virus Trojan + souci Isass.exe + fausses alertes virus
Dernière réponse : dans Sécurité
Bonjour à tous,
Avast a récemment détecté un virus Trojan que j’ai mis en quarantaine. Et j'ai souvent un message d'alerte qui m'indique un problème avec isass.exe. J’ai des difficultés à lancer Windows (marche 1 fois sur 5).
Et depuis 1 an environ j’ai des messages de fausses alertes virus qui me suggèrent d’aller me connecter à tel ou tel site anti-virus bidon.
J'ai essayé de détruire le Trojan avec Avast et Spyboot, sans succès. J'ai fait un scan de mon disque dur avec Hijackthis (ci-dessous), si vous pouvez m'aider cela serait sympa.
Une précision technique : J’utilise Windows 2000 pro.
Bonne journée.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:37:30, on 27/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\bgsvcgen.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system\NOTEPAD.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\SADASDA.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WgBHO Class - {67E9834D-B226-49E6-B6F6-85AA64E14BA3} - C:\Program Files\Free Download Manager\iefdm.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKLM\..\RunServices: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKLM\..\RunOnce: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\RunOnce: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MicroSoft ssas3s1] SADASDA.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Exif Launcher 2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOTEPAD - Unknown owner - C:\WINNT\system\NOTEPAD.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 7022 bytes
Avast a récemment détecté un virus Trojan que j’ai mis en quarantaine. Et j'ai souvent un message d'alerte qui m'indique un problème avec isass.exe. J’ai des difficultés à lancer Windows (marche 1 fois sur 5).
Et depuis 1 an environ j’ai des messages de fausses alertes virus qui me suggèrent d’aller me connecter à tel ou tel site anti-virus bidon.
J'ai essayé de détruire le Trojan avec Avast et Spyboot, sans succès. J'ai fait un scan de mon disque dur avec Hijackthis (ci-dessous), si vous pouvez m'aider cela serait sympa.
Une précision technique : J’utilise Windows 2000 pro.
Bonne journée.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:37:30, on 27/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\bgsvcgen.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system\NOTEPAD.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\SADASDA.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WgBHO Class - {67E9834D-B226-49E6-B6F6-85AA64E14BA3} - C:\Program Files\Free Download Manager\iefdm.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKLM\..\RunServices: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKLM\..\RunOnce: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\RunOnce: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MicroSoft ssas3s1] SADASDA.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Exif Launcher 2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOTEPAD - Unknown owner - C:\WINNT\system\NOTEPAD.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 7022 bytes
Autres pages sur : virus trojan souci isass exe fausses alertes virus
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
Bonjour, et merci de la réponse. J'ai procédé comme indiqué avec SDFix (sauf que j'ai d'abord oublié de lancer l'analyse en mode sans échec, ensuite je me suis aperçu de l'erreur, j'ai stoppé l'analyse et je l'ai refaite en mode sans échec).
Voici donc le contenu du fichier Report.txt, et plus bas voici aussi le nouveau log Hijackthis :
SDFix: Version 1.112
Run by Administrator on mar. 30/10/2007 at 22:36
Microsoft Windows 2000 [Version 5.00.2195]
Running From: C:\DOCUME~1\ADMINI~1\Desktop\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINNT\system\NOTEPAD.exe - Deleted
C:\WINNT\system32\kl.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINNT
No streams found.
C:\WINNT\system32
No streams found.
C:\WINNT\system32\svchost.exe
No streams found.
C:\WINNT\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\ADMINI~1\Desktop\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Tue 10 Dec 2002 102,437 A..HR --- "C:\Program Files\Replay
Converter\drv13260.dll"
Tue 10 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay
Converter\drv23260.dll"
Tue 10 Dec 2002 208,935 A..HR --- "C:\Program Files\Replay
Converter\drv33260.dll"
Tue 10 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay
Converter\drv43260.dll"
Sun 9 Jun 2002 40,448 A..HR --- "C:\Program Files\Replay
Converter\dspr3260.dll"
Sat 3 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll"
Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay
Converter\qtmlClient.dll"
Fri 20 Feb 2004 232,960 A..HR --- "C:\Program Files\Replay Converter\raac.dll"
Sun 9 Jun 2002 525,824 A..HR --- "C:\Program Files\Replay
Converter\rnco3260.dll"
Tue 10 Dec 2002 245,805 A..HR --- "C:\Program Files\Replay
Converter\rnlt3260.dll"
Tue 10 Dec 2002 45,093 A..HR --- "C:\Program Files\Replay
Converter\rv103260.dll"
Tue 10 Dec 2002 98,341 A..HR --- "C:\Program Files\Replay
Converter\rv203260.dll"
Tue 10 Dec 2002 94,247 A..HR --- "C:\Program Files\Replay
Converter\rv303260.dll"
Tue 10 Dec 2002 90,151 A..HR --- "C:\Program Files\Replay
Converter\rv403260.dll"
Sun 9 Jun 2002 49,152 A..HR --- "C:\Program Files\Replay
Converter\tokr3260.dll"
Fri 9 Mar 2007 27,648 A.SH. --- "C:\WINNT\system32\AVSredirect.dll"
Finished!
