Trojan-BNK.Win32.keylogger.gen

Trojan-BNK.Win32.keylogger.gen - Virus/Spywares - Windows & Software

Marsh Posté le 20-06-2011 à 09:58:19    

Bonjour,
 
 
J'ai attrappé le visrus : Trojan-BNK.Win32.keylogger.gen
 
 
j'ai suivi les sotlutions proposés sur le forum mais cela ne marche pas
 
J'ai fait un scan avec ZHPDiag, malarwabyte, spybot... le virus est toujours la
 
le pc contaminé n' plus internet,
 
le systéme n'arrive pas à ouvrir le rundll32 et impossible d'exécuter les .exe :((((
 
C'est un netbook xp samsung
 
 
Help please

Reply

Marsh Posté le 20-06-2011 à 09:58:19   

Reply

Marsh Posté le 20-06-2011 à 10:35:33    

Voila les différents rapports :
 
 
 ZHPDiag.txt    http://www.cijoint.fr/cjlink.php?f [...] ormvrX.txt
 
ZHPFixReport.txt    http://www.cijoint.fr/cjlink.php?f [...] I1IbvV.txt
 
ZHPFixReport1.txt   http://www.cijoint.fr/cjlink.php?f [...] oXyrCb.txt
 
Ad-Report-CLEAN[3].txt   http://www.cijoint.fr/cjlink.php?f [...] 7YbkKv.txt
 
Je suis en train de rescanner malarwabyte, mais comme je n'ai pas internet sur le poste il n'est pas à jour.
 
Je vous l'envoie dés qu'il finira (il y a un élément déféctueux)
 
 
 
Ce que je trouve bizarre est que je n'ai plus connexion à interent mais peut être tout est lié puisque les .exe impossible de les ouvrir et le rundll32.exe est introuvable malgré qu'il est dans le systéme  

Reply

Marsh Posté le 20-06-2011 à 10:49:53    

Je vous joints les différents rapports de malarwabyte :
 
***************************
 
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
 
Version de la base de données: 6705
 
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
 
20/06/2011 10:41:08
mbam-log-2011-06-20 (10-41-08).txt
 
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 215819
Temps écoulé: 1 heure(s), 5 minute(s), 2 seconde(s)
 
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
 
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
 
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
 
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
 
Valeur(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
 
Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\Nadia nekhlaoui\Local Settings\Application Data\ycs.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
 
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
 
Fichier(s) infecté(s):
c:\documents and settings\nadia nekhlaoui\local settings\application data\lgx.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
 
*******************************************
 
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
 
Database version: 6705
 
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
 
19/06/2011 19:25:15
mbam-log-2011-06-19 (19-25-15).txt
 
Scan type: Quick scan
Objects scanned: 154874
Time elapsed: 3 minute(s), 26 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
 
Memory Processes Infected:
(No malicious items detected)
 
Memory Modules Infected:
(No malicious items detected)
 
Registry Keys Infected:
(No malicious items detected)
 
Registry Values Infected:
(No malicious items detected)
 
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Nadia nekhlaoui\Local Settings\Application Data\ycs.exe" -a "" ) Good: (iexplore.exe) -> Quarantined and deleted successfully.
 
Folders Infected:
(No malicious items detected)
 
Files Infected:
(No malicious items detected)
 
************************************
 
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
 
Database version: 6894
 
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
 
19/06/2011 16:40:03
mbam-log-2011-06-19 (16-40-03).txt
 
Scan type: Full scan (C:\|D:\|)
Objects scanned: 220452
Time elapsed: 25 minute(s), 15 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
 
Memory Processes Infected:
(No malicious items detected)
 
Memory Modules Infected:
(No malicious items detected)
 
Registry Keys Infected:
(No malicious items detected)
 
Registry Values Infected:
(No malicious items detected)
 
Registry Data Items Infected:
(No malicious items detected)
 
Folders Infected:
(No malicious items detected)
 
Files Infected:
c:\system volume information\_restore{a21932bc-6dda-42a7-ace0-57b149ca8d0a}\RP357\A0094256.dll (Adware.Agent) -> Quarantined and deleted successfully.
 
***********************************************
 
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
 
Database version: 6823
 
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
 
18/06/2011 12:31:48
mbam-log-2011-06-18 (12-31-48).txt
 
Scan type: Quick scan
Objects scanned: 157869
Time elapsed: 21 minute(s), 51 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0
 
Memory Processes Infected:
(No malicious items detected)
 
Memory Modules Infected:
(No malicious items detected)
 
Registry Keys Infected:
(No malicious items detected)
 
Registry Values Infected:
(No malicious items detected)
 
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Nadia nekhlaoui\Local Settings\Application Data\ycs.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe" ) Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
 
Folders Infected:
(No malicious items detected)
 
Files Infected:
(No malicious items detected)
 
*******************************
 
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
 
Database version: 6894
 
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
 
19/06/2011 16:12:40
mbam-log-2011-06-19 (16-12-40).txt
 
Scan type: Quick scan
Objects scanned: 158700
Time elapsed: 6 minute(s), 43 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1
 
Memory Processes Infected:
(No malicious items detected)
 
Memory Modules Infected:
(No malicious items detected)
 
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\YontooIEClient.Layers.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\YontooIEClient.Layers (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> Quarantined and deleted successfully.
 
Registry Values Infected:
(No malicious items detected)
 
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Nadia nekhlaoui\Local Settings\Application Data\ycs.exe" -a "" ) Good: (iexplore.exe) -> Quarantined and deleted successfully.
 
Folders Infected:
(No malicious items detected)
 
Files Infected:
c:\program files\PageRage\yontooieclient.dll (Adware.Agent) -> Quarantined and deleted successfully.
 
**********************************
 
Merci

Reply

Marsh Posté le 20-06-2011 à 16:57:15    

Salut,
 
Dans un premier temps, édite ton dernier poste et supprimes tous les rapports MBAM que tu as publié, la charte du forum interdit de poster les rapports directement sur les forums.
 
Ensuite, une question : possèdes tu le cd d'installation de XP  ? Si oui, je t'invite par commencer à faire une réparation de ton système qui est endommagé, une réparation sans formatage.  
 
Un tutoriel pour t'aider.
 
Une fois cette réparation effectuée, reviens me voir avec un rapport ZHPDiag effectué en mode normal et non en mode sans échec.


Message édité par Profil supprimé le 20-06-2011 à 21:01:55
Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed