Infection PC
mirek
-
cedric241 Messages postés 3380 Statut Membre -
cedric241 Messages postés 3380 Statut Membre -
Bonjour, une grosse infection de mon PC à mon retour de congé avec une foule de messages d'alertes et de fenêtres publicitaires me prévenant que les ennemis suivants avaient attaqué: NetWorm-i.Virus@fp, Trojan TJ/BZ, Cyberlog-X, last version of PSW.x-Vir, <trojan-Spy.win32@mx, spybot@Mxt trojan, j'en passe et des meilleurs.
J'ai pris les mesures suivantes:1) analyse et désinfection par mon antivirus avast édition familiale qui a mis en quarantaine de nombreux ennemis, 2) utilisation de SpyWare Secure réparation immédiate. L'ensemble des problèmes n'étaient pas réglés; j'ai alors utilisé la méthode préliminaire de désinfection -Version Fr de Kristopher trouvée sur le site "Comment ça marche", à savoir dans l'ordre: 1) suppression des fichiers potentiellement dangereux par nettoyage avec "CCleaner"
2) Scan avec un Anti-Spyware AVG anti-Spyware 3) scan avec un antivirus en ligne: Bitdefender voici le rapport:
BitDefender Online Scanner
Scan report generated at: Mon, Apr 21, 2008 - 10:40:51
Scan path: A:\;C:\;D:\;
Statistics
Time
00:27:52
Files
212409
Folders
5329
Boot Sectors
2
Archives
13730
Packed Files
8874
Results
Identified Viruses
5
Infected Files
14
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
12
Engines Info
Virus Definitions
1168284
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup(2).exe=>(NSIS o)=>lzma_solid_nsis0010
Detected with: Adware.SpywareSecure.B
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup(2).exe=>(NSIS o)=>lzma_solid_nsis0010
Deleted
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup(2).exe=>(NSIS o)
Update failed
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup(3).exe=>(NSIS o)=>lzma_solid_nsis0010
Detected with: Adware.SpywareSecure.B
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup(3).exe=>(NSIS o)=>lzma_solid_nsis0010
Deleted
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup(3).exe=>(NSIS o)
Update failed
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup.exe=>(NSIS o)=>lzma_solid_nsis0010
Detected with: Adware.SpywareSecure.B
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup.exe=>(NSIS o)=>lzma_solid_nsis0010
Deleted
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup.exe=>(NSIS o)
Update failed
C:\Documents and Settings\admin\Local Settings\Temp\zfe1.exe
Infected with: Trojan.Renos.NBW
C:\Documents and Settings\admin\Local Settings\Temp\zfe1.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\KZWAET40\softhomepage[2].htm
Infected with: Trojan.FakeAlert.QP
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\KZWAET40\softhomepage[2].htm
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\KZWAET40\softhomepage[2].htm
Deleted
C:\Program Files\NetProject\sbmdl.dll
Infected with: Trojan.Downloader.Zlob.ABSZ
C:\Program Files\NetProject\sbmdl.dll
Disinfection failed
C:\Program Files\NetProject\sbmdl.dll
Delete failed
C:\Program Files\NetProject\sbmntr.exe
Infected with: Trojan.Downloader.Zlob.ABTB
C:\Program Files\NetProject\sbmntr.exe
Disinfection failed
C:\Program Files\NetProject\sbmntr.exe
Delete failed
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP146\A0008276.exe=>(NSIS o)
Detected with: Adware.SpywareSecure.B
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP146\A0008276.exe=>(NSIS o)
Deleted
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP146\A0008276.exe
Update failed
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008700.dll
Infected with: Trojan.Downloader.Zlob.ABSZ
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008700.dll
Disinfection failed
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008700.dll
Deleted
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008714.dll
Infected with: Trojan.Downloader.Zlob.ABSZ
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008714.dll
Disinfection failed
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008714.dll
Deleted
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008811.dll
Infected with: Trojan.Downloader.Zlob.ABSZ
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008811.dll
Disinfection failed
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008811.dll
Deleted
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008825.dll
Infected with: Trojan.Downloader.Zlob.ABSZ
