Infection Agent NJK Trojan

Question

Bonjour à tous,
Voici le probléme que je rencontre:
Trojan-Spy.Win 32 KeyLogger.aa
Agent NJK Trojan
Win 32 Agent bq
Win 32 Adware Virtumonde
____________

J'ai fais le scan avec Spybotsd160,et j'ai vacciné ensuite avec AVG aucune infection et maintenant j'ai HijakThis dont voici le rapport.
Merci de m'aider



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:05, on 18/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\efadqfuf\uxmvahmh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\lphcjduj0ege7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wzerajsx.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - C:\PROGRA~1\ORANGE~1\TOOLBA~2.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {f5c93451-2609-4723-a053-5c19516be1a8} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer255.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [lphcjduj0ege7] C:\WINDOWS\system32\lphcjduj0ege7.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [cfgdscapp] C:\WINDOWS\system32\wzerajsx.exe
O4 - HKCU\..\Run: [DbWebUtil] C:\WINDOWS\system32\lcnypoti.exe
O4 - HKLM\..\Policies\Explorer\Run: [Rhiar30ZUv] C:\Documents and Settings\All Users\Application Data\efadqfuf\uxmvahmh.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: .security
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Alain\LOCALS~1\Temp\cce883.html
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Alain\LOCALS~1\Temp\cce881.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Alain\LOCALS~1\Temp\cce882.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: cfguiproc - {310836A9-5A71-8BB8-3D20-0414D45C292B} - C:\Program Files\pyurhab\cfguiproc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

kduc · Answer

Salut,

Télécharge VundoFix ...
http://www.atribune.org/ccount/click.php?id=4 (par Atribune) sur ton Bureau. 

* Double-clique sur VundoFix.exe afin de le lancer. 
* Clique sur le bouton Scan for Vundo. 
* Lorsque le scan est complété, clique sur le bouton Remove Vundo. 
* Une invite te demandera si tu veux supprimer les fichiers, clique "YES". 
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers. 
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique "OK". 
* Redémarre ton PC. 
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt 

Note : il est possible que VundoFix soit confronté à un fichier qu'il ne 
peut supprimer. 
Si tel est le cas, l'outil se lancera au prochain redémarrage ; il faut 
simplement suivre les instructions ci-haut, à partir de "clique sur le 
bouton Scan for Vundo". 

-------
Télécharge VirtumondeBegone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

* Lance VirtumondeBegone.exe puis, suis les instructions. 
* Une fois son travail terminé, redémarre puis, poste le rapport.

------
Fais un scan avec Malwarebytes Anti-malware ...
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
... et poste le rapport.

PS : pour supprimer les infections, choisis l'option Supprimer la sélection
ou clique sur le bouton Remove Selected (version anglaise) en bas à gauche.

KKOUETTE · Answer

Merci j'exécute

KKOUETTE · Answer

Re, 
Voici le rapport de Virtumundobe...
Ensuite???

[08/18/2008, 20:13:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Alain\Bureau\VirtumundoBeGone.exe" )
[08/18/2008, 20:13:38] - Detected System Information:
[08/18/2008, 20:13:38] -  Windows Version: 5.1.2600, Service Pack 3
[08/18/2008, 20:13:38] -  Current Username: Alain (Admin)
[08/18/2008, 20:13:38] -  Windows is in NORMAL mode.
[08/18/2008, 20:13:38] - Searching for Browser Helper Objects:
[08/18/2008, 20:13:38] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[08/18/2008, 20:13:38] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[08/18/2008, 20:13:38] -  BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/18/2008, 20:13:38] -  BHO 4: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[08/18/2008, 20:13:38] -  BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/18/2008, 20:13:38] -  BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/18/2008, 20:13:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/18/2008, 20:13:38] -  No filename found. Continuing.
[08/18/2008, 20:13:38] -  BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[08/18/2008, 20:13:38] - Finished Searching Browser Helper Objects
[08/18/2008, 20:13:38] - Finishing up...
[08/18/2008, 20:13:38] - Nothing found! Exiting...

escan · Answer

Fait un scan avec eScan Virus cleaner ... il est gratuit durant un mois ...

http://www.escan-ch.com/downloads/escan_virus_cleaner.exe

En mode sans échec et supprime le mode restauration du système de windiows

KKOUETTE · Answer

Bonsoir,
 J'ai fais et que dale, par contre sur le rapport HijackThis j'ai
04- startup: RoketDock.ink=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

Faut-il cocher la case?
Merci

kduc · Answer

...

Ne la coche pas !

Poste les rapports VundoFix et Malwarebytes.

KKOUETTE · Answer

Ok
 par contre, il faut que je recommence Vundo Fix et Malwarebytes.

kduc · Answer

...

ça s'rait bien !

KKOUETTE · Answer

Vundofix, rien quènada
je scan avec malwarebytes .......

