High-Tech Santé Médecine Droit-Finances

Réalisation

vidéo numérique

Rechercher : dans
Par :

Trojan rapport hijackthis

Dernière réponse le 3 fév 2008 à 16:51:33 lonijova, le 30 jan 2008 à 13:05:42 
 Signaler ce message aux modérateurs

Bonjour,
ça fait des jours que je suis la dessus, j'ai télécharger, msnfix, sdfix, et tout et tout, mais rien ni fait.
voici mon rapport hijackthis.
merci de bien vouloir m'aider.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:00, on 30/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
I:\Program Files\Securitoo\av_fw\fswsclds.exe
I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\alg.exe
I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
I:\PROGRA~1\MESSAG~1\StartMessager.exe
I:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\MSN Messenger\msnmsgr.exe
I:\Program Files\OpenOffice.org 2.2\program\soffice.exe
I:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
I:\Program Files\MSN Messenger\usnsvc.exe
I:\Program Files\RegCleaner\RegCleanr.exe
I:\Program Files\RegCleaner\RegCleanr.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\system32\wbem\wmiprvse.exe
I:\Documents and Settings\Jean-Michel\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] I:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [Microsoft Works Update Detection] I:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "I:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 2.2.lnk = I:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://I:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - I:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
End of file - 6270 bytes

Configuration: Windows XP
Firefox 2.0.0.11

Meilleures réponses pour « trojan rapport hijackthis » dans :
Comment analyser un rapport HijackThis VoirCet article est destiné aux utilisateurs désirant apprendre à mieux connaitre cet outil, encore à ce jour incontournable pour établir un premier diagnostic sur un PC infecté. Il n'a pas pour vocation d'être purement technique, mais vous propose...
Posez votre question Répondre

1

jlpjlp, le 30 jan 2008 à 13:08:20

Slt,
tu as f secure et antivir, soit deux antivirus, deux ensemble, cela fait planter les ordi...

________________

tu as le nom du troyen? le nom des fichiers inféctés? cela te fais quoi? des pubs?... explique bien
________________

AVG antispyware

http://www.01net.com/...

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-po­ur-votre-securite.html


->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici


______________________


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html

   
Répondre à jlpjlp

2

lonijova, le 30 jan 2008 à 13:16:54

Salut et merci pour la réponse rapide.
déja je vais virer f secure.
ensuite concernant le problème, quand je suis sur msn, ça envoi à met contact un message avec un lien.
j'ai un dossier dans documents and settings: remuyzxd.exe que je ne peut effacer et apriori le problème vient de la.
sinon le scan avec antivir, ma sortie plusieur truc comme :
BDS/delf.dbu.1
TR/hijacker.gen
DR/delphi.gen!
HEUR/crypted.

voila, je vais commencer par faire ce que tu m'as envoyé.
merci

   
Répondre à lonijova

3

lonijova, le 30 jan 2008 à 13:19:12

Resalut. tes liens pour avg, sont mort.
et je ne trouve pas avg.
merci

   
Répondre à lonijova

4

lonijova, le 30 jan 2008 à 14:01:55

Voici le rapport d'antivir.

AntiVir PersonalEdition Classic
Report file date: mercredi 30 janvier 2008 03:32

Scanning for 1084249 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PAVILION

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:36:36
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 11:29:02
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 13:48:58
ANTIVIR3.VDF : 7.0.2.68 189440 Bytes 29/01/2008 14:23:06
AVEWIN32.DLL : 7.6.0.57 3215872 Bytes 28/01/2008 16:47:28
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 29/01/2008 14:23:10
AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/01/2008 13:29:28
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: i:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 30 janvier 2008 03:32

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'WkUFind.exe' - '1' Module(s) have been scanned
Scan process 'StartMessager.exe' - '1' Module(s) have been scanned
Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'fswsclds.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned

Start scanning boot sectors:
Boot sector 'I:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'I:\'
I:\hiberfil.sys
[WARNING] The file could not be opened!
I:\pagefile.sys
[WARNING] The file could not be opened!
I:\System Volume Information\_restore{F9C3C5F1-CD8B-4002-877C-01AEB4D42CB2}\R­P343\A0132768.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Delf.dbu.1 Backdoor server programs
[INFO] The file was deleted!
I:\System Volume Information\_restore{F9C3C5F1-CD8B-4002-877C-01AEB4D42CB2}\R­P350\A0132895.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Delf.dbu.1 Backdoor server programs
[INFO] The file was deleted!


