Se connecter / S'enregistrer
Votre question

Virus Connect To

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Octobre 2007 19:55:13

Voici le rapport MSWFix :

Citation :
MSNFix 1.537

C:\Documents and Settings\Violaine\Bureau\MSNFix
Fix exécuté le 05/10/2007 - 19:21:37,17 By Violaine
mode normal

************************ Recherche les fichiers présents

... C:\Program Files\Fichiers communs\Carlson\carlton
... C:\DOCUME~1\Violaine\LOCALS~1\Temp\*.dmp
... C:\Documents and Settings\Violaine\auto.txt
... C:\WINDOWS\system32\direct3dx.dll
... C:\WINDOWS\system32\directxd.exe
... C:\WINDOWS\system32\libinets.dll
... C:\WINDOWS\system32\libweb.dll
... C:\WINDOWS\system32\winIogon.exe

************************ MSNCHK ***** /!\ beta test /!\



************************ Recherche les dossiers présents

... C:\Program Files\Fichiers communs\Carlson\
... C:\Temp\




************************ Suppression des fichiers

.. OK ... C:\Program Files\Fichiers communs\Carlson\carlton
.. OK ... C:\DOCUME~1\Violaine\LOCALS~1\Temp\*.dmp
.. OK ... C:\Documents and Settings\Violaine\auto.txt
/!\ ... C:\WINDOWS\system32\direct3dx.dll
.. OK ... C:\WINDOWS\system32\directxd.exe
/!\ ... C:\WINDOWS\system32\libinets.dll
/!\ ... C:\WINDOWS\system32\libweb.dll
.. OK ... C:\WINDOWS\system32\winIogon.exe


************************ Suppression des dossiers

.. OK ... C:\Program Files\Fichiers communs\Carlson\
.. OK ... C:\Temp\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\direct3dx.dll
.. OK ... C:\WINDOWS\system32\libinets.dll
.. OK ... C:\WINDOWS\system32\libweb.dll



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\msys.exe] B63225CC84632517FFD0C09966A71D21

==> SVP merci d'envoyer le fichier C:\DOCUME~1\Violaine\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 05102007_19434903.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------


Citation :
Et le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:24, on 05/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllcache\googlee.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\systs.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\lecompagnonclub.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\RunServices: [Microsoft] hewjgi.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Violaine\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/Sys...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\googlee.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinHost Debugger System - Unknown owner - C:\WINDOWS\system32\systs.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8062 bytes


Que dois-je faire ensuite pour me débarasser de ce truc ?
Merci d'avance pour l'aide :) 

Autres pages sur : virus connect

5 Octobre 2007 20:29:48

Bonjour ^^

C'est bon j'ai uploadé :) 
Contenus similaires
a b 8 Sécurité
5 Octobre 2007 21:01:43

Supprime ce fichier :
C:\msys.exe
5 Octobre 2007 21:25:15

Voilà c'est fait
5 Octobre 2007 23:05:54

Merci pour l'anti-virus et le comparatif, je pensais pas qu'Avast était si mauvais...

Voici le rapport après scan :
Citation :

AntiVir PersonalEdition Classic
Report file date: vendredi 5 octobre 2007 22:07

Scanning for 866705 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PINOU

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 20:05:26
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 20:05:27
ANTIVIR2.VDF : 7.0.0.32 315904 Bytes 28/09/2007 20:05:27
ANTIVIR3.VDF : 7.0.0.56 124416 Bytes 05/10/2007 20:05:27
AVEWIN32.DLL : 7.6.0.20 2753024 Bytes 05/10/2007 20:05:28
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 5 octobre 2007 22:07

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'winamp.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'MOTIVE~1.EXE' - '1' Module(s) have been scanned
Scan process 'mpbtn.exe' - '1' Module(s) have been scanned
Scan process 'qmmkaplm.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\System32\qmmkaplm.exe'
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'lecompagnonclub.exe' - '1' Module(s) have been scanned
Scan process 'lanceur.exe' - '1' Module(s) have been scanned
Scan process 'ZDWlan.exe' - '1' Module(s) have been scanned
Scan process 'NkvMon.exe' - '1' Module(s) have been scanned
Scan process 'KEM.exe' - '1' Module(s) have been scanned
Scan process 'symwsc.exe' - '1' Module(s) have been scanned
Scan process 'systs.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\systs.exe'
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'googlee.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\dllcache\googlee.exe'
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CCPROXY.EXE' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'CCEVTMGR.EXE' - '1' Module(s) have been scanned
Scan process 'SNDSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CCSETMGR.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'qmmkaplm.exe' has been terminated
Process 'systs.exe' has been terminated
Process 'googlee.exe' has been terminated
C:\WINDOWS\System32\qmmkaplm.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] The file was moved to '477399ff.qua'!
C:\WINDOWS\system32\systs.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.66823.78
[INFO] The file was moved to '47799a0e.qua'!
C:\WINDOWS\system32\dllcache\googlee.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.147456
[INFO] The file was moved to '47759a07.qua'!

45 processes with 42 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\lanmanwrk.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] The file was moved to '477499ff.qua'!
C:\WINDOWS\system32\lanmanwrk.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen

The registry was scanned ( '65' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\msys.exe
[0] Archive type: RAR SFX (self extracting)
--> bku.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Henky.Tanzen
[INFO] The file was moved to '477f9a15.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\a[1].ani
[DETECTION] Contains detection pattern of the exploits EXP/Ani.Gen
[INFO] The file was moved to '47379aef.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\exp1[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
[INFO] The file was moved to '47769b17.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4L2ZOXMR\detected[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Silly.Gen
[INFO] The file was moved to '477a9b07.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KDER8563\allo[1].exe
[0] Archive type: RAR SFX (self extracting)
--> bku.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Henky.Tanzen
[INFO] The file was moved to '47729b11.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KDER8563\autodetect[1].htm
[DETECTION] Is the Trojan horse TR/Dldr.Psyme.LS
[INFO] The file was moved to '477a9b1f.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KLYJG5QF\324123[1].htm
[DETECTION] Contains detection pattern of the exploits EXP/Ani.Gen
[INFO] The file was moved to '473a9ae1.qua'!
C:\Documents and Settings\Violaine\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/Violaine/Bureau/Upload_Me/directxd.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.arf.16
--> DOCUME~1/Violaine/Bureau/Upload_Me/msys.exe
[1] Archive type: RAR SFX (self extracting)
--> bku.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Henky.Tanzen
--> DOCUME~1/Violaine/Bureau/Upload_Me/winIogon.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.H
[INFO] The file was moved to '47729b8b.qua'!
C:\Documents and Settings\Violaine\Bureau\MSNFix\05102007_19434903.zip
[0] Archive type: ZIP
--> backup/carlton
[DETECTION] Is the Trojan horse TR/Dialer.US.2
--> backup/direct3dx.dll
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.25000.1
--> backup/directxd.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.arf.16
--> backup/libinets.dll
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.25900.4
--> backup/libweb.dll
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.25900.4
--> backup/winIogon.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.H
[INFO] The file was moved to '47379b51.qua'!
C:\Documents and Settings\Violaine\Local Settings\Temp\temp.fr3EA1
[DETECTION] Contains detection pattern of the worm WORM/VanBot.H
[INFO] The file was moved to '47739c2c.qua'!
C:\Documents and Settings\Violaine\Local Settings\Temporary Internet Files\Content.IE5\SAP7YUIS\CAZKYMOM
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47609c20.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP553\A0131480.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.H
[INFO] The file was moved to '4737a326.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP559\A0132499.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.26112.5
[INFO] The file was moved to '4737a328.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP562\A0134529.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Henky.Tanzen
[INFO] The file was moved to '4737a329.qua'!
C:\WINDOWS\hdrive\bku.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Henky.Tanzen
[INFO] The file was moved to '477ba415.qua'!
C:\WINDOWS\system32\bpjz.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '4770a618.qua'!
C:\WINDOWS\system32\ehxdx.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '477ea618.qua'!
C:\WINDOWS\system32\gpozk.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '4775a622.qua'!
C:\WINDOWS\system32\hfdzorg.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '476aa618.qua'!
C:\WINDOWS\system32\kvqzgp.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '4777a62e.qua'!
C:\WINDOWS\system32\lanmandrv.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.GK
[INFO] The file was moved to '4774a61a.qua'!
C:\WINDOWS\system32\oeplhwo.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '4776a629.qua'!
C:\WINDOWS\system32\oveill.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '476ba63b.qua'!
C:\WINDOWS\system32\pbdga.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '476aa627.qua'!
C:\WINDOWS\system32\psgu.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '476da63a.qua'!
C:\WINDOWS\system32\tqncrclr.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '4774a640.qua'!
C:\WINDOWS\system32\ulkmqt.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '4771a63b.qua'!
C:\WINDOWS\system32\vturs.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\vymgzwu.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '4773a669.qua'!
C:\WINDOWS\system32\wyfw.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '476ca66e.qua'!
C:\WINDOWS\system32\xacntpzy.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '4769a656.qua'!
C:\WINDOWS\system32\xalaxe.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '4772a656.qua'!
C:\WINDOWS\system32\xzigu.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '476fa670.qua'!
C:\WINDOWS\system32\ymoruvc.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.dta
[INFO] The file was moved to '4775a663.qua'!
C:\WINDOWS\system32\drivers\ip6fw.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.DQ.31.A
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Runtime//Enum]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME\0000//Control]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME//0000]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root//LEGACY_RUNTIME]
[INFO] The file was moved to '473ca6bf.qua'!


