tentatives d'intrusions sur mon PC
Dernière réponse : dans Sécurité
Bonjour,
J'ai des tentatives d'intrusions sur le PC de mon amie que bloque, a priori, Zone Alarm.
J'ai lancé ewindo, panda et Hijackthis dont voici les rapports :
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 21:59:48, 08/04/2006
+ Somme de contrôle: FE76C2B0
+ Résultats du scan:
C:\Documents and Settings\Violette\Cookies\violette@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\Violette\Cookies\violette@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
::Fin du rapport
------------------
Panda
------------------
Incident Status Location
Spyware:spyware/media-motor Not disinfected C:\WINNT\ubber60.ini
Adware:adware/cws.searchmeup Not disinfected C:\WINNT\uniq
Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\FICHIERS COMMUNS\Windows
Adware:adware/elitebar Not disinfected C:\Documents and Settings\Violette\Favoris\Casino & Carrers
Adware:adware program Not disinfected Windows Registry
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Violette\Cookies\violette@bluestreak[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Violette\Cookies\violette@doubleclick[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Violette\Cookies\violette@valueclick[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Violette\Cookies\violette@xiti[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Violette\Bureau\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Violette\Bureau\SmitfraudFix.zip[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Violette\Bureau\VundoFix\VundoFix\process.exe
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Violette\Cookies\violette@bluestreak[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Violette\Cookies\violette@doubleclick[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Violette\Cookies\violette@valueclick[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Violette\Cookies\violette@xiti[1].txt
Virus:Bck/Aemon.R Disinfected C:\WINNT\system32\eraseme_63780.exe
Virus:W32/Sdbot.EWU.worm Disinfected C:\WINNT\system32\eraseme_71302.exe
Virus:Bck/Aemon.R Disinfected C:\WINNT\system32\hal.exe
Virus:W32/Sdbot.ftp Disinfected C:\WINNT\system32\i
Virus:W32/Sdbot.EYA.worm Disinfected C:\WINNT\system32\setup_76217.exe
Virus:W32/Ircbot.LB.worm Disinfected C:\WINNT\system32\TFTP1840
Virus:W32/Sdbot.GES.worm Disinfected C:\WINNT\system32\TFTP276
-------------------
HJT
-------------------
Logfile of HijackThis v1.99.1
Scan saved at 14:41:07, on 09/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?4617edc35750425285f2b51af2b6dad2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?4617edc35750425285f2b51af2b6dad2
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/i...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ur32megareg - C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: sysec(sysec) (sysec) - Unknown owner - C:\WINNT\system32\systsec.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
Merci à tout ceux qui pourront m'aider à résoudre mon pb.
Cali
J'ai des tentatives d'intrusions sur le PC de mon amie que bloque, a priori, Zone Alarm.
J'ai lancé ewindo, panda et Hijackthis dont voici les rapports :
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 21:59:48, 08/04/2006
+ Somme de contrôle: FE76C2B0
+ Résultats du scan:
C:\Documents and Settings\Violette\Cookies\violette@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\Violette\Cookies\violette@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
::Fin du rapport
------------------
Panda
------------------
Incident Status Location
Spyware:spyware/media-motor Not disinfected C:\WINNT\ubber60.ini
Adware:adware/cws.searchmeup Not disinfected C:\WINNT\uniq
Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\FICHIERS COMMUNS\Windows
Adware:adware/elitebar Not disinfected C:\Documents and Settings\Violette\Favoris\Casino & Carrers
Adware:adware program Not disinfected Windows Registry
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Violette\Cookies\violette@bluestreak[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Violette\Cookies\violette@doubleclick[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Violette\Cookies\violette@valueclick[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Violette\Cookies\violette@xiti[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Violette\Bureau\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Violette\Bureau\SmitfraudFix.zip[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Violette\Bureau\VundoFix\VundoFix\process.exe
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Violette\Cookies\violette@bluestreak[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Violette\Cookies\violette@doubleclick[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Violette\Cookies\violette@valueclick[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Violette\Cookies\violette@xiti[1].txt
Virus:Bck/Aemon.R Disinfected C:\WINNT\system32\eraseme_63780.exe
Virus:W32/Sdbot.EWU.worm Disinfected C:\WINNT\system32\eraseme_71302.exe
Virus:Bck/Aemon.R Disinfected C:\WINNT\system32\hal.exe
Virus:W32/Sdbot.ftp Disinfected C:\WINNT\system32\i
Virus:W32/Sdbot.EYA.worm Disinfected C:\WINNT\system32\setup_76217.exe
Virus:W32/Ircbot.LB.worm Disinfected C:\WINNT\system32\TFTP1840
Virus:W32/Sdbot.GES.worm Disinfected C:\WINNT\system32\TFTP276
-------------------
HJT
-------------------
Logfile of HijackThis v1.99.1
Scan saved at 14:41:07, on 09/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?4617edc35750425285f2b51af2b6dad2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?4617edc35750425285f2b51af2b6dad2
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/i...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ur32megareg - C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: sysec(sysec) (sysec) - Unknown owner - C:\WINNT\system32\systsec.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
Merci à tout ceux qui pourront m'aider à résoudre mon pb.
Cali
Autres pages sur : tentatives intrusions
Lassé par la pub ? Créez un compte
Bon voila, j'ai télécharger a2free et j'ai scanné le PC avec. Il a trouvé et supprimé 2 malware. Malheureusement j'ai encore mes tentatives d'intrusions sur le PC. ZA en bloque environ 1 toutes les minutes et me donne l'adresse IP d'ou semble provenir "l'attaque".
Merci d'avance à ceux qui pourront m'aider.
Merci d'avance à ceux qui pourront m'aider.
Lassé par la pub ? Créez un compte
- Contenus similaires :