End of the scan: mercredi 30 janvier 2008 11:37
Used time: 8:04:43 min

The scan has been done completely.

5660 Scanning directories
244731 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
244729 Files not concerned
1777 Archives were scanned
2 Warnings
0 Notes

   
Répondre à lonijova

5

lonijova, le 30 jan 2008 à 15:07:24

Help

   
Répondre à lonijova

6

lonijova, le 30 jan 2008 à 16:10:43

Voici le rapport avg anti-spyware.

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:07:23 30/01/2008

+ Résultat de l'analyse:



HKU\S-1-5-21-1229272821-1004336348-682003330-1004\Software\M­icrosoft\Windows\CurrentVersion\Ext\Stats\{5054F860-748D-484­0-B7B4-DDDB428421AF} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.11:I:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\5kqe8a44.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.13:I:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\5kqe8a44.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.14:I:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\5kqe8a44.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.15:I:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\5kqe8a44.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.10:I:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\5kqe8a44.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.8:I:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\5kqe8a44.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.


Fin du rapport

   
Répondre à lonijova

7

lonijova, le 30 jan 2008 à 16:47:24

Voici mon nouveau rapport antivir

AntiVir PersonalEdition Classic
Report file date: mercredi 30 janvier 2008 16:15

Scanning for 1084249 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PAVILION

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:36:36
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 11:29:02
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 13:48:58
ANTIVIR3.VDF : 7.0.2.68 189440 Bytes 29/01/2008 14:23:06
AVEWIN32.DLL : 7.6.0.57 3215872 Bytes 28/01/2008 16:47:28
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 29/01/2008 14:23:10
AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/01/2008 13:29:28
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: i:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 30 janvier 2008 16:15

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'WkUFind.exe' - '1' Module(s) have been scanned
Scan process 'StartMessager.exe' - '1' Module(s) have been scanned
Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'fswsclds.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned

Start scanning boot sectors:
Boot sector 'I:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '23' files ).


Starting the file scan:

Begin scan in 'I:\'
I:\hiberfil.sys
[WARNING] The file could not be opened!
I:\pagefile.sys
[WARNING] The file could not be opened!
I:\Program Files\MSNFix\remuyzxd.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Delf.dbu.1 Backdoor server programs
[INFO] The file was moved to '480d98ae.qua'!
I:\System Volume Information\_restore{F9C3C5F1-CD8B-4002-877C-01AEB4D42CB2}\R­P353\A0133495.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Delf.dbu.1 Backdoor server programs
[INFO] The file was moved to '47d19a5e.qua'!
I:\System Volume Information\_restore{F9C3C5F1-CD8B-4002-877C-01AEB4D42CB2}\R­P353\A0133533.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Delf.dbu.1 Backdoor server programs
[INFO] The file was moved to '47d19a65.qua'!
I:\System Volume Information\_restore{F9C3C5F1-CD8B-4002-877C-01AEB4D42CB2}\R­P353\A0133542.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Delf.dbu.1 Backdoor server programs
[INFO] The file was moved to '47d19a67.qua'!


End of the scan: mercredi 30 janvier 2008 16:44
Used time: 28:38 min

The scan has been done completely.

5497 Scanning directories
245089 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
245085 Files not concerned
1778 Archives were scanned
2 Warnings
0 Notes

   
Répondre à lonijova

8

jlpjlp, le 31 jan 2008 à 10:47:21

Le virus est dans msnfix!

tu vas dans poste de travail puis I puis Program Files\MSNFix et tu vire tout ce qui est dedans


I:\Program Files\MSNFix\remuyzxd.exe

____________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

____________________

pour les autres virus trouvés par antivir ils sont dans ta restauration:

désactive la restauration système pour purger les virus qui seraient dedans

puis redemarre ton ordi
puis réactive là
(dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

_____________________
vire ce qui est en quarantaine dans antivir

_______________________

recolle un rapport antivir et dis tes soucis

a plus

   
Répondre à jlpjlp

9

lonijova, le 31 jan 2008 à 14:29:15

Salut jlpjlp, et merci infiniment de prendre de ton temps pour t'occuper de mon problème.

