download trojan
Dernière réponse : dans Sécurité
Alors voila ca fait un certain temps que j'ai chopé un cheval de troie (download.trojan). J'ai tout essayé mais a chaque fois c'est la meme chose je n'arrive pas a le supprimer car il est utilisé (en train d'exécuter d'autres composants). Je suis meme allée en mode sans échec mais c'est pareil. Aidez-moi svp
Autres pages sur : download trojan
Lassé par la pub ? Créez un compte
Salut,
Poste un log HijackThis.
Télécharge le, puis met le dans un dossier dédié (exemple : ..\Bureau\Hijackthis\Hijackthis.exe ).
Ensuite, lance le, appuie sur Do a system scan a save a logfile, et donne nous le résultat du scan
www.infos-du-net.com/telecharger/HijackThis.html
Poste un log HijackThis.
Télécharge le, puis met le dans un dossier dédié (exemple : ..\Bureau\Hijackthis\Hijackthis.exe ).
Ensuite, lance le, appuie sur Do a system scan a save a logfile, et donne nous le résultat du scan
www.infos-du-net.com/telecharger/HijackThis.html
Logfile of HijackThis v1.99.1
Scan saved at 11:29:57, on 28/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Ulead
Systems\AutoDetector\monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0
Trial\CalCheck.exe
C:\Program Files\DigitalPeers\CamTrack\dptracker.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec
Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\a-squared\a2start.exe
C:\Program Files\a-squared\a2scan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SYLVIE\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gogole.fr/
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} -
C:\WINDOWS\system32\admparsek.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00301} - (no
file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00302} -
C:\WINDOWS\adsldpbn.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - (no
file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers
communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program
Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus!
3\MsgPlus.exe"
O4 - Startup: CamTrack.lnk = C:\Program
Files\DigitalPeers\CamTrack\dptracker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ulead Photo Express Calendar Checker.lnk =
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0
Trial\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F}
(InstallerBehaviorFactory Class) -
https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClie...
b
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer
ActiveX Control French) -
http://downloadtoontown.goa.com/sv1.5.11.6/ttinst-frenc...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games
Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) -
http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.ca...
d2f76c0a95f8bda2e136957473c550bfb81e49252734af6867d26a66ecec618633058
da45cb1addd0a4167fc5f33e0c071476677bb6fc6:190950799eb876e613008c54b81
0aed3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\system32\cfgmngr32.dll
O20 - Winlogon Notify: WRNotifier -
C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec
Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program
Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec
Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) -
TuneUp Software GmbH - C:\Program Files\TuneUp Utilities
2006\WinStylerThemeSvc.exe
voila. maintenant qu'est-ce que je dois faire ?
Scan saved at 11:29:57, on 28/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Ulead
Systems\AutoDetector\monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0
Trial\CalCheck.exe
C:\Program Files\DigitalPeers\CamTrack\dptracker.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec
Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\a-squared\a2start.exe
C:\Program Files\a-squared\a2scan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SYLVIE\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gogole.fr/
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} -
C:\WINDOWS\system32\admparsek.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00301} - (no
file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00302} -
C:\WINDOWS\adsldpbn.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - (no
file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers
communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program
Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus!
3\MsgPlus.exe"
O4 - Startup: CamTrack.lnk = C:\Program
Files\DigitalPeers\CamTrack\dptracker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ulead Photo Express Calendar Checker.lnk =
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0
Trial\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F}
(InstallerBehaviorFactory Class) -
https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClie...
b
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer
ActiveX Control French) -
http://downloadtoontown.goa.com/sv1.5.11.6/ttinst-frenc...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games
Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) -
http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.ca...
d2f76c0a95f8bda2e136957473c550bfb81e49252734af6867d26a66ecec618633058
da45cb1addd0a4167fc5f33e0c071476677bb6fc6:190950799eb876e613008c54b81
0aed3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\system32\cfgmngr32.dll
O20 - Winlogon Notify: WRNotifier -
C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec
Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program
Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec
Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) -
TuneUp Software GmbH - C:\Program Files\TuneUp Utilities
2006\WinStylerThemeSvc.exe
voila. maintenant qu'est-ce que je dois faire ?
Re,
c'est comme tu veut !! regarde bien ta ligne 02
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll
Résultat :
(no name) {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} X BHO admparsel.dll, admparsek.dll Adware downloader- detected by Kaspersky antivirus as Trojan-Downloader.Win32.Delf.agw
Apres c'est toi qui voit :-D
c'est comme tu veut !! regarde bien ta ligne 02
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll
Résultat :
(no name) {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} X BHO admparsel.dll, admparsek.dll Adware downloader- detected by Kaspersky antivirus as Trojan-Downloader.Win32.Delf.agw
Apres c'est toi qui voit :-D
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumMe debarasser de download trojan sur x
- ForumVirus download trojan
- ForumDownload trojan horse virus
- ForumVirus trojan horses download
- ForumTrojan virus download
- ForumDownload virus trojan
- ForumTrojan infectee trojan lopad.b downloader
- ForumTrojan downloader win32.conhook.hl
- ForumTrojan downloader
- ForumTrojan downloader win32 swizzor.fq
- Voir plus
