Win32:Horst-L et Horst-N
Dernière réponse : dans Sécurité
bonsoir
depuis quelques jours j'ai constament une alerte virus (avast à jour) Win32:Horst-L et Horst-N.
j'ai lu quelques post mais pas trouvé de vraie soluce à mon problème, merci de votre aide
voici mon rapport HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 19:09:14, on 24/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\FreeBrowser\FreeBrowser\FreeBrowser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Standard\Bureau\scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [FreeBrowser] C:\Program Files\FreeBrowser\FreeBrowser\FreeBrowser.exe
O4 - Global Startup: IncrediMail.lnk = C:\Program Files\IncrediMail\bin\IncMail.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{894980AB-12E4-48BF-9225-B1B8421963F6}: NameServer = 212.27.54.252,212.27.53.252,212.27.39.134
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
voici mon rapport sdfix
SDFix: Version 1.31
-------------------
Scan run on:
24/10/2006
Time:
18:50
Microsoft Windows XP [version 5.1.2600]
Running from: D:\Documents and Settings\Standard\Bureau\SDFix
Stage One...
Checking Services...
Name:
-----
Path:
----
Repairing Registry...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two...
Checking For Malware:
--------------------
Backing Up and Removing any Files Found...
depuis quelques jours j'ai constament une alerte virus (avast à jour) Win32:Horst-L et Horst-N.
j'ai lu quelques post mais pas trouvé de vraie soluce à mon problème, merci de votre aide
voici mon rapport HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 19:09:14, on 24/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\FreeBrowser\FreeBrowser\FreeBrowser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Standard\Bureau\scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [FreeBrowser] C:\Program Files\FreeBrowser\FreeBrowser\FreeBrowser.exe
O4 - Global Startup: IncrediMail.lnk = C:\Program Files\IncrediMail\bin\IncMail.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{894980AB-12E4-48BF-9225-B1B8421963F6}: NameServer = 212.27.54.252,212.27.53.252,212.27.39.134
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
voici mon rapport sdfix
SDFix: Version 1.31
-------------------
Scan run on:
24/10/2006
Time:
18:50
Microsoft Windows XP [version 5.1.2600]
Running from: D:\Documents and Settings\Standard\Bureau\SDFix
Stage One...
Checking Services...
Name:
-----
Path:
----
Repairing Registry...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two...
Checking For Malware:
--------------------
Backing Up and Removing any Files Found...
Autres pages sur : win32 horst horst
Lassé par la pub ? Créez un compte
Bonjour,
Pourquoi SDFix ?
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto de Malekal
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport ici.
Pourquoi SDFix ?
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto de Malekal
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport ici.
salut a tous j ai le même probléme je pense;
j'ai avast resident qui detecte un trj du nom Win32:Horst-N qui se localise a chaque fois dans C (malin ca![:na:]( ":na:")
)
Khaos 2476 Sign of "Win32:Horst-N [Trj]" has been found in "C:\Documents and Settings\Khaos\Local Settings\Temp\8exssd32.d.exe\[UPX]" file.
Khaos 2476 Sign of "Win32:Horst-N [Trj]" has been found in "C:\Documents and Settings\Khaos\Local Settings\Temp\9exssd32.d.exe\[UPX]" file.
Khaos 240 Sign of "Win32:Horst-N [Trj]" has been found in "C:\DOCUME~1\Khaos\LOCALS~1\Temp\7exssd32.d.exe\[UPX]" file.
Khaos 2036 Sign of "Win32:Horst-N [Trj]" has been found in "C:\DOCUME~1\Khaos\LOCALS~1\Temp\34exssd32.d.exe\[UPX]" file.
Khaos 2036 Sign of "Win32:Horst-N [Trj]" has been found in "C:\DOCUME~1\Khaos\LOCALS~1\Temp\99exssd32.d.exe\[UPX]" file.
Khaos 2036 Sign of "Win32:Horst-N [Trj]" has been found in "C:\Documents and Settings\Khaos\Local Settings\Temp\23exssd32.d.exe\[UPX]" file.
Khaos 124 Sign of "Win32:Horst-N [Trj]" has been found in "C:\DOCUME~1\Khaos\LOCALS~1\Temp\1exssd32.d.exe\[UPX]" file.
Khaos 124 Sign of "Win32:Horst-N [Trj]" has been found in "C:\DOCUME~1\Khaos\LOCALS~1\Temp\28exssd32.d.exe\[UPX]" file.
a chaque message je demande la quarantaine/suppression qui ne fonctionne pas ÉVIDEMENT!!
Du coup aprés quelques coup sur le clavier je suis tombé sur pas mal de manip a faire a l'aide hijack et d autre.
j'ai dl quelque soft ; a-squared free 2.0, ewido antispyware 4.0 a-squared hijack free, trojan remover, un .zip du nom de clean, et hijackthis bien sure.
Voila la démarche que j ai entreprise:
scan multiple avec asquared(dont voici le log du dernier sur lequel apparait le trj):
Version - a-squared Free 2.0
Réglages Scan:
Objets: Mémoire, Traces, Cookies, C:\
Scan archives: Marche
Heuristiques: Marche
Scan ADS: Marche
Début du scan: 26/10/2006 21:13:30
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:28 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:29 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:30 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:41 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:42 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:43 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:68 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:69 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:106 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:126 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:150 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\Cache\3CD27B45d01/pskill.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
C:\Documents and Settings\Khaos\Bureau\Téléchargement\clean.zip/pskill.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
Scanné
Fichiers: 57437
Traces: 79839
Cookies: 242
Processus: 31
Trouver
Fichiers: 2
Traces: 0
Cookies: 11
Processus: 0
Clés de Registre: 0
Fin du Scan: 26/10/2006 22:11:48
Temps du Scan: 00:58:18
Scan avec ewido:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 20:55:17 26/10/2006
+ Scan result:
[1692] VM_00400000 -> Proxy.Horst.kq : No action taken.