j'ai fait tout ce que tu as dit.
le problème c'est combo fix.
il m'ouvre un écran bleu avec un tiret qui clignote j'ai laissé comme ça une bonne heure pensant qu'il scannait, mais rien.
est ce normal, faut il que je le laisse plus longtemps?

sinon, j'ai viré msnfix, avec tout, ja'i enlever la restauration, et supprimé les éléments en quarantaine dans antivir.

j'ai refait un scan d'antivir, le voici. merci

AntiVir PersonalEdition Classic
Report file date: jeudi 31 janvier 2008 14:02

Scanning for 1086273 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PAVILION

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 12:16:11
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 12:16:11
ANTIVIR3.VDF : 7.0.2.75 217088 Bytes 31/01/2008 12:16:11
AVEWIN32.DLL : 7.6.0.59 3232256 Bytes 31/01/2008 12:16:11
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 31/01/2008 12:16:11
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: i:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 31 janvier 2008 14:02

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'WkUFind.exe' - '1' Module(s) have been scanned
Scan process 'StartMessager.exe' - '1' Module(s) have been scanned
Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Start scanning boot sectors:
Boot sector 'I:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '20' files ).


Starting the file scan:

Begin scan in 'I:\'
I:\hiberfil.sys
[WARNING] The file could not be opened!
I:\pagefile.sys
[WARNING] The file could not be opened!
I:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YZS7M1CZ\xlyzqqevi[1].htm
[WARNING] 'Is the Trojan horse TR/Small.Crypted.Gen'. This detection is probably an error. Please send us this file immediately for further analysis.


End of the scan: jeudi 31 janvier 2008 14:23
Used time: 21:08 min

The scan has been done completely.

5219 Scanning directories
229506 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
229506 Files not concerned
1759 Archives were scanned
3 Warnings
0 Notes

   
Répondre à lonijova

10

lonijova, le 31 jan 2008 à 15:02:38

J'ai refait une analyse avec avg, je te la donne:

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:07:23 30/01/2008

+ Résultat de l'analyse:



HKU\S-1-5-21-1229272821-1004336348-682003330-1004\Software\M­icrosoft\Windows\CurrentVersion\Ext\Stats\{5054F860-748D-484­0-B7B4-DDDB428421AF} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.11:I:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\5kqe8a44.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.13:I:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\5kqe8a44.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.14:I:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\5kqe8a44.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.15:I:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\5kqe8a44.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.10:I:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\5kqe8a44.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.8:I:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\5kqe8a44.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.


Fin du rapport

   
Répondre à lonijova

11

lonijova, le 31 jan 2008 à 16:16:39

J'ai réussi a faire combo fix; voici le rapport.merci


ComboFix 08-01-30.1 - Jean-Michel 2008-01-31 16:11:50.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.193 [GMT 1:00]
Endroit: I:\Documents and Settings\Jean-Michel\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))))))))
.

