virus trojan Fermé

Question

Bonjour,
j'ai un virus: win32.banker.fstrojan.spyagent.da.Comment faire pour m'en debarrasser. J'ai fait hijackthis pour un rapport que je met avec, quoi faire:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:04, on 18/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\odb.exe
C:\WINDOWS\runsql.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\sv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\svzip.exe
C:\WINDOWS\svhoster.exe
C:\WINDOWS\vlc.exe
C:\WINDOWS\wdmon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\svx.exe
C:\WINDOWS\svw.exe
C:\WINDOWS\svc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = France Télécom Câble
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [odb] C:\WINDOWS\odb.exe
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\aaaamonn.exe
O4 - HKLM\..\Run: [runsql] C:\WINDOWS\runsql.exe
O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe
O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe
O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe
O4 - HKLM\..\Run: [vlc] C:\WINDOWS\vlc.exe
O4 - HKLM\..\Run: [wdmon] C:\WINDOWS\wdmon.exe
O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe
O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe
O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\aaaamonn.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\aaaamonn.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\aaaamonn.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{326EE20A-CE4A-430D-B536-30ED23AF6678}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F1FC647-A3E8-4677-91BE-1F2CACE6D885}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.8
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\wndutl32.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\system32\dmder.exe (file missing)

totobetourne · Answer

bonjour

des saletes tu as.

1)on va passer cela et voir si il en reste (surement)
passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm 
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.

garde le et lance un scan tout les mois comme indique.

si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.





2)refais un rapport hijack et colle le.

frede · Answer

j'ai rien d'autre a faire? pas a cocher des trucs dans hijackthis? je fais comment mode sans echec?

totobetourne · Answer

attend je me suis trompe car il y a une autre infection que je n avais pas vu.pour l instant ne coche a rien.

passe cela.
Télécharge SmitfraudFix
Utilitaire de S!Ri: Moe et balltrap34
http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.


Exécute le en choisissant l’option 5,
il va générer un rapport
Copie/colle le sur le poste stp.

frede · Answer

ça me met que je suis victime d'un detournement alors j'ai mis "non" ai je bien fait

frede · Answer

voila le rapport
SmitFraudFix v2.387

Rapport fait à 17:14:19,37, 18/12/2008
Executé à partir de C:\Documents and Settings\Utilisateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix

Description: Carte Fast Ethernet PCI de base SiS 900 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 89.2.0.1
DNS Server Search Order: 89.2.0.2

Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

Description: Carte Fast Ethernet PCI de base SiS 900 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.114.51
DNS Server Search Order: 85.255.112.8

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0A9FC692-E365-4E49-809C-5E4E530A4066}: DhcpNameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{326EE20A-CE4A-430D-B536-30ED23AF6678}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{326EE20A-CE4A-430D-B536-30ED23AF6678}: NameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3F1FC647-A3E8-4677-91BE-1F2CACE6D885}: DhcpNameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3F1FC647-A3E8-4677-91BE-1F2CACE6D885}: NameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BC8B5808-D00D-4E96-A885-C0E3CD92A28C}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0A9FC692-E365-4E49-809C-5E4E530A4066}: DhcpNameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{326EE20A-CE4A-430D-B536-30ED23AF6678}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS1\Services\Tcpip\..\{326EE20A-CE4A-430D-B536-30ED23AF6678}: NameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3F1FC647-A3E8-4677-91BE-1F2CACE6D885}: DhcpNameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3F1FC647-A3E8-4677-91BE-1F2CACE6D885}: NameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BC8B5808-D00D-4E96-A885-C0E3CD92A28C}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0A9FC692-E365-4E49-809C-5E4E530A4066}: DhcpNameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{326EE20A-CE4A-430D-B536-30ED23AF6678}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\..\{326EE20A-CE4A-430D-B536-30ED23AF6678}: NameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3F1FC647-A3E8-4677-91BE-1F2CACE6D885}: DhcpNameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3F1FC647-A3E8-4677-91BE-1F2CACE6D885}: NameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BC8B5808-D00D-4E96-A885-C0E3CD92A28C}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.114.51 85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.114.51 85.255.112.8
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.114.51 85.255.112.8

»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix

Description: Carte Fast Ethernet PCI de base SiS 900 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 89.2.0.1
DNS Server Search Order: 89.2.0.2

Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

Description: Carte Fast Ethernet PCI de base SiS 900 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.114.51
DNS Server Search Order: 85.255.112.8

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0A9FC692-E365-4E49-809C-5E4E530A4066}: DhcpNameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{326EE20A-CE4A-430D-B536-30ED23AF6678}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{326EE20A-CE4A-430D-B536-30ED23AF6678}: NameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3F1FC647-A3E8-4677-91BE-1F2CACE6D885}: DhcpNameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3F1FC647-A3E8-4677-91BE-1F2CACE6D885}: NameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BC8B5808-D00D-4E96-A885-C0E3CD92A28C}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0A9FC692-E365-4E49-809C-5E4E530A4066}: DhcpNameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{326EE20A-CE4A-430D-B536-30ED23AF6678}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS1\Services\Tcpip\..\{326EE20A-CE4A-430D-B536-30ED23AF6678}: NameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3F1FC647-A3E8-4677-91BE-1F2CACE6D885}: DhcpNameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3F1FC647-A3E8-4677-91BE-1F2CACE6D885}: NameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BC8B5808-D00D-4E96-A885-C0E3CD92A28C}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0A9FC692-E365-4E49-809C-5E4E530A4066}: DhcpNameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{326EE20A-CE4A-430D-B536-30ED23AF6678}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\..\{326EE20A-CE4A-430D-B536-30ED23AF6678}: NameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3F1FC647-A3E8-4677-91BE-1F2CACE6D885}: DhcpNameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3F1FC647-A3E8-4677-91BE-1F2CACE6D885}: NameServer=85.255.114.51,85.255.112.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BC8B5808-D00D-4E96-A885-C0E3CD92A28C}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.114.51 85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.114.51 85.255.112.8
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.114.51 85.255.112.8

frede · Answer

y a t il un informaticien pour m'aider?

frede · Answer

svp

totobetourne · Answer

oui tu es victime d un detournement de dns.
fais le necessaire et refais moi un autre rapport smitfraud puis un hijack.

Virus trojan

8 réponses

Discussions similaires