Trojan-BNK.Win32.keylogger.gen
Trojan-BNK.Win32.keylogger.gen - Virus/Spywares - Windows & Software
Marsh Posté le 20-06-2011 à 10:35:33
Voila les différents rapports :
ZHPDiag.txt http://www.cijoint.fr/cjlink.php?f [...] ormvrX.txt
ZHPFixReport.txt http://www.cijoint.fr/cjlink.php?f [...] I1IbvV.txt
ZHPFixReport1.txt http://www.cijoint.fr/cjlink.php?f [...] oXyrCb.txt
Ad-Report-CLEAN[3].txt http://www.cijoint.fr/cjlink.php?f [...] 7YbkKv.txt
Je suis en train de rescanner malarwabyte, mais comme je n'ai pas internet sur le poste il n'est pas à jour.
Je vous l'envoie dés qu'il finira (il y a un élément déféctueux)
Ce que je trouve bizarre est que je n'ai plus connexion à interent mais peut être tout est lié puisque les .exe impossible de les ouvrir et le rundll32.exe est introuvable malgré qu'il est dans le systéme
Marsh Posté le 20-06-2011 à 10:49:53
Je vous joints les différents rapports de malarwabyte :
***************************
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Version de la base de données: 6705
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
20/06/2011 10:41:08
mbam-log-2011-06-20 (10-41-08).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 215819
Temps écoulé: 1 heure(s), 5 minute(s), 2 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\Nadia nekhlaoui\Local Settings\Application Data\ycs.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\documents and settings\nadia nekhlaoui\local settings\application data\lgx.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
*******************************************
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6705
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
19/06/2011 19:25:15
mbam-log-2011-06-19 (19-25-15).txt
Scan type: Quick scan
Objects scanned: 154874
Time elapsed: 3 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Nadia nekhlaoui\Local Settings\Application Data\ycs.exe" -a "" ) Good: (iexplore.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
************************************
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6894
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
19/06/2011 16:40:03
mbam-log-2011-06-19 (16-40-03).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 220452
Time elapsed: 25 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{a21932bc-6dda-42a7-ace0-57b149ca8d0a}\RP357\A0094256.dll (Adware.Agent) -> Quarantined and deleted successfully.
***********************************************
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6823
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
18/06/2011 12:31:48
mbam-log-2011-06-18 (12-31-48).txt
Scan type: Quick scan
Objects scanned: 157869
Time elapsed: 21 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Nadia nekhlaoui\Local Settings\Application Data\ycs.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe" ) Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
*******************************
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6894
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
19/06/2011 16:12:40
mbam-log-2011-06-19 (16-12-40).txt
Scan type: Quick scan
Objects scanned: 158700
Time elapsed: 6 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\YontooIEClient.Layers.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\YontooIEClient.Layers (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Nadia nekhlaoui\Local Settings\Application Data\ycs.exe" -a "" ) Good: (iexplore.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\PageRage\yontooieclient.dll (Adware.Agent) -> Quarantined and deleted successfully.
**********************************
Merci
Marsh Posté le 20-06-2011 à 16:57:15
Salut,
Dans un premier temps, édite ton dernier poste et supprimes tous les rapports MBAM que tu as publié, la charte du forum interdit de poster les rapports directement sur les forums.
Ensuite, une question : possèdes tu le cd d'installation de XP ? Si oui, je t'invite par commencer à faire une réparation de ton système qui est endommagé, une réparation sans formatage.
Un tutoriel pour t'aider.
Une fois cette réparation effectuée, reviens me voir avec un rapport ZHPDiag effectué en mode normal et non en mode sans échec.
Message édité par Profil supprimé le 20-06-2011 à 21:01:55
Sujets relatifs:
- Infection win32:fakeAV-bws et win32:olmarik-F
- Keylogger / Compte WoW et Mail piraté
- trojan se faisant passer pour la police !
- Trojan détecté, écran noir ! Besoin d'aide ! Merci !
- [RESOLU] une application Win32 non valide sur installation GPS Navigon
- VIRUS trojan aidez moi
- PWS:Win32/Frethog.F
- Keylogger / trojan
- impossible de supprimer Trojan csrss.exe
Marsh Posté le 20-06-2011 à 09:58:19
Bonjour,
(((
J'ai attrappé le visrus : Trojan-BNK.Win32.keylogger.gen
j'ai suivi les sotlutions proposés sur le forum mais cela ne marche pas
J'ai fait un scan avec ZHPDiag, malarwabyte, spybot... le virus est toujours la
le pc contaminé n' plus internet,
le systéme n'arrive pas à ouvrir le rundll32 et impossible d'exécuter les .exe
C'est un netbook xp samsung
Help please