trojan.cardst
Dernière réponse : dans Sécurité
bonjour,
avg antispyware me detecte le trojan.cardst
il le supprime mais a cahque redemarrage si je refais un scan, il est toujours present![:fou:]( ":fou:")
voici le rapport hijackthis apres avg:
Logfile of HijackThis v1.99.1
Scan saved at 19:57:45, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\eChanblard\emule.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
j'ai adware aussi et macafee antivirus (mis a jour regulierement)
merci pour votre aide![:jap:]( ":jap:")
avg antispyware me detecte le trojan.cardst
il le supprime mais a cahque redemarrage si je refais un scan, il est toujours present
voici le rapport hijackthis apres avg:
Logfile of HijackThis v1.99.1
Scan saved at 19:57:45, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\eChanblard\emule.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
j'ai adware aussi et macafee antivirus (mis a jour regulierement)
merci pour votre aide
Autres pages sur : trojan cardst
Lassé par la pub ? Créez un compte
merci de m'aider angeldark
je crois que c'est ca que tu veux:
C:\System Volume Information\_restore{94A1ED4C-278E-46BD-9A7A-DDD50BA654E4}\RP390\A0036622.dll -> Trojan.Agent.abd : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\0B7238C0d01 -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\20C29688d01 -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B24FB058d01 -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B3359AB5d01 -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\DAC3ECB5d01 -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
je crois que c'est ca que tu veux:
C:\System Volume Information\_restore{94A1ED4C-278E-46BD-9A7A-DDD50BA654E4}\RP390\A0036622.dll -> Trojan.Agent.abd : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\0B7238C0d01 -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\20C29688d01 -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B24FB058d01 -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B3359AB5d01 -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\DAC3ECB5d01 -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
bonjour
excusez moi de vous deranger de nouveau mais ce trojan est revenu!![:pfff:]( ":pfff:")
ce matin j'allume mon PC et je refais un hijackthis,voici le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 10:13:05, on 19/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
ensuite je relance avg antispyware et la il me retrouve trojan.cardst:
voici le rapport:
:mozilla.47:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.46:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.69:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.21:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.23:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.24:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.25:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.71:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\0B7238C0d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\20C29688d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\252845F9d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\25285449d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\328B1AE9d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\328B3FC9d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\328B62E9d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\330DAE6Ed01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\65CB282Ad01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\7552DB95d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\76322A6Bd01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\76322B05d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\7635AE9Fd01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\8907912Ed01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B24826DFd01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B2482E36d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B248343Dd01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B248F42Ad01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B24FA356d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B24FBE2Bd01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B333AC21d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B3359D27d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\BA6B3F89d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\DAC3ECB5d01 -> Trojan.Cardst : Aucune action entreprise.
je n'ai pas applique les actions.
apres application des actions voici le rapport:
:mozilla.47:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.46:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.69:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.21:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.23:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.24:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.22:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.25:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.71:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\0B7238C0d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\20C29688d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\252845F9d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\25285449d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\328B1AE9d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\328B3FC9d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\328B62E9d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\330DAE6Ed01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\65CB282Ad01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\7552DB95d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\76322A6Bd01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\76322B05d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\7635AE9Fd01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\8907912Ed01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B24826DFd01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B2482E36d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B248343Dd01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B248F42Ad01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B24FA356d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B24FBE2Bd01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B333AC21d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B3359D27d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\BA6B3F89d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\DAC3ECB5d01 -> Trojan.Cardst : Nettoyé.
je ne sais plus quoi faire....
merci de votre aide
excusez moi de vous deranger de nouveau mais ce trojan est revenu!
ce matin j'allume mon PC et je refais un hijackthis,voici le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 10:13:05, on 19/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
ensuite je relance avg antispyware et la il me retrouve trojan.cardst:
voici le rapport:
:mozilla.47:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.46:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.69:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.21:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.23:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.24:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.25:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.71:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\0B7238C0d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\20C29688d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\252845F9d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\25285449d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\328B1AE9d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\328B3FC9d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\328B62E9d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\330DAE6Ed01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\65CB282Ad01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\7552DB95d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\76322A6Bd01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\76322B05d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\7635AE9Fd01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\8907912Ed01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B24826DFd01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B2482E36d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B248343Dd01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B248F42Ad01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B24FA356d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B24FBE2Bd01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B333AC21d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B3359D27d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\BA6B3F89d01 -> Trojan.Cardst : Aucune action entreprise.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\DAC3ECB5d01 -> Trojan.Cardst : Aucune action entreprise.
je n'ai pas applique les actions.
apres application des actions voici le rapport:
:mozilla.47:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.46:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.69:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.21:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.23:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.24:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.22:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.25:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.71:C:\Documents and Settings\Administrateur.XPSP2\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\0B7238C0d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\20C29688d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\252845F9d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\25285449d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\328B1AE9d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\328B3FC9d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\328B62E9d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\330DAE6Ed01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\65CB282Ad01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\7552DB95d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\76322A6Bd01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\76322B05d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\7635AE9Fd01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\8907912Ed01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B24826DFd01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B2482E36d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B248343Dd01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B248F42Ad01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B24FA356d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B24FBE2Bd01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B333AC21d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B3359D27d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\BA6B3F89d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\DAC3ECB5d01 -> Trojan.Cardst : Nettoyé.
je ne sais plus quoi faire....
merci de votre aide
ca y est c'est fait mais ca revient encore et toujours
avg
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 19:15:41 20/08/2007
+ Résultat de l'analyse:
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\0B7238C0d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\20C29688d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\32880959d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\8907912Ed01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B248F42Ad01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B3359BC5d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\DAC3ECB5d01 -> Trojan.Cardst : Nettoyé.
Fin du rapport
ccleaner:NETTOYAGE COMPLET - (1,712 secs)
------------------------------------------------------------------------------------------
1,63KB supprimés.
------------------------------------------------------------------------------------------
Détails des fichiers effacés
------------------------------------------------------------------------------------------
Fichiers Temporaires d'Internet Explorer (fichiers 2) 134 bytes
C:\WINDOWS\Debug\UserMode\userenv.log 856 bytes
Le nettoyage du cache de Firefox/Mozilla a été ignoré.
Cookie supprimé: www.infos-du-net.com
Cookie supprimé: infos-du-net.com
Cookie supprimé: www.infos-du-net.com
Cookie supprimé: xiti.com
Cookie supprimé: www.infos-du-net.com
Cookie supprimé: tradedoubler.com
Cookie supprimé: smartadserver.com
Cookie supprimé: mediaplex.com
Cookie supprimé: yahoo.com
Cookie supprimé: google.fr
Cookie supprimé: www.dobermannendetresse.com
Cookie supprimé: yahoo.com
Cookie supprimé: www.dobermannendetresse.com
Cookie supprimé: google.com
Cookie supprimé: dailymotion.com
Cookie supprimé: www.dailymotion.com
Cookie supprimé: overture.com
Cookie supprimé: linternaute.com
Cookie supprimé: bluestreak.com
Cookie supprimé: linternaute.com
Cookie supprimé: doubleclick.net
Cookie supprimé: live.com
Cookie supprimé: msn.com
Cookie supprimé: h.live.com
Cookie supprimé: hotmail.msn.com
Cookie supprimé: login.live.com
Cookie supprimé: c.msn.com
Cookie supprimé: cybermonitor.com
Cookie supprimé: aus2.mozilla.org
Cookie supprimé: infos-du-net.fr.intellitxt.com
Cookie supprimé: atdmt.com
Cookie supprimé: forums.lavilladechannes.com
Cookie supprimé: lavilladechannes.com
Cookie supprimé: jeuxvideo.com
C:\Documents and Settings\Administrateur.XPSP2\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 348 bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 328 bytes
------------------------------------------------------------------------------------------
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 19:15:41 20/08/2007
+ Résultat de l'analyse:
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\0B7238C0d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\20C29688d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\32880959d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\8907912Ed01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B248F42Ad01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\B3359BC5d01 -> Trojan.Cardst : Nettoyé.
C:\Documents and Settings\Administrateur.XPSP2\Local Settings\Application Data\Mozilla\Firefox\Profiles\bpcki42e.default\Cache\DAC3ECB5d01 -> Trojan.Cardst : Nettoyé.
Fin du rapport
ccleaner:NETTOYAGE COMPLET - (1,712 secs)
------------------------------------------------------------------------------------------
1,63KB supprimés.
------------------------------------------------------------------------------------------
Détails des fichiers effacés
------------------------------------------------------------------------------------------
Fichiers Temporaires d'Internet Explorer (fichiers 2) 134 bytes
C:\WINDOWS\Debug\UserMode\userenv.log 856 bytes
Le nettoyage du cache de Firefox/Mozilla a été ignoré.
Cookie supprimé: www.infos-du-net.com
Cookie supprimé: infos-du-net.com
Cookie supprimé: www.infos-du-net.com
Cookie supprimé: xiti.com
Cookie supprimé: www.infos-du-net.com
Cookie supprimé: tradedoubler.com
Cookie supprimé: smartadserver.com
Cookie supprimé: mediaplex.com
Cookie supprimé: yahoo.com
Cookie supprimé: google.fr
Cookie supprimé: www.dobermannendetresse.com
Cookie supprimé: yahoo.com
Cookie supprimé: www.dobermannendetresse.com
Cookie supprimé: google.com
Cookie supprimé: dailymotion.com
Cookie supprimé: www.dailymotion.com
Cookie supprimé: overture.com
Cookie supprimé: linternaute.com
Cookie supprimé: bluestreak.com
Cookie supprimé: linternaute.com
Cookie supprimé: doubleclick.net
Cookie supprimé: live.com
Cookie supprimé: msn.com
Cookie supprimé: h.live.com
Cookie supprimé: hotmail.msn.com
Cookie supprimé: login.live.com
Cookie supprimé: c.msn.com
Cookie supprimé: cybermonitor.com
Cookie supprimé: aus2.mozilla.org
Cookie supprimé: infos-du-net.fr.intellitxt.com
Cookie supprimé: atdmt.com
Cookie supprimé: forums.lavilladechannes.com
Cookie supprimé: lavilladechannes.com
Cookie supprimé: jeuxvideo.com
C:\Documents and Settings\Administrateur.XPSP2\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 348 bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 328 bytes
------------------------------------------------------------------------------------------
et le dernier highjack
Logfile of HijackThis v1.99.1
Scan saved at 22:40:19, on 20/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
je coupe tout et je vais me pieuter,ce PC me![:fou:]( ":fou:")
![:fou:]( ":fou:")
![[:akiraclaudio:2]]( "[:akiraclaudio:2]")
de vous deranger
Logfile of HijackThis v1.99.1
Scan saved at 22:40:19, on 20/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
je coupe tout et je vais me pieuter,ce PC me
![[:akiraclaudio:2]](http://m.bestofmedia.com/sfp/design/usr/fr/smilies/3f/6a/akiraclaudio:2.gif "[:akiraclaudio:2]")
de vous deranger Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumTrojan trojan horse et trojan.starpage
- ForumTrojan svchhost.exe
- ForumTrojan infecte par trojan-downloader.win32
- ForumTrojan trojan horse psw.agent.3.ab
- ForumTrojan tr trash.gen' trojan
- ForumTrojan trojan horse proxy.nlw
- ForumTrojan backdoor et trojan fakearvalert
- ForumTrojan w32 trojan-gen
- ForumTrojan w32 trojan
- ForumTélécharger trojan
- Voir plus
