\WINDOWS\system32\suyjqegn.dll


Deleted

C:\WINDOWS\system32\ttdsfral.dll


Infected with: Trojan.Agent.AFSK

C:\WINDOWS\system32\ttdsfral.dll


Disinfection failed

C:\WINDOWS\system32\ttdsfral.dll


Deleted

C:\WINDOWS\system32\vaoxqvfv.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\vaoxqvfv.dll


Disinfection failed

C:\WINDOWS\system32\vaoxqvfv.dll


Deleted

C:\WINDOWS\system32\vtutu.dll


Infected with: Trojan.Downloader.Agent.YPO

C:\WINDOWS\system32\vtutu.dll


Deleted

C:\WINDOWS\system32\xjqhfluy.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\xjqhfluy.dll


Disinfection failed

C:\WINDOWS\system32\xjqhfluy.dll


Deleted

C:\WINDOWS\system32\yeclgqly.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\yeclgqly.dll


Disinfection failed

C:\WINDOWS\system32\yeclgqly.dll


Deleted

C:\WINDOWS\system32\yybahjfr.dll


Infected with: Trojan.Vundo.DNW

C:\WINDOWS\system32\yybahjfr.dll


Disinfection failed

C:\WINDOWS\system32\yybahjfr.dll


Deleted
0
Réponse 6 / 10
Ptitlouis5
9 nov. 2007 à 00:32
Et enfin le log de Hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:01, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Services en ligne\AOL\InstallAol.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ReSchedHPSU.lnk = C:\hp\bin\CLOAKER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A991E.dat
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
0
Réponse 7 / 10
Ptitlouis5
9 nov. 2007 à 16:20
A priori les outils ont été efficaces.... Plus rien n'est détecté !
Je crois que BitDefender a fait un gros boulot !

Merci encore pour l'aide....
0
Réponse 8 / 10
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
9 nov. 2007 à 19:36
Salut

une petite verif :

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt poste le stp

++
0
Réponse 9 / 10
Ptitlouis5
10 nov. 2007 à 02:56
Voilà le rapport (Avenger.txt):
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vkquwexg

*******************

Script file located at: \??\C:\ComboFix\ComboDel.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File move operation C:\WINDOWS\system32\__c00A9C90.dat|C:\QooBox\Quarantine\C\WINDOWS\system32\__c00A9C90.dat.vir completed successfully.
File move operation C:\WINDOWS\system32\ssqpm.dll|C:\QooBox\Quarantine\C\WINDOWS\system32\ssqpm.dll.vir completed successfully.


File C:\WINDOWS\system32\__c00A9C90.dat not found!
File move operation C:\WINDOWS\system32\__c00A9C90.dat|C:\QooBox\Quarantine\C\WINDOWS\system32\__c00A9C90.dat.vir failed!

Could not process line:
C:\WINDOWS\system32\__c00A9C90.dat|C:\QooBox\Quarantine\C\WINDOWS\system32\__c00A9C90.dat.vir
Status: 0xc0000034



File C:\WINDOWS\system32\ssqpm.dll not found!
File move operation C:\WINDOWS\system32\ssqpm.dll|C:\QooBox\Quarantine\C\WINDOWS\system32\ssqpm.dll.vir failed!

Could not process line:
C:\WINDOWS\system32\ssqpm.dll|C:\QooBox\Quarantine\C\WINDOWS\system32\ssqpm.dll.vir
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
0
Réponse 10 / 10
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
11 nov. 2007 à 23:10
Salut

euh ! ce n'est pas le rapport demandé ??

++
0