Plusieurs trojan (gen , 2873) hjt log
Dernière réponse : dans Sécurité
Salut tout le monde,
Hier je me suis rendu compte que mon nod32 ne s etait pas mis en route depuis un bout de temps... Du coup j ai installé avast qui m a indiqué plusieurs virus mais qui arrivait pas a effacer les fichiers créés...
Donc je viens de faire un scan en sans echec avec ewido et plus bas j ai joint le log hjt.
Voici le scan log de iwedp:
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 14:27:10, 20/04/2006
+ Somme de contrôle: 69E66A00
+ Résultats du scan:
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Nettoyer et sauvegarder
HKU\S-1-5-21-4121385395-1743180959-3718373877-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Nettoyer et sauvegarder
C:\WINDOWS\csrss.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\WINDOWS\keyboard12.exe -> Downloader.VB.abd : Nettoyer et sauvegarder
C:\WINDOWS\newname12.exe -> Downloader.VB.aaf : Nettoyer et sauvegarder
C:\WINDOWS\mousepad12.exe -> Hijacker.VB.mo : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[1].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[2].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[3].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[4].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[5].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[6].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[7].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[8].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[9].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[10].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[11].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OXYBGDM7\keyboard12[1].exe -> Downloader.VB.abd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SZ01Q9YB\mousepad12[1].exe -> Hijacker.VB.mo : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IJQXG5U1\newname12[1].exe -> Downloader.VB.aaf : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Local Settings\Temp\temp.fr417E\Programs\webhdll.dll -> Adware.WebHancer : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP70\A0009741.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP70\A0009937.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP70\A0009948.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP72\A0009999.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP72\A0010008.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP72\A0010743.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP73\A0010752.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP73\A0010763.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP74\A0010777.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP74\A0010788.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP75\A0010855.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP75\A0011056.exe -> Adware.MediaTickets : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP75\A0011058.exe -> Adware.WebHancer : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP75\A0011082.exe -> Adware.WebHancer : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP75\A0011085.dll -> Adware.WebHancer : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP75\A0011093.DLL -> Adware.WebHancer : Nettoyer et sauvegarder
::Fin du rapport
et je viens de faire un scan hijack :
Logfile of HijackThis v1.99.1
Scan saved at 14:52:17, on 20/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\pop06ap2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\YOANN\Bureau\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lemonde.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Windows Security Drivers (csrs) - Unknown owner - C:\WINDOWS\csrss.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Voila, j ai fais ca apres avoir lu d autres sujets mais je n y connais absolument rien :-(
Merci pour votre aide a bientot
Hier je me suis rendu compte que mon nod32 ne s etait pas mis en route depuis un bout de temps... Du coup j ai installé avast qui m a indiqué plusieurs virus mais qui arrivait pas a effacer les fichiers créés...
Donc je viens de faire un scan en sans echec avec ewido et plus bas j ai joint le log hjt.
Voici le scan log de iwedp:
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 14:27:10, 20/04/2006
+ Somme de contrôle: 69E66A00
+ Résultats du scan:
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Nettoyer et sauvegarder
HKU\S-1-5-21-4121385395-1743180959-3718373877-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Nettoyer et sauvegarder
C:\WINDOWS\csrss.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\WINDOWS\keyboard12.exe -> Downloader.VB.abd : Nettoyer et sauvegarder
C:\WINDOWS\newname12.exe -> Downloader.VB.aaf : Nettoyer et sauvegarder
C:\WINDOWS\mousepad12.exe -> Hijacker.VB.mo : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[1].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[2].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[3].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[4].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[5].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[6].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[7].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[8].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[9].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[10].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C56JCH6N\das[11].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OXYBGDM7\keyboard12[1].exe -> Downloader.VB.abd : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SZ01Q9YB\mousepad12[1].exe -> Hijacker.VB.mo : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IJQXG5U1\newname12[1].exe -> Downloader.VB.aaf : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Local Settings\Temp\temp.fr417E\Programs\webhdll.dll -> Adware.WebHancer : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\YOANN\Cookies\yoann@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP70\A0009741.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP70\A0009937.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP70\A0009948.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP72\A0009999.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP72\A0010008.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP72\A0010743.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP73\A0010752.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP73\A0010763.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP74\A0010777.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP74\A0010788.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP75\A0010855.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP75\A0011056.exe -> Adware.MediaTickets : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP75\A0011058.exe -> Adware.WebHancer : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP75\A0011082.exe -> Adware.WebHancer : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP75\A0011085.dll -> Adware.WebHancer : Nettoyer et sauvegarder
C:\System Volume Information\_restore{8160ED39-1B6C-474C-8022-4F031945BB6B}\RP75\A0011093.DLL -> Adware.WebHancer : Nettoyer et sauvegarder
::Fin du rapport
et je viens de faire un scan hijack :
Logfile of HijackThis v1.99.1
Scan saved at 14:52:17, on 20/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\pop06ap2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\YOANN\Bureau\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lemonde.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Windows Security Drivers (csrs) - Unknown owner - C:\WINDOWS\csrss.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Voila, j ai fais ca apres avoir lu d autres sujets mais je n y connais absolument rien :-(
Merci pour votre aide a bientot
Autres pages sur : plusieurs trojan gen 2873 hjt log
Lassé par la pub ? Créez un compte
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus proxy firefox log hjt
- ForumVirus cache log hjt joint
- ForumVirus et log hjt
- ForumProbleme lenteur pc virus - log hjt
- ForumVirus voici mon log hjt
- ForumPeut-etre virus, comment faire un log hjt
- ForumDemande d'analyse de log hjt
- ForumLog hijackthis trojan trouve
- ForumInfection trojan log highjack
- ForumTrojan psw.banker4.apsa, log hijackthis
- Voir plus
