Sujet Précédent Sujet Suivant

Infection par Xor-encoded.A et autres...

mimille1978 -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

Mon ordi semble infecté par plusieurs "choses" dont Xor-encoded.A, voici le rapport de Activescan 2.0. Après avoir vu ça pouvez-vous me dire si vous pouvez m'aider ?

Merci beaucoup !!!!!

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-07 02:01:34
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 9
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.3903.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\marie@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@fastclick[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@mediaplex[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@xiti[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\marie@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@apmebf[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@weborama[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@media.adrevolver[3].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@overture[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\marie@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@bluestreak[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\marie@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@adrevolver[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\marie@adultfriendfinder[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@smartadserver[2].txt
02990320 Application/BoontyGames HackTools No 0 Yes No C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
03009106 W32/Xor-encoded.A Virus No 0 No No C:\Users\marie\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0ad165c4\Report.cab[tuvvTNhe.dll.xor]
03281648 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\Program Files\Dress Shop Hop\Uninstall.exe
03600161 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\marie\AppData\Local\Temp\fkpbrmmn.dll
03600161 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\marie\AppData\Local\Temp\vdkxprao.dll
03600564 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\marie\AppData\Local\Temp\opnkKaXn.dll
03600564 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\marie\AppData\Local\Temp\tuvWomNh.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location �+YR@�Ms5
;===================================================================================================================================================================================
No C:\Users\marie\AppData\Local\Temp\koywaidj.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\blbbfjey.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\geBuRKcA.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\hlgrftym.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\jkkIYrOI.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\khFUKbaX.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\koywaidj.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\oPIcyaxY.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\tbsfyytq.dll �+YR@�Ms5
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �+YR@�Ms5
;===================================================================================================================================================================================
;===================================================================================================================================================================================

43 réponses

Précédent
Réponse 21 / 43
mimille1978
 
je te remercie pour ces nouveaux tuyaux, je crois qu'antivir n'a pas trouvé de virus, je n'a rien trouvé à supprimer :

AntiVir PersonalEdition Classic
Report file date: dimanche 7 septembre 2008 22:42

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: PC-DE-MARIE

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 7 septembre 2008 22:42

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'WMIADAP.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned
Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'TosBtHid.exe' - '1' Module(s) have been scanned
Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'PCSuite.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'ACEngSvr.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'V0220Mon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'BatteryLife.exe' - '1' Module(s) have been scanned
Scan process 'ACMON.exe' - '1' Module(s) have been scanned
Scan process 'wcourier.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD2.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
Scan process 'ALU.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TosBtSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ASLDRSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
87 processes with 87 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '14' files ).

Starting the file scan:

Begin scan in 'C:\' <VistaOS>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DATA>

End of the scan: dimanche 7 septembre 2008 23:35
Used time: 53:07 min

The scan has been done completely.

17226 Scanning directories
213573 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
213573 Files not concerned
1493 Archives were scanned
2 Warnings
0 Notes
0
Réponse 22 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Et avec Windows Defender ?
0
Réponse 23 / 43
mimille1978
 
Hello !

il n'a rien trouvé !
0
Réponse 24 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Pardon, je parlais Activescan 2.0.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 43
mimille1978
 
L'analyse est bloquée à 88% et il y a déjà 40 fichiers infectés.
0
Réponse 26 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Tu ne peux pas poster le rapport ?
0
Réponse 27 / 43
mimille1978
 
nan je relance le scan qui a planté.
0
Réponse 28 / 43
mimille1978
 
encore bloqué à 88%. ça peut venir du fichier scanné ? C:\Users\marie\Desktop\Co...882R2FWJFW\pv.cfexe
0
Réponse 29 / 43
mimille1978
 
je peux faire plutôt une analyse rapide ?
0
Réponse 30 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Oui si tu veux.
0
Réponse 31 / 43
mimille1978
 
là le scan reste bloqué à 100% sans accès à un rapport avec 19 fichiers infectés.
0
Réponse 32 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Comment faire si je n'ai pas le rapport.
0
Réponse 33 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

Tu es infecté par Vundo aussi.

---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
-1
Réponse 34 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ce n'est pas le bon scan.
-1
Réponse 35 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Fais un scan rapide avec MalwareByte's Anti-Malware, supprime tout ce qu'il trouve et poste le rapport.

Pour télécharger MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
-1
Réponse 36 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance MBAM, va dans Quarantaine et supprime tout

---> Désactive l'UAC le temps de la désinfection :
https://www.zebulon.fr/astuces/pratique/220-desactiver-l-uac-dans-vista.html

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
-1
Réponse 37 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Par contre, je dois te laisser.
-1
Réponse 38 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
-1
Réponse 39 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Regarde en bas de la page dans le lien suivant :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
-1
Réponse 40 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Mince.

Désinstalle et réinstalle ta clé wifi.
-1

Discussions similaires

a XOR b XOR c
capa57 -
capa57 -

2 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
Virus non détecté par mon anti-virus ?
F2L -
cabrier -

12 réponses
Infection par 007guard
Sofia37 -
Sofia37 -

13 réponses
infection par autorun.inf
RABDO -
Utilisateur anonyme -

56 réponses