Incapable d'identifier le troyen
issam
-
Neo-Nil@u Messages postés 1595 Statut Contributeur -
Neo-Nil@u Messages postés 1595 Statut Contributeur -
Bonjour la liste, J'ai un probleme assez embetant, je sais que g un toyen sur mon poste que j'arrive pas a enlever ni par Microsoft antyspyware ni par spybot, le troyen en question m'ouvre a chaque une fenetre internet explorer (ringtone ou autres) et me place des raccourcis sur le bureau (raccourcis de jeu ...) si apres le log de hijackthis si qq peut m'aider je serai tres reconnaissant :
Logfile of HijackThis v1.99.1
Scan saved at 11:27:56, on 03/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
E:\NavNT\rtvscan.exe
c:\oracle9i\bin\agntsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\hkcmd.exe
E:\NavNT\vptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\WISPTIS.EXE
E:\orant\BIN\RWBLD60.EXE
C:\Program Files\Outlook Express\msimn.exe
E:\orant\BIN\ifbld60.EXE
E:\Quest Software\TOAD\TOAD.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
E:\orant\BIN\ifrun60.EXE
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\mhamedi\Bureau\titan\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aljazeera.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aljazeera.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] E:\NavNT\vptray.exe
O4 - HKLM\..\Run: [lcfep] "C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" -x
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1A7AEDAF-81DC-47A1-AAED-CBC0E9DEB274} (Oraster) - http://www.oracle.com/broadband/3winviewer/oraster.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cdg.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E95775F9-99E6-4158-B65B-66609A7B85F8}: NameServer = 172.20.0.2,172.20.0.8,212.217.0.1,212.217.65.2,212.217.93.209
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cdg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cdg.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Apache - Unknown owner - C:\Apache\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - E:\Tracks Eraser Pro\autocomp.exe
O23 - Service: DefWatch - Symantec Corporation - E:\NavNT\defwatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\NavNT\rtvscan.exe
O23 - Service: OracleSECOND_HOMEClientCache - Unknown owner - E:\oracle\BIN\ONRSD.EXE
O23 - Service: OracleTHIRD_HOMEAgent - Oracle Corporation - c:\oracle9i\bin\agntsrvc.exe
O23 - Service: OracleTHIRD_HOMEClientCache - Unknown owner - c:\oracle9i\BIN\ONRSD.EXE
Logfile of HijackThis v1.99.1
Scan saved at 11:27:56, on 03/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
E:\NavNT\rtvscan.exe
c:\oracle9i\bin\agntsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\hkcmd.exe
E:\NavNT\vptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\WISPTIS.EXE
E:\orant\BIN\RWBLD60.EXE
C:\Program Files\Outlook Express\msimn.exe
E:\orant\BIN\ifbld60.EXE
E:\Quest Software\TOAD\TOAD.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
E:\orant\BIN\ifrun60.EXE
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\mhamedi\Bureau\titan\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aljazeera.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aljazeera.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] E:\NavNT\vptray.exe
O4 - HKLM\..\Run: [lcfep] "C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" -x
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1A7AEDAF-81DC-47A1-AAED-CBC0E9DEB274} (Oraster) - http://www.oracle.com/broadband/3winviewer/oraster.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cdg.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E95775F9-99E6-4158-B65B-66609A7B85F8}: NameServer = 172.20.0.2,172.20.0.8,212.217.0.1,212.217.65.2,212.217.93.209
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cdg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cdg.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Apache - Unknown owner - C:\Apache\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - E:\Tracks Eraser Pro\autocomp.exe
O23 - Service: DefWatch - Symantec Corporation - E:\NavNT\defwatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\NavNT\rtvscan.exe
O23 - Service: OracleSECOND_HOMEClientCache - Unknown owner - E:\oracle\BIN\ONRSD.EXE
O23 - Service: OracleTHIRD_HOMEAgent - Oracle Corporation - c:\oracle9i\bin\agntsrvc.exe
O23 - Service: OracleTHIRD_HOMEClientCache - Unknown owner - c:\oracle9i\BIN\ONRSD.EXE
A voir également:
- Incapable d'identifier le troyen
- Identifier appareil avec adresse mac - Guide
- Call identifier 2.08 - Télécharger - Téléphonie & Visio
- Comment s'appelle l’adresse qui est attribuée à un appareil quand il se connecte à internet et qui permet de l'identifier sur le réseau ? - Guide
- Unknown device identifier - Télécharger - Optimisation
- Identifier un tableau à partir d'une photo - Forum Loisirs / Divertissements
3 réponses
Salut issam,
A² Free :
a² free
Mets-le à jour et scanne ton PC ! Vire ce qu'il trouve !
Tiens-moi au courant ! @+
A² Free :
a² free
Mets-le à jour et scanne ton PC ! Vire ce qu'il trouve !
Tiens-moi au courant ! @+
Bonjour, merci pr votre reponse, j'ai trouve votre autre mail conseillant d'utiliser le scan sur : http://www.ravantivirus.com/scan, chose que j'ai faite et voici le resultat, je vais lancer l'autre appli que m'avez donné et je vous donnerai le resultat ensuite merci pour toute aide:
Scan started at 03/05/2005 11:36:06
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\mhamedi\appsetup.exe - TrojanDownloader:Win32/Small.ACO -> Infected
C:\Documents and Settings\mhamedi\Bureau\titan\hijackthis\backups\backup-20050429-085749-882.dll - TrojanDownloader:Win32/Dia -> Infected
C:\Documents and Settings\mhamedi\Local Settings\Temp\akrules.dll - TrojanDownloader:Win32/Agent.BT -> Infected
C:\Documents and Settings\mhamedi\Local Settings\Temp\alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\mhamedi\Local Settings\Temp\satmat.cab->satmat.exe - TrojanDownloader:Win32/Stubby.D -> Infected
C:\Documents and Settings\mhamedi\Local Settings\Temp\stmtreco.exe - TrojanDropper:Win32/Agent.CH -> Infected
C:\Documents and Settings\mhamedi\Local Settings\Temp\tt_reco.exe - TrojanDropper:Win32/Agent.CH -> Infected
C:\Documents and Settings\mhamedi\Local Settings\Temp\twaintec.cab->polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\BB10EB48-F6A9-4BA3-90AF-225B5F\21395DCE-5C4E-4600-A0A1-F65FEE - TrojanDownloader:Win32/Agent.BR -> Infected
C:\RECYCLER\S-1-5-21-594873674-1697871919-1234779376-2462\Dc292\ddm_d.exe - TrojanDownloader:Win32/VB.BT -> Infected
C:\RECYCLER\S-1-5-21-594873674-1697871919-1234779376-2462\Dc292\8934\optimize.exe - TrojanDownloader:Win32/Dyfuca.BQ -> Infected
C:\WINNT\system32\akrules.dll - TrojanDownloader:Win32/Agent.BT -> Infected
C:\WINNT\system32\akupd.dll - TrojanDownloader:Win32/Agent.BR -> Infected
E:\IMH\FamilyKeyLogger\cisvc.dll - TrojanSpy:Win32/KeyLogger.AI -> Infected
E:\IMH\SAUV_IMH\IMH\Perso\divers\EXE\AnonyMail.exe - Spammer:Win32/Xmail -> Infected
E:\IMH\SAUV_IMH\IMH\Perso\divers\ZIP\amail.zip->AnonyMail.exe - Spammer:Win32/Xmail -> Infected
Scanned
============================
Objects: 100047
Directories: 8583
Archives: 3836
Size(Kb): 1840715
Infected files: 16
Found
============================
Viruses found: 12
Suspicious files: 0
Disinfected files: 0
Mail files: 327
Scan started at 03/05/2005 11:36:06
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\mhamedi\appsetup.exe - TrojanDownloader:Win32/Small.ACO -> Infected
C:\Documents and Settings\mhamedi\Bureau\titan\hijackthis\backups\backup-20050429-085749-882.dll - TrojanDownloader:Win32/Dia -> Infected
C:\Documents and Settings\mhamedi\Local Settings\Temp\akrules.dll - TrojanDownloader:Win32/Agent.BT -> Infected
C:\Documents and Settings\mhamedi\Local Settings\Temp\alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\mhamedi\Local Settings\Temp\satmat.cab->satmat.exe - TrojanDownloader:Win32/Stubby.D -> Infected
C:\Documents and Settings\mhamedi\Local Settings\Temp\stmtreco.exe - TrojanDropper:Win32/Agent.CH -> Infected
C:\Documents and Settings\mhamedi\Local Settings\Temp\tt_reco.exe - TrojanDropper:Win32/Agent.CH -> Infected
C:\Documents and Settings\mhamedi\Local Settings\Temp\twaintec.cab->polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Program Files\Microsoft AntiSpyware\Quarantine\BB10EB48-F6A9-4BA3-90AF-225B5F\21395DCE-5C4E-4600-A0A1-F65FEE - TrojanDownloader:Win32/Agent.BR -> Infected
C:\RECYCLER\S-1-5-21-594873674-1697871919-1234779376-2462\Dc292\ddm_d.exe - TrojanDownloader:Win32/VB.BT -> Infected
C:\RECYCLER\S-1-5-21-594873674-1697871919-1234779376-2462\Dc292\8934\optimize.exe - TrojanDownloader:Win32/Dyfuca.BQ -> Infected
C:\WINNT\system32\akrules.dll - TrojanDownloader:Win32/Agent.BT -> Infected
C:\WINNT\system32\akupd.dll - TrojanDownloader:Win32/Agent.BR -> Infected
E:\IMH\FamilyKeyLogger\cisvc.dll - TrojanSpy:Win32/KeyLogger.AI -> Infected
E:\IMH\SAUV_IMH\IMH\Perso\divers\EXE\AnonyMail.exe - Spammer:Win32/Xmail -> Infected
E:\IMH\SAUV_IMH\IMH\Perso\divers\ZIP\amail.zip->AnonyMail.exe - Spammer:Win32/Xmail -> Infected
Scanned
============================
Objects: 100047
Directories: 8583
Archives: 3836
Size(Kb): 1840715
Infected files: 16
Found
============================
Viruses found: 12
Suspicious files: 0
Disinfected files: 0
Mail files: 327
1) Suis les chemins et supprime les fichiers en gras :
C:\Documents and Settings\mhamedi\appsetup.exe
C:\WINNT\system32\akrules.dll
C:\WINNT\system32\akupd.dll
E:\IMH\FamilyKeyLogger\cisvc.dll
E:\IMH\SAUV_IMH\IMH\Perso\divers\EXE\AnonyMail.exe
E:\IMH\SAUV_IMH\IMH\Perso\divers\ZIP\amail.zip
2) Vide ta corbeille
3) Utilise ce petit programme pour nettoyer des dossiers temp :
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
Ensuite, reposte un nouveau log RAV !
C:\Documents and Settings\mhamedi\appsetup.exe
C:\WINNT\system32\akrules.dll
C:\WINNT\system32\akupd.dll
E:\IMH\FamilyKeyLogger\cisvc.dll
E:\IMH\SAUV_IMH\IMH\Perso\divers\EXE\AnonyMail.exe
E:\IMH\SAUV_IMH\IMH\Perso\divers\ZIP\amail.zip
2) Vide ta corbeille
3) Utilise ce petit programme pour nettoyer des dossiers temp :
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
Ensuite, reposte un nouveau log RAV !