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:07:10, on 01/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\bgsvcgen.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\SADASDA.exe
C:\WINNT\system32\win.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\SADASDA.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINNT\system32\SADASDA.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus
G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2
Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico
Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free
Edition\bdnagent.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKLM\..\Run: [syswin.txt] win.exe
O4 - HKLM\..\RunServices: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKLM\..\RunServices: [syswin.txt] win.exe
O4 - HKLM\..\RunOnce: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKCU\..\Run: [syswin.txt] win.exe
O4 - HKCU\..\RunOnce: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MicroSoft ssas3s1] SADASDA.exe (User 'Default
user')
O4 - HKUS\.DEFAULT\..\Run: [syswin.txt] win.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program
Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User
'Default user')
O4 - Global Startup: Exif Launcher 2.lnk = C:\Program
Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
C:\Program Files\Yahoo!\Common\yinsthelper.dll
O22 - SharedTaskScheduler: Browseui preloader -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. -
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) -
B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: NOTEPAD - Unknown owner - C:\WINNT\system\NOTEPAD.exe (file
missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINNT\system32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program
Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 6349 bytes
Voici donc le contenu du fichier Report.txt, et plus bas voici aussi le nouveau log Hijackthis :
SDFix: Version 1.112
Run by Administrator on mar. 30/10/2007 at 22:36
Microsoft Windows 2000 [Version 5.00.2195]
Running From: C:\DOCUME~1\ADMINI~1\Desktop\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINNT\system\NOTEPAD.exe - Deleted
C:\WINNT\system32\kl.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINNT
No streams found.
C:\WINNT\system32
No streams found.
C:\WINNT\system32\svchost.exe
No streams found.
C:\WINNT\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\ADMINI~1\Desktop\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Tue 10 Dec 2002 102,437 A..HR --- "C:\Program Files\Replay
Converter\drv13260.dll"
Tue 10 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay
Converter\drv23260.dll"
Tue 10 Dec 2002 208,935 A..HR --- "C:\Program Files\Replay
Converter\drv33260.dll"
Tue 10 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay
Converter\drv43260.dll"
Sun 9 Jun 2002 40,448 A..HR --- "C:\Program Files\Replay
Converter\dspr3260.dll"
Sat 3 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll"
Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay
Converter\qtmlClient.dll"
Fri 20 Feb 2004 232,960 A..HR --- "C:\Program Files\Replay Converter\raac.dll"
Sun 9 Jun 2002 525,824 A..HR --- "C:\Program Files\Replay
Converter\rnco3260.dll"
Tue 10 Dec 2002 245,805 A..HR --- "C:\Program Files\Replay
Converter\rnlt3260.dll"
Tue 10 Dec 2002 45,093 A..HR --- "C:\Program Files\Replay
Converter\rv103260.dll"
Tue 10 Dec 2002 98,341 A..HR --- "C:\Program Files\Replay
Converter\rv203260.dll"
Tue 10 Dec 2002 94,247 A..HR --- "C:\Program Files\Replay
Converter\rv303260.dll"
Tue 10 Dec 2002 90,151 A..HR --- "C:\Program Files\Replay
Converter\rv403260.dll"
Sun 9 Jun 2002 49,152 A..HR --- "C:\Program Files\Replay
Converter\tokr3260.dll"
Fri 9 Mar 2007 27,648 A.SH. --- "C:\WINNT\system32\AVSredirect.dll"
Finished!
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:07:10, on 01/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\bgsvcgen.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\SADASDA.exe
C:\WINNT\system32\win.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\SADASDA.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINNT\system32\SADASDA.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus
G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2
Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico
Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free
Edition\bdnagent.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKLM\..\Run: [syswin.txt] win.exe
O4 - HKLM\..\RunServices: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKLM\..\RunServices: [syswin.txt] win.exe
O4 - HKLM\..\RunOnce: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKCU\..\Run: [syswin.txt] win.exe
O4 - HKCU\..\RunOnce: [MicroSoft ssas3s1] SADASDA.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MicroSoft ssas3s1] SADASDA.exe (User 'Default
user')
O4 - HKUS\.DEFAULT\..\Run: [syswin.txt] win.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program
Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User
'Default user')
O4 - Global Startup: Exif Launcher 2.lnk = C:\Program
Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
C:\Program Files\Yahoo!\Common\yinsthelper.dll
O22 - SharedTaskScheduler: Browseui preloader -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. -
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) -
B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: NOTEPAD - Unknown owner - C:\WINNT\system\NOTEPAD.exe (file
missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINNT\system32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program
Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 6349 bytes
Lassé par la pub ? Créez un compte
- Contenus similaires :