2008-01-31 13:11 . 2008-01-31 13:11 <REP> d-------- I:\Program Files\Avira
2008-01-31 13:02 . 2008-01-31 13:02 244 --ah----- I:\sqmnoopt02.sqm
2008-01-31 13:02 . 2008-01-31 13:02 232 --ah----- I:\sqmdata02.sqm
2008-01-31 03:31 . 2008-01-31 03:31 244 --ah----- I:\sqmnoopt01.sqm
2008-01-31 03:31 . 2008-01-31 03:31 232 --ah----- I:\sqmdata01.sqm
2008-01-31 03:17 . 2008-01-31 03:17 244 --ah----- I:\sqmnoopt00.sqm
2008-01-31 03:17 . 2008-01-31 03:17 232 --ah----- I:\sqmdata00.sqm
2008-01-31 02:12 . 2008-01-31 03:08 250 --a------ I:\WINDOWS\gmer.ini
2008-01-31 01:23 . 2008-01-31 01:23 161 --a------ I:\Delme.bat
2008-01-31 01:15 . 2008-01-31 01:15 <REP> d-------- I:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-01-30 17:47 . 2008-01-30 17:47 <REP> d-------- I:\Documents and Settings\Jean-Michel\Application Data\Live-Prod
2008-01-30 15:29 . 2008-01-30 15:29 <REP> d-------- I:\Documents and Settings\Jean-Michel\Application Data\Grisoft
2008-01-30 15:29 . 2007-05-30 13:10 10,872 --a------ I:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-30 03:39 . 2008-01-30 17:18 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-30 03:30 . 2007-09-05 23:22 289,144 --a------ I:\WINDOWS\system32\VCCLSID.exe
2008-01-30 03:30 . 2006-04-27 16:49 288,417 --a------ I:\WINDOWS\system32\SrchSTS.exe
2008-01-30 03:30 . 2008-01-27 14:37 81,920 --a------ I:\WINDOWS\system32\IEDFix.exe
2008-01-30 03:30 . 2004-07-31 17:50 51,200 --a------ I:\WINDOWS\system32\dumphive.exe
2008-01-30 03:30 . 2007-10-03 23:36 25,600 --a------ I:\WINDOWS\system32\WS2Fix.exe
2008-01-30 03:30 . 2008-01-30 03:30 1,834 --a------ I:\WINDOWS\system32\tmp.reg
2008-01-30 02:58 . 2008-01-30 02:58 <REP> d-------- I:\Rustbfix
2008-01-30 02:33 . 2008-01-30 02:33 <REP> d-------- I:\VundoFix Backups
2008-01-30 02:08 . 2008-01-30 13:23 2,374 --a------ I:\WINDOWS\mozver.dat
2008-01-30 02:06 . 2008-01-30 02:06 0 --a------ I:\WINDOWS\nsreg.dat
2008-01-30 01:56 . 2008-01-30 01:56 59,640 --a------ I:\Documents and Settings\Jean-Michel\Application Data\GDIPFONTCACHEV1.DAT
2008-01-30 00:47 . 2008-01-30 00:47 <REP> d-------- I:\Program Files\Tiscali Triway Wi-Fi
2008-01-30 00:44 . 2008-01-30 00:44 <REP> d-------- I:\WINDOWS\Tiscali
2008-01-30 00:44 . 2008-01-30 00:44 <REP> d-------- I:\Program Files\Tiscali_Triway_WiFi
2008-01-29 23:43 . 2008-01-29 23:43 <REP> d-------- I:\Documents and Settings\Jean-Michel\Application Data\GlarySoft
2008-01-29 23:34 . 2008-01-31 13:11 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Avira
2008-01-29 22:14 . 2008-01-29 22:14 <REP> d-------- I:\Documents and Settings\LocalService\Bureau
2008-01-29 21:51 . 2008-01-29 21:51 <REP> d-------- I:\Documents and Settings\Jean-Michel\Application Data\AVG7
2008-01-29 21:50 . 2008-01-29 21:50 <REP> d-------- I:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-29 21:50 . 2008-01-30 15:28 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-29 21:14 . 2008-01-29 21:14 <REP> d-------- I:\WINDOWS\ERUNT
2008-01-29 20:14 . 1997-03-05 08:53 48,128 --a------ I:\WINDOWS\system32\SMMSCRPT.DLL
2008-01-29 20:05 . 2004-08-19 16:09 21,504 --a------ I:\WINDOWS\system32\hidserv.dll
2008-01-29 20:05 . 2004-08-19 16:09 21,504 --a--c--- I:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-29 20:05 . 2001-08-23 17:04 12,288 --a------ I:\WINDOWS\system32\drivers\mouhid.sys
2008-01-29 20:05 . 2001-08-23 17:04 12,288 --a--c--- I:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-29 20:05 . 2001-08-17 22:02 9,600 --a------ I:\WINDOWS\system32\drivers\hidusb.sys
2008-01-29 20:05 . 2001-08-17 22:02 9,600 --a--c--- I:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-24 20:21 . 2007-06-13 14:22 1,075,713 --a------ I:\WINDOWS\gilcqfo.exe
2008-01-18 11:21 . 2008-01-27 14:19 <REP> d-------- I:\Program Files\IncrediMail
2008-01-13 16:47 . 2008-01-20 14:31 150 --a------ I:\Documents and Settings\MATHIS\Application Data\wklnhst.dat
2007-12-30 17:48 . 2007-12-30 17:48 284 --a------ I:\Documents and Settings\MANON\Application Data\ViewerApp.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 15:10 --------- d-----w I:\Documents and Settings\Jean-Michel\Application Data\OpenOffice.org2
2008-01-31 00:37 --------- d-----w I:\Program Files\RegCleaner
2008-01-31 00:25 --------- d-----w I:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-31 00:15 --------- d-----w I:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-30 23:06 --------- d-----w I:\Program Files\Alwil Software
2008-01-30 01:32 2,666 ----a-w I:\Documents and Settings\Jean-Michel\Application Data\wklnhst.dat
2008-01-29 23:47 --------- d--h--w I:\Program Files\InstallShield Installation Information
2008-01-29 22:42 --------- d-----w I:\Program Files\Wanadoo
2008-01-29 19:54 67,904 ----a-w I:\Documents and Settings\Jean-Michel\Application Data\mdbu.bin
2008-01-23 16:50 --------- d-----w I:\Program Files\Microsoft Picture It! 9
2008-01-09 16:35 --------- d-----w I:\Program Files\eMule
2008-01-02 10:33 560 ----a-w I:\Documents and Settings\Jean-Michel\Application Data\ViewerApp.dat
2007-11-30 22:32 --------- d-----w I:\Program Files\Windows Live Toolbar
2007-11-19 09:57 254 ----a-w I:\Documents and Settings\MANON\Application Data\wklnhst.dat
2007-11-07 09:28 728,576 ----a-w I:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w I:\WINDOWS\system32\quartz.dll
2007-10-25 09:00 230,912 ----a-w I:\WINDOWS\system32\wmasf.dll
2007-10-10 23:49 824,832 ----a-w I:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"ccleaner"="I:\Program Files\CCleaner\ccleaner.exe" [2007-07-13 10:10 598656]
"msnmsgr"="I:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544]
"MessagerStarter Wanadoo"="I:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-11 16:06 32768]
"Microsoft Works Update Detection"="I:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 17:49 50688]
"!AVG Anti-Spyware"="I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"avgnt"="I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-31 13:16 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="I:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]