::Report end
et enfin scan avec hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:17:26, on 26/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\a-squared Free\a2free.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe
C:\Documents and Settings\Khaos\Bureau\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\msiexec.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Installation\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
je vais faire un reboot en mode sans echec + double click sur clean.cmd.
Et voila ce que je peux dire.
Un coup de main serais agréable et bien venus le traffic de mon réseaux (freebox + mon pc) tape ds les
1.25 Mbt/s en up et5Mbt/s en dl (le rêve pour le dl) c'est injouable cette situation.
Merci d'avance![:jap:]( ":jap:")
![:jap:]( ":jap:")
![:jap:]( ":jap:")
j'ai avast resident qui detecte un trj du nom Win32:Horst-N qui se localise a chaque fois dans C (malin ca
)Khaos 2476 Sign of "Win32:Horst-N [Trj]" has been found in "C:\Documents and Settings\Khaos\Local Settings\Temp\8exssd32.d.exe\[UPX]" file.
Khaos 2476 Sign of "Win32:Horst-N [Trj]" has been found in "C:\Documents and Settings\Khaos\Local Settings\Temp\9exssd32.d.exe\[UPX]" file.
Khaos 240 Sign of "Win32:Horst-N [Trj]" has been found in "C:\DOCUME~1\Khaos\LOCALS~1\Temp\7exssd32.d.exe\[UPX]" file.
Khaos 2036 Sign of "Win32:Horst-N [Trj]" has been found in "C:\DOCUME~1\Khaos\LOCALS~1\Temp\34exssd32.d.exe\[UPX]" file.
Khaos 2036 Sign of "Win32:Horst-N [Trj]" has been found in "C:\DOCUME~1\Khaos\LOCALS~1\Temp\99exssd32.d.exe\[UPX]" file.
Khaos 2036 Sign of "Win32:Horst-N [Trj]" has been found in "C:\Documents and Settings\Khaos\Local Settings\Temp\23exssd32.d.exe\[UPX]" file.
Khaos 124 Sign of "Win32:Horst-N [Trj]" has been found in "C:\DOCUME~1\Khaos\LOCALS~1\Temp\1exssd32.d.exe\[UPX]" file.
Khaos 124 Sign of "Win32:Horst-N [Trj]" has been found in "C:\DOCUME~1\Khaos\LOCALS~1\Temp\28exssd32.d.exe\[UPX]" file.
a chaque message je demande la quarantaine/suppression qui ne fonctionne pas ÉVIDEMENT!!
Du coup aprés quelques coup sur le clavier je suis tombé sur pas mal de manip a faire a l'aide hijack et d autre.
j'ai dl quelque soft ; a-squared free 2.0, ewido antispyware 4.0 a-squared hijack free, trojan remover, un .zip du nom de clean, et hijackthis bien sure.
Voila la démarche que j ai entreprise:
scan multiple avec asquared(dont voici le log du dernier sur lequel apparait le trj):
Version - a-squared Free 2.0
Réglages Scan:
Objets: Mémoire, Traces, Cookies, C:\
Scan archives: Marche
Heuristiques: Marche
Scan ADS: Marche
Début du scan: 26/10/2006 21:13:30
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:28 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:29 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:30 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:41 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:42 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:43 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:68 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:69 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:106 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:126 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\cookies.txt:150 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Khaos\Application Data\Mozilla\Firefox\Profiles\lcw7zao5.default\Cache\3CD27B45d01/pskill.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
C:\Documents and Settings\Khaos\Bureau\Téléchargement\clean.zip/pskill.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
Scanné
Fichiers: 57437
Traces: 79839
Cookies: 242
Processus: 31
Trouver
Fichiers: 2
Traces: 0
Cookies: 11
Processus: 0
Clés de Registre: 0
Fin du Scan: 26/10/2006 22:11:48
Temps du Scan: 00:58:18
Scan avec ewido:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 20:55:17 26/10/2006
+ Scan result:
[1692] VM_00400000 -> Proxy.Horst.kq : No action taken.
::Report end
et enfin scan avec hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:17:26, on 26/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\a-squared Free\a2free.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe
C:\Documents and Settings\Khaos\Bureau\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\msiexec.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Installation\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
je vais faire un reboot en mode sans echec + double click sur clean.cmd.
Et voila ce que je peux dire.
Un coup de main serais agréable et bien venus le traffic de mon réseaux (freebox + mon pc) tape ds les
1.25 Mbt/s en up et5Mbt/s en dl (le rêve pour le dl) c'est injouable cette situation.
Merci d'avance
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumImpossible de suprimer trojan win32 horst-b
- ForumA l aide contre virus win32 horst
- ForumCheval detroie win32 horst-c trj
- ForumVirus win32 horst-gv trj
- ForumVirus win32 horst-dz
- ForumWin32 horst-dz trj
- ForumN est pas une application win32 valide
- ForumCheval de troie win32 horst-ij tri
- ForumProbleme avec virus win32 horst-dz
- ForumVirus infecte par win32 horst-gh trj
- Voir plus