KKOUETTE · Answer

Enfin,
j'suis mort 

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 3

00:09:40 19/08/2008
mbam-log-08-19-2008 (00-09-40).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 141376
Temps écoulé: 1 hour(s), 53 minute(s), 31 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
C:\WINDOWS\system32\lphcjduj0ege7.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\blphcjduj0ege7.scr (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER	ypelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Servicesdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcjduj0ege7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Alain\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcjduj0ege7.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcjduj0ege7.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcjduj0ege7.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

leupape · Answer

Bonjours,
Voici le scan, près le nettoyage et redémarage retour à la normal sur le bureauet puis Paf re virus
Merci

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 3

00:09:25 19/08/2008
mbam-log-08-19-2008 (00-09-12).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 141376
Temps écoulé: 1 hour(s), 53 minute(s), 31 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
C:\WINDOWS\system32\lphcjduj0ege7.exe (Trojan.FakeAlert) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\blphcjduj0ege7.scr (Trojan.FakeAlert) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER	ypelib (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Servicesdriv (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcjduj0ege7 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Alain\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Alain\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Alain\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Alain\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\blphcjduj0ege7.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lphcjduj0ege7.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcjduj0ege7.bmp (Trojan.FakeAlert) -> No action taken.

kduc · Answer

Salut leupape,

Le dernier scan posté a été fait "avant nettoyage".

Fais un scan HijackThis ...
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ... et poste le rapport.

leupape · Answer

Bonsoir,
Depuis 48h , toujours pas réussi . J'ai tout essayé
et j'ai toujours les virus et en plus j'ai maintenant ANTI VIRUS 2008 qui s'affiche à chaque démarage
Merci pour l'aide
88888888888888888

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1070
Windows 5.1.2600 Service Pack 3

16:57:40 19/08/2008
mbam-log-08-19-2008 (16-57-15).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 142458
Temps écoulé: 2 hour(s), 41 minute(s), 24 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
C:\WINDOWS\system32\lphcjduj0ege7.exe (Trojan.FakeAlert) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\blphcjduj0ege7.scr (Trojan.FakeAlert) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcjduj0ege7 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Alain\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Alain\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\blphcjduj0ege7.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lphcjduj0ege7.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcjduj0ege7.bmp (Trojan.FakeAlert) -> No action taken.

[08/19/2008, 11:24:46] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Alain\Bureau\VirtumundoBeGone.exe" )
[08/19/2008, 11:24:54] - Detected System Information:
[08/19/2008, 11:24:54] -  Windows Version: 5.1.2600, Service Pack 3
[08/19/2008, 11:24:54] -  Current Username: Alain (Admin)
[08/19/2008, 11:24:54] -  Windows is in NORMAL mode.
[08/19/2008, 11:24:54] - Searching for Browser Helper Objects:
[08/19/2008, 11:24:54] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[08/19/2008, 11:24:54] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[08/19/2008, 11:24:54] -  BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/19/2008, 11:24:54] -  BHO 4: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[08/19/2008, 11:24:54] -  BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/19/2008, 11:24:54] -  BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/19/2008, 11:24:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/19/2008, 11:24:54] -  No filename found. Continuing.
[08/19/2008, 11:24:54] -  BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[08/19/2008, 11:24:54] - Finished Searching Browser Helper Objects
[08/19/2008, 11:24:54] - Finishing up...
[08/19/2008, 11:24:54] - Nothing found! Exiting...

[08/19/2008, 11:26:33] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Alain\Bureau\VirtumundoBeGone.exe" )
[08/19/2008, 11:26:35] - User choose NOT to continue. Exiting...

[08/19/2008, 11:26:48] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Alain\Bureau\VirtumundoBeGone.exe" )
[08/19/2008, 11:26:50] - Detected System Information:
[08/19/2008, 11:26:50] -  Windows Version: 5.1.2600, Service Pack 3
[08/19/2008, 11:26:50] -  Current Username: Alain (Admin)
[08/19/2008, 11:26:50] -  Windows is in NORMAL mode.
[08/19/2008, 11:26:50] - Searching for Browser Helper Objects:
[08/19/2008, 11:26:50] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[08/19/2008, 11:26:50] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[08/19/2008, 11:26:50] -  BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/19/2008, 11:26:50] -  BHO 4: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[08/19/2008, 11:26:50] -  BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/19/2008, 11:26:50] -  BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/19/2008, 11:26:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/19/2008, 11:26:50] -  No filename found. Continuing.
[08/19/2008, 11:26:50] -  BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[08/19/2008, 11:26:50] - Finished Searching Browser Helper Objects
[08/19/2008, 11:26:50] - Finishing up...
[08/19/2008, 11:26:50] - Nothing found! Exiting...

kduc · Answer

...

Reposte un rapport HijackThis, stp.

KKOUETTE · Answer

Bonjours,
Après plusieurs manips j'ai désinstallé Spybot, hytjackthis ainsi que Malwarebytes et ensuite j'ai passé Ccleaner, j'ai télécharger avec mise a jours deMWB et Scan.
Redemarage et analyse avec TunUP ;Vérification système du fichier sur C: NTFS.
Bingo, tout à l'air de fonctionner.
Merci à tous pour les conseils.
PS: Virus XP 2008

Infection Agent NJK Trojan

15 réponses

Votre réponse

Discussions similaires

Newsletters