I:\Documents and Settings\Jean-Michel\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - I:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]

I:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - I:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"WooCnxMon"=I:\PROGRA~1\Wanadoo\CnxMon.exe
"WOOWATCH"=I:\PROGRA~1\Wanadoo\Watch.exe
"WOOTASKBARICON"=I:\PROGRA~1\Wanadoo\TaskbarIcon.exe
"TkBellExe"="I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot


.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-31 15:12:01 I:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- I:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 16:14:01
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-01-31 16:14:34
ComboFix-quarantined-files.txt 2008-01-31 15:14:32
ComboFix2.txt 2008-01-30 01:02:04
ComboFix3.txt 2008-01-30 00:55:33
.
2008-01-09 16:15:47 --- E O F ---

   
Répondre à lonijova

12

lonijova, le 31 jan 2008 à 16:41:54

Re.

donc voici le nouveau rapport d'antivir après toute les opérations.
il me trouve encore 3 warning, mais plus de virus.
que faut il que je fasse maintenant.
merci


AntiVir PersonalEdition Classic
Report file date: jeudi 31 janvier 2008 16:17

Scanning for 1086273 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PAVILION

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 12:16:11
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 12:16:11
ANTIVIR3.VDF : 7.0.2.75 217088 Bytes 31/01/2008 12:16:11
AVEWIN32.DLL : 7.6.0.59 3232256 Bytes 31/01/2008 12:16:11
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 31/01/2008 12:16:11
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: i:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 31 janvier 2008 16:17

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'WkUFind.exe' - '1' Module(s) have been scanned
Scan process 'StartMessager.exe' - '1' Module(s) have been scanned
Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned

Start scanning boot sectors:
Boot sector 'I:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '20' files ).


Starting the file scan:

Begin scan in 'I:\'
I:\hiberfil.sys
[WARNING] The file could not be opened!
I:\pagefile.sys
[WARNING] The file could not be opened!
I:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YZS7M1CZ\xlyzqqevi[1].htm
[WARNING] 'Is the Trojan horse TR/Small.Crypted.Gen'. This detection is probably an error. Please send us this file immediately for further analysis.


End of the scan: jeudi 31 janvier 2008 16:39
Used time: 21:20 min

The scan has been done completely.

5210 Scanning directories
229489 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
229489 Files not concerned
1759 Archives were scanned
3 Warnings
0 Notes

   
Répondre à lonijova

13

lonijova, le 31 jan 2008 à 20:13:42

Bon antivir, me détecte encore un truc au démarrage de l'ordi.
donc il doit rester des résidus,pas bien bon pour la machine.
merci de votre aide.