End of the scan: vendredi 5 octobre 2007 23:02
Used time: 55:09 min

The scan has been done completely.

8770 Scanning directories
323591 Files were scanned
47 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
38 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
323544 Files not concerned
7437 Archives were scanned
3 Warnings
0 Notes

a b 8 Sécurité
6 Octobre 2007 12:01:27

Re,

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse


NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
6 Octobre 2007 16:19:52

Salut,

Heu... Là actuellement je peux plus rien faire, y a un mot de passe pour ouvrir la session qui est apparu entre hier quand j'ai éteint le pc et aujourd'hui quand je l'ai rallumé, alors que j'ai jamais mis de mot de passe... donc impossible de lancer windows -_-
a b 8 Sécurité
6 Octobre 2007 16:21:19

Peux pas t'aider là :/ 
10 Octobre 2007 21:16:25

Plop,

Bon j'suis toujours coincé avec ce mot de passe alors j'vais tenter d'installer Linux, j'sais pas trop comment, comme ça j'aurai viré le principal virus du pc :D 

Merci quand meme pour l'aide apportée ;) 
a b 8 Sécurité
10 Octobre 2007 21:30:15

Ok :/ 
11 Novembre 2007 19:48:16

Angeldark a dit :
Ok :/ 

Search Navipromo version 3.3.5 commencé le 11/11/2007 à 19:35:22,65

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 08.11.2007 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180


*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\MessengerSkinner trouvé !


*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\sebastien\Application Data ***

...\Application Data\MessengerSkinner trouvé !

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\SEBAST~1\LOCALS~1\APPLIC~1



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans C:\DOCUME~1\SEBAST~1\LOCALS~1\APPLIC~1 *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :


C:\DOCUME~1\SEBAST~1\LOCALS~1\APPLIC~1\asngztnacu.dat trouvé !
C:\DOCUME~1\SEBAST~1\LOCALS~1\APPLIC~1\asngztnacu_nav.dat trouvé !

3)Recherche Certificats :

Certificat Egroup absent !


*** Analyse terminée le 11/11/2007 à 19:35:58,87 ***
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS