Sujet Précédent Sujet Suivant

Virus "NstkYou have a security problem !&quot

Fermé
gonzi05 Messages postés 1 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 10 février 2009 - 10 févr. 2009 à 15:25
Mmsl35_ Messages postés 1804 Date d'inscription dimanche 13 juillet 2008 Statut Membre Dernière intervention 23 novembre 2016 - 15 mars 2009 à 01:08
Bonjour,

J'ai ce problème de virus "NstkYou have a security problem !" et impossible de le supprimer ... Pouvez vous m'aider svp ? Merci d'avance.

Voici le rapport HijackThis associé :

=================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:18, on 10/02/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\SYS\WINDOWS\System32\smss.exe
C:\SYS\WINDOWS\system32\csrss.exe
C:\SYS\WINDOWS\system32\winlogon.exe
C:\SYS\WINDOWS\system32\services.exe
C:\SYS\WINDOWS\system32\lsass.exe
C:\SYS\WINDOWS\System32\SCardSvr.exe
C:\SYS\WINDOWS\system32\ibmpmsvc.exe
C:\SYS\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\SYS\WINDOWS\system32\svchost.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\SYS\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\NavNT\Symantec AntiVirus\DefWatch.exe
C:\SYS\WINDOWS\system32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
C:\Program Files\NavNT\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\sys\PSA\PsaSce1.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\sys\psa\pv3agcg.exe
c:\sys\psa\pv3enumservice.exe
C:\SYS\WINDOWS\system32\regsvc.exe
c:\sys\psa\PV3StPrcs.exe
C:\SYS\WINDOWS\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\NavNT\Symantec AntiVirus\Rtvscan.exe
C:\SYS\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\NavNT\Symantec Client Firewall\SymSPort.exe
c:\sys\psa\pv3ag6.exe
C:\SYS\WINDOWS\Explorer.EXE
C:\SYS\WINDOWS\system32\tp4mon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\SYS\WINDOWS\system32\igfxtray.exe
C:\SYS\WINDOWS\system32\hkcmd.exe
C:\SYS\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NavNT\SYMANT~2\VPTray.exe
C:\SYS\WINDOWS\system32\pv3agie.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\SYS\WINDOWS\system32\RunDll32.exe
C:\SYS\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\AVENCIS\SSOX\watcher.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
C:\Program Files\Common Files\XCPCSync.OEM\Lotus.211.101\Translators\LtNts4\NtsAgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\SYS\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\IBM\Sametime Connect\sametime.exe
C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\DOCUME~1\j558867\LOCALS~1\Temp\systeminit.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\LOTUS\NOTES\NLNOTES.EXE
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientMgr.exe
C:\Program Files\LOTUS\NOTES\ntaskldr.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MsOffice\OFFICE11\POWERPNT.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\SYS\WINDOWS\system32\NOTEPAD.EXE
C:\SYS\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\j558867\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portail.inetpsa.com/poe/html/static/Accueil.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portail.inetpsa.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PSA Peugeot - Citroën
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://c:\sys\windows\proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = internet.inetpsa.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.inetpsa.com;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSOX BHO - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\Program Files\AVENCIS\SSOX\ssoxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\SYS\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: InfoPoste - {9ABC1666-7F12-48F4-BEA4-50B7162945A4} - C:\Program Files\InfoPoste\InfoPoste.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\SYS\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\SYS\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\SYS\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PV3MonitorV2] c:\sys\psa\PV3AgCG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [ZInfoPeriph] c:\sys\psa\PV3Wait2InfoPeriph.exe
O4 - HKLM\..\Run: [PSAPI_Prof] c:\sys\psa\prof.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [parampdm] C:\SYS\psa\NetMeetingBUR\parampdm1nt5.exe /Q/S
O4 - HKLM\..\Run: [EasySync Pro - PocketPC] c:\Program Files\Common Files\XCPCSync\Translators\PocketPC\AutoDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
O4 - HKLM\..\Run: [Pshare] wscript.exe "c:\sys\psa\tools\Pshare.vbs"
O4 - HKLM\..\Run: [_SSOX] "C:\Program Files\AVENCIS\SSOX\watcher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IBM Lotus EasySync Pro] C:\Program Files\Common Files\XCPCSync.OEM\Lotus.211.101\Translators\LtNts4\NtsAgnt.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Sametime Connect 7.5] "C:\Program Files\IBM\Sametime Connect\sametime.exe" -noSplash
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [systeminit.exe] C:\DOCUME~1\j558867\LOCALS~1\Temp\systeminit.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MsOffice\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MsOffice\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\SYS\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\SYS\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://portail.inetpsa.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://www-1.ibm.com/qp2.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mailz1.domino.inetpsa.com/iNotes.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://planification.inetpsa.com/base03/objects/pjclient.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab
O16 - DPF: {6544AA0A-A4A4-466E-A467-A53CCF5B2F09} (Pj11fraC Class) - http://planification.inetpsa.com/base03/objects/1036/pjcintl.cab
O16 - DPF: {786B5FEC-72B4-48B5-8601-55AEAA0B871B} (DCUGENPPT.DCUGenerateurPPT) - http://generateur-documents.inetpsa.com/fileadmin/DCUGENPPT.CAB
O16 - DPF: {8A85B428-6392-4012-9DA1-FC042D3B2770} (DCUGENDOC.DCUGenerateur) - http://generateur-documents.inetpsa.com/fileadmin/modules_locaux_pour_generateur/DCUGENDOC.CAB
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://portail.inetpsa.com/http://mailza.domino.inetpsa.com/dwa7W.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = inetpsa.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = inetpsa.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = inetpsa.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\NavNT\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\SYS\WINDOWS\System32\dmadmin.exe
O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\SYS\WINDOWS\system32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\SYS\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\NavNT\Symantec Client Firewall\ISSVC.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
O23 - Service: PsaSce1 - PSA Peugeot Citroën - c:\sys\PSA\PsaSce1.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\NavNT\Symantec AntiVirus\SavRoam.exe
O23 - Service: Inforeseau CISCO (Situation) - Unknown owner - C:\SYS\WINDOWS\Situation.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\NavNT\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\NavNT\Symantec Client Firewall\SymSPort.exe
A voir également:

1 réponse

Réponse 1 / 1
Mmsl35_ Messages postés 1804 Date d'inscription dimanche 13 juillet 2008 Statut Membre Dernière intervention 23 novembre 2016 242
15 mars 2009 à 01:08
salut

Télécharge Zeb-Restore

http://telechargement.zebulon.fr/zeb-restore.html

enregistre ce fichier sur le bureau.

-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
- Coche la case devant : Réinitialiser le Fichier que tu veut toi sa serai le bureau
- Ne coche aucune autre case
-Clique sur Restaurer
-Redémarre ton PC+++

>>>>Infection Lop :

- Désactive ton antivirus.
- Télécharge Lop S&D sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
- Double-clique dessus pour lancer l'installation
- Fais un clic-droit sur le raccourci Lop S&D présent sur ton Bureau et choisis "Exécuter en temps qu'administrateur"
- Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche)
- Patiente jusqu'à la fin du scan
- Poste le rapport généré
- Réactive ton antivirus

Tutoriel pour t’aider : http://www.malekal.com//tutorial_Lop_SD.php

puis refait un rapport hitjackis
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Boîte mail piratée ?
mike the llama -
mike the llama -

4 réponses
Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
Security boot fail lors du démarrage
Steu -
NBK -

4 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse