Desktop Security 2010
Bonsoir à tous,
J'ai été infecté par cette pôurriture hier soir et depuis je prds des heures sur mon ordi à essayer de l'éradiquer.
Ce que j'ai déjà fait:
-lire des réponses sur des forums à ceux qui ont déjà eu ce truc.
-Télécharger rkill.scr et le lancer pour arrêter le processus qui embête et ensuite tout supprimer manuellement mais ça revient au prochain démarrage
-Télécharger et mettre à jour malewarebytes et lancer un scan complet et tout supprimer mais ça réapparaît au prochain redémarrage! je précise que maleware ne se lancait pas et que, suivant une astuce du net, je l'ai renommé zal.exe et puis il s'est lancé.
[EDIT] Je précise qu'à la fin de la suppression de maleware il me dit que certains éléments n'ont pas été supprimés.
Je poste mon rapport hijakthis ainsi que le dernier scan maleware.
J'éspère vraiment que quelqu'un pourra m'aider.
Au fait: pourquoi MCAfee que ja paye suffisamment ne le voit même pas????
Merci d'avance
- Code: Tout sélectionner
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:04, on 09/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\program files\quicktime\qtsystem\quicktimeinternetextras.resources\es.lproj\quicktimequicktimeresources.exe
C:\program files\quicktime\qtsystem\quicktimecapture.resources\sv.lproj\quicktimeresourcesquicktime.exe
C:\program files\quicktime\qtsystem\quicktimestreamingauthoring.resources\it.lproj\quicktimeresourcesquicktimeresources7.6.6.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\Neuf\Kit\9props.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\docume~1\benjamin\locals~1\temp\hppt.exe
C:\WINDOWS\explorer.exe
c:\docume~1\benjamin\locals~1\temp\athh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Documents and Settings\benjamin\Mes documents\install\HiJackThis.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 3194 bytes
- Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org
Version de la base de données: 4083
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
09/05/2010 19:18:57
mbam-log-2010-05-09 (19-18-57).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 209946
Temps écoulé: 32 minute(s), 23 seconde(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 16
Processus mémoire infecté(s):
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Unloaded process successfully.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\securitycenter.exe (Rogue.DesktopSecurity2010) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\mfc71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\taskmgr.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\securitycenter (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nnomkidrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tusppmdrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvtstrdrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvtstrdrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dddabysys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qoppmnsys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qoppmnsys (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\benjamin\Menu Démarrer\Programmes\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Delete on reboot.
Fichier(s) infecté(s):
C:\Documents and Settings\benjamin\Menu Démarrer\Programmes\Desktop Security 2010\Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Menu Démarrer\Programmes\Desktop Security 2010\Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Menu Démarrer\Programmes\Desktop Security 2010\Help Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Menu Démarrer\Programmes\Desktop Security 2010\How to Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\mfc71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\MFC71ENU.DLL (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\securitycenter.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\securityhelper.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\taskmgr.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Menu Démarrer\Programmes\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Local Settings\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Local Settings\Temp\test.exe (Trojan.Agent) -> Delete on reboot.