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008825.dll
Disinfection failed
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008825.dll
Deleted
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP160\A0009032.dll
Infected with: Trojan.Downloader.Zlob.ABSZ
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP160\A0009032.dll
Disinfection failed
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP160\A0009032.dll
Deleted
C:\WINDOWS\system32\bubbj.dll
Infected with: Trojan.Renos.NBW
C:\WINDOWS\system32\bubbj.dll
Deleted
Un autre élément de rapport de Bitdefender:
BitDefender Online Scanner - Real Time Virus Report
Generated at: Mon, Apr 21, 2008 - 10:49:00
________________________________________
Scan Info
Scanned Files 218976
Infected Files 14
Virus Detected
Trojan.Downloader.Zlob.ABTB 1
Adware.SpywareSecure.B 4
Trojan.Renos.NBW 2
Trojan.Downloader.Zlob.ABSZ 6
Trojan.FakeAlert.QP 1
________________________________________
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
4) Exécution d'HijackThis; voici le rapport: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:09, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetProject\sbmntr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8897 bytes
J'en suis donc au 5): AVIS D'UN EXPERT et c'est pourquoi je vous écris.
Comme demandé par Kristopher, je vous ai joint les différents rapports générés
Par avance, merci de votre précieuse aide.
J'ai pris les mesures suivantes:1) analyse et désinfection par mon antivirus avast édition familiale qui a mis en quarantaine de nombreux ennemis, 2) utilisation de SpyWare Secure réparation immédiate. L'ensemble des problèmes n'étaient pas réglés; j'ai alors utilisé la méthode préliminaire de désinfection -Version Fr de Kristopher trouvée sur le site "Comment ça marche", à savoir dans l'ordre: 1) suppression des fichiers potentiellement dangereux par nettoyage avec "CCleaner"
2) Scan avec un Anti-Spyware AVG anti-Spyware 3) scan avec un antivirus en ligne: Bitdefender voici le rapport:
BitDefender Online Scanner
Scan report generated at: Mon, Apr 21, 2008 - 10:40:51
Scan path: A:\;C:\;D:\;
Statistics
Time
00:27:52
Files
212409
Folders
5329
Boot Sectors
2
Archives
13730
Packed Files
8874
Results
Identified Viruses
5
Infected Files
14
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
12
Engines Info
Virus Definitions
1168284
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup(2).exe=>(NSIS o)=>lzma_solid_nsis0010
Detected with: Adware.SpywareSecure.B
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup(2).exe=>(NSIS o)=>lzma_solid_nsis0010
Deleted
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup(2).exe=>(NSIS o)
Update failed
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup(3).exe=>(NSIS o)=>lzma_solid_nsis0010
Detected with: Adware.SpywareSecure.B
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup(3).exe=>(NSIS o)=>lzma_solid_nsis0010
Deleted
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup(3).exe=>(NSIS o)
Update failed
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup.exe=>(NSIS o)=>lzma_solid_nsis0010
Detected with: Adware.SpywareSecure.B
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup.exe=>(NSIS o)=>lzma_solid_nsis0010
Deleted
C:\Documents and Settings\admin\Bureau\SpywareSecure_repaironce_setup.exe=>(NSIS o)
Update failed
C:\Documents and Settings\admin\Local Settings\Temp\zfe1.exe
Infected with: Trojan.Renos.NBW
C:\Documents and Settings\admin\Local Settings\Temp\zfe1.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\KZWAET40\softhomepage[2].htm
Infected with: Trojan.FakeAlert.QP
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\KZWAET40\softhomepage[2].htm
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\KZWAET40\softhomepage[2].htm
Deleted
C:\Program Files\NetProject\sbmdl.dll
Infected with: Trojan.Downloader.Zlob.ABSZ
C:\Program Files\NetProject\sbmdl.dll
Disinfection failed
C:\Program Files\NetProject\sbmdl.dll
Delete failed
C:\Program Files\NetProject\sbmntr.exe
Infected with: Trojan.Downloader.Zlob.ABTB
C:\Program Files\NetProject\sbmntr.exe
Disinfection failed
C:\Program Files\NetProject\sbmntr.exe
Delete failed
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP146\A0008276.exe=>(NSIS o)
Detected with: Adware.SpywareSecure.B
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP146\A0008276.exe=>(NSIS o)
Deleted
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP146\A0008276.exe
Update failed
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008700.dll
Infected with: Trojan.Downloader.Zlob.ABSZ
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008700.dll
Disinfection failed
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008700.dll
Deleted
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008714.dll
Infected with: Trojan.Downloader.Zlob.ABSZ
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008714.dll
Disinfection failed
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008714.dll
Deleted
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008811.dll
Infected with: Trojan.Downloader.Zlob.ABSZ
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008811.dll
Disinfection failed
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008811.dll
Deleted
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008825.dll
Infected with: Trojan.Downloader.Zlob.ABSZ
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008825.dll
Disinfection failed
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP159\A0008825.dll
Deleted
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP160\A0009032.dll
Infected with: Trojan.Downloader.Zlob.ABSZ
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP160\A0009032.dll
Disinfection failed
C:\System Volume Information\_restore{45996B65-8989-4FA9-8966-A265BFB34301}\RP160\A0009032.dll
Deleted
C:\WINDOWS\system32\bubbj.dll
Infected with: Trojan.Renos.NBW
C:\WINDOWS\system32\bubbj.dll
Deleted
Un autre élément de rapport de Bitdefender:
BitDefender Online Scanner - Real Time Virus Report
Generated at: Mon, Apr 21, 2008 - 10:49:00
________________________________________
Scan Info
Scanned Files 218976
Infected Files 14
Virus Detected
Trojan.Downloader.Zlob.ABTB 1
Adware.SpywareSecure.B 4
Trojan.Renos.NBW 2
Trojan.Downloader.Zlob.ABSZ 6
Trojan.FakeAlert.QP 1
________________________________________
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
4) Exécution d'HijackThis; voici le rapport: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:09, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetProject\sbmntr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8897 bytes
J'en suis donc au 5): AVIS D'UN EXPERT et c'est pourquoi je vous écris.
Comme demandé par Kristopher, je vous ai joint les différents rapports générés
Par avance, merci de votre précieuse aide.
Configuration: Windows XP Internet Explorer 6.0
A voir également:
- Infection PC
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Reinitialiser pc - Guide
- Forcer demarrage pc - Guide
- Temperature pc - Guide
- Pc lent - Guide
1 réponse
ok va dans panneau de configuration
ajout et suppression de programmes
et désinstal spyware secure si il y est encore
ensuite supprime ces lignes hijackthis :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
pour les supprimer tu les coches ensuite tu clic sur fix checked
apres ta version de internet n est pas a jours (faille de sécurité) telecharge et instal la version 7
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
Apres installation redémarre le pc
puis fais ça :
Préalable
• Vider la corbeille
• Fermer toutes les applications
================NAVILOG====================
Télécharge ceci http://il.mafioso.pagesperso-orange.fr/Navifix/download.htm
prend navilog1.exe
Choisir option 1 uniquement
Ensuite suit ce tutorial : http://mickael.barroux.free.fr/securite/navilog.php
Et enfin post le rapport du scan navilog
ajout et suppression de programmes
et désinstal spyware secure si il y est encore
ensuite supprime ces lignes hijackthis :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
pour les supprimer tu les coches ensuite tu clic sur fix checked
apres ta version de internet n est pas a jours (faille de sécurité) telecharge et instal la version 7
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
Apres installation redémarre le pc
puis fais ça :
Préalable
• Vider la corbeille
• Fermer toutes les applications
================NAVILOG====================
Télécharge ceci http://il.mafioso.pagesperso-orange.fr/Navifix/download.htm
prend navilog1.exe
Choisir option 1 uniquement
Ensuite suit ce tutorial : http://mickael.barroux.free.fr/securite/navilog.php
Et enfin post le rapport du scan navilog
