Bonjour je suis sur windows xp et j'ai attrapé le virus "your system is infected! system has been...."
Je voulais savoir si quelqu'un pouvait m'aider et me guider pour la désinfection. D'avance merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:11, on 23/07/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Mesdocs\Téléchargements\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA5244] command.com /c del "C:\WINDOWS\system32\winlogon32.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7269] cmd.exe /c del "C:\WINDOWS\system32\winlogon32.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4095] command.com /c del "C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\siszpe32.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7733] cmd.exe /c del "C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\siszpe32.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: siszpe32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helpers32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helpers32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://*.cyber-deployment.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.cyber-deployment.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEBCA9CC-E381-4C15-ADBD-2B924C4FF28D}: NameServer = 80.10.246.2,192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
--
End of file - 6990 bytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4340
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
23/07/2010 12:15:36
mbam-log-2010-07-23 (12-15-36).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 146928
Temps écoulé: 17 minute(s), 55 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 9
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\helpers32.dll (Trojan.FakeAlert) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga4095 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc7733 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> No action taken.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> No action taken.
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> No action taken.
C:\WINDOWS\system32\drivers\bxgrr.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\Administrateur\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\siszpe32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ES15.exe (Rogue.SecurityEsssentials) -> No action taken.
C:\WINDOWS\system32\helpers32.dll (Trojan.FakeAlert) -> No action taken.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4340
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
23/07/2010 14:35:06
mbam-log-2010-07-23 (14-35-06).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 146762
Temps écoulé: 14 minute(s), 25 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
BIOS : BIOS Date: 06/16/08 11:02:10 Ver: 5.25
USER : Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1368 [VPS 100722-1] 4.8.1368 (Not Activated)
C:\ (Local Disk) - NTFS - Total:34 Go (Free:17 Go)
D:\ (Local Disk) - NTFS - Total:198 Go (Free:195 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 23/07/2010|14:41 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-03414D9F.pf
C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings
C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings\kb128\temp\ws-14810.log
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=desktop"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=desktop"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=desktop"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 23/07/2010|14:42 - Option : [1]
-----------\\ Fin du rapport a 14:42:11,68
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
BIOS : BIOS Date: 06/16/08 11:02:10 Ver: 5.25
USER : Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1368 [VPS 100722-1] 4.8.1368 (Not Activated)
C:\ (Local Disk) - NTFS - Total:34 Go (Free:17 Go)
D:\ (Local Disk) - NTFS - Total:198 Go (Free:195 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 23/07/2010|15:09 )
-----------\\ SUPPRESSION
Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-03414D9F.pf
Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings\kb128
Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=desktop"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=desktop"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.msn.com/"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 23/07/2010|14:42 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 23/07/2010|15:09 - Option : [2]
-----------\\ Fin du rapport a 15:09:46,59
:Files
c:\windows\system32\helpers32.dll
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 4 invités
.: Nous contacter :: Flux RSS :: Données personnelles :. |