   
Répondre à lonijova

14

jlpjlp, le 31 jan 2008 à 22:10:46

Utilise pour supprimer tes traces (vire bien les ficheirs temporaires)

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

http://www.01net.com/...
-----------------------

quel fichier est infécté au demarrage?
________________

Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

 Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
 Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
 Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
http://kerio.probb.fr/Clean-h15.htm

________________

recolle ensuite un rapport antivir et hijakchits

   
Répondre à jlpjlp

15

lonijova, le 31 jan 2008 à 23:28:10

Ok je fais tout ça.
mais je venais juste de nettoyer avec ccleaner et j'ai pas enregistré le rapport.
bon je refait un nettoyage voir si il me trouve quelque chose, et je fait clean zip en mode sans echec.

merci infiniment.

   
Répondre à lonijova

16

lonijova, le 31 jan 2008 à 23:53:29

Alors.
pour répondre à la question quel fichier est infecté au démarrage:
à chaque ouverture de ma session, antivir me donne ce message:
contains a detection pattern of the (dangerous) backdoor program BDS/Delf.dbu.1backdoor server programs.
et il trouve cela dans document and settins/.../remuyzxd.exe

ensuite, pas moyen d'avoir un rapport avec ccleaner.
et enfin, lorsque je lance cleanzip (clean.cmd), un écran noir s'ouvre, j'appuie sur 1 pour rechercher, la recherche débute et dans les 5 secondes qui suivent, la page disparait (l'écran noir) et y'a plus rien. j'ai refait la manip 3 fois et c'est toujours la meme chose.
que dois je faire?

merci

   
Répondre à lonijova

17

lonijova, le 1 fév 2008 à 00:40:38

Alors j'ai fait un scan online avec bitdefender.
et il m'a trouvé un virus:
Dropped: Trojan.agent.AGPQ
dans:
I: Windows\explorer.exe

voila les dernières news.
merci

   
Répondre à lonijova

18

jlpjlp, le 1 fév 2008 à 12:56:19

Et il trouve cela dans document and settins/.../remuyzxd.exe : PEUT TU ME DONNER LE NOM EXACT SVP du fichier


pour bitdefender c'est le nom exact du fichier infécté?
I: Windows\explorer.exe

____________________

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
_________________


smit fraud fix
http://siri.urz.free.fr/Fix/SmitfraudFix.php


double clique sur smitfraudfix. puis selectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redemarre en mode sans echec (en appuyant sur F8 ou suppr, ou F5 au demarrage en général)

3/ puis refaire comme en 2/ mais selectionne l'option 2 et appuyer sur entrée pour commencer la desinfection. lorsque le programme demande si tu veut nettoyer le registre metsoui en tapant 0 et entrée

_______________



Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

   
Répondre à jlpjlp

19

lonijova, le 1 fév 2008 à 14:13:51

Oui il trouve cela dans document and settings/ jean michel/remuyzdx.exe
ce fichier y fût bien un temps, mais il n'y est plus maintenant, pourtant antivir me met toujours ce message d'alerte en le détectant toujours à cet endroit.

en revanche bitdefender, lui me trouve un trojan dans mon disque dur: I: windows\explorer.exe

j'ai commencé la manip, voici déja le rapport de sdfix

SDFix: Version 1.135

Run by Jean-Michel on 01/02/2008 at 14:00

Microsoft Windows XP [version 5.1.2600]

Running From: I:\DOCUME~1\JEAN-M~1\Bureau\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:




Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 14:06:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"I:\\Documents and Settings\\Jean-Michel\\remuyzxd.exe"="I:\\Documents and Settings\\Jean-Michel\\remuyzxd.exe:*:Enabled:Flash Player2"
"I:\\Program Files\\MSN Messenger\\msnmsgr.exe"="I:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Tue 12 Jun 2007 4,348 ..SH. --- I:\DOCUME~1\ALLUSE~1\DRM\DRMV1.BAK
Sat 1 Sep 2007 401 ..SH. --- I:\DOCUME~1\ALLUSE~1\DRM\DRMV13.BAK

Finished!

   
Répondre à lonijova
30 réponses 12 Suivant
Posez votre question Répondre
Ils ont besoin de votre aide