Analyse Hijack + ISTBar indélogeable !!!!

Catherine -  
 Catherine -
Bonjour,

J'ai un problème récurrent avec ISTBar que je n'arrive pas à supprimer ni avec Spybot, ni avec a², ni avec ad-aware, ni en supprimant les clés de registre.
Merci de votre aide.
Pourriez-vous également analyser ce log Hi-jack ?
Logfile of HijackThis v1.99.0
Scan saved at 22:54:22, on 27/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\msnservex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\perfont.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\win32ssr.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noos.fr/abonnes.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [System Service] real.exe
O4 - HKLM\..\Run: [Personal Firewall V9] Firewall-UpdateV9.exe
O4 - HKLM\..\Run: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnservex.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [System Service] real.exe
O4 - HKLM\..\RunServices: [Personal Firewall V9] Firewall-UpdateV9.exe
O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnservex.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Personal Firewall V9] Firewall-UpdateV9.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\OFFICE\1036\PHDINTL.DLL/phdContext.htm
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125517162534
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O23 - Service: Canon Camera Access Library 8 - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Evaluation Service - Evalution Customer - C:\Program Files\Fichiers communs\Evalution Customer Shared\Service\Evaluation Service FileName.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: InCD File System Service - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Performance True Type Font - Unknown - C:\WINDOWS\System32\perfont.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Win32Sr - Unknown - C:\WINDOWS\win32ssr.exe
O23 - Service: Windows HWinfo Loader - Unknown - C:\WINDOWS\iexplre.exe (file missing)
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Configuration: Windows XP

7 réponses

  1. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Bonsoir Catherine,

    Je vois d'emblée que vous n'avez pas la dernière version de HijackThis.

    1/ Scanne ton PC avec cet antivirus en ligne :
    http://www.bitdefender.com/scan8/ie.html
    Clique sur "I Agree" et scanne tout le PC.
    Copie/colle le rapport sur le forum.

    Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).

    2/ Télécharge HijackThis : http://www.01net.com/telecharger/windows/Internet/internet_utlitaire/fiches/29061.html
    - Installe le dans son propre dossier.
    Par exemple, C:\HijackThis
    Choisis l'option "do a scan and a logfile", il va te générer un rapport, copie et colle sur le forum.
    Regarde la démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bonne nuit.
    0
  2. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    hello
    attention
    2 pare-feu !!
    Personal Firewall V9 & Trend Micro Personal Firewall
    donc ménage à faire

    désactiver pour l analyse
    TeaTimer.exe de Spybot
    0
    1. Kristopher Messages postés 3752 Statut Contributeur 106
       
      Salut ara,

      Je ne sais pas comme Toi, mais moi je ne vois pas uniquement le problème des deux firewalls installés, il y a également des infections et des mises à jour à effectuer !!

      Je n'ai pas regardé son log entièrement, je me suis focalisé spécialement sur le début.

      Je pense donc qu'un scan en ligne préliminaire ne fera pas de mal, suivit d'un nouveau log avec la dernière version HijackThis.

      Tu as opéré une dernière intervention à 04h46 donc je pense que tu dois encore dormir.

      Bonne nuit.
      0
  3. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    re kris
    ns sommes ok
    il faut au préalable nettoyer un max par des solutions simples
    avant de s attaquer à l'hijack
    oui , ai vu 1.99.0 a.l.d 1.99.1, sa version est obsoléte

    suis resté tard cette nuit devant un blem de mémoire ou de dd,voire les 2 ensemble - le gros caca , quoi !
    0
  4. Catherine
     
    Bonjour,

    Désolée du retard mais j'ai beaucoup de problèmes pour me connecter à Internet.
    Voici le rapport Bitdefender (mais j'ai oublié de désactiver l'anti pop-up) :

    Scan path: A:\;C:\;D:\;E:\;
    Statistics

    Time
    01:18:55

    Files
    245189

    Folders
    3387

    Boot Sectors
    2

    Archives
    2868

    Packed Files
    28948

    Results

    Identified Viruses
    24

    Infected Files
    32

    Suspect Files
    1

    Warnings
    0

    Disinfected
    0

    Deleted Files
    29

    Engines Info

    Virus Definitions
    289403

    Engine build
    AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

    Scan plugins
    13

    Archive plugins
    39

    Unpack plugins
    4

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
    Infected with: Backdoor.RBot.28AF9287

    C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
    Deleted

    C:\msnupdatess.exe=>(CAB Sfx r)
    Update failed

    C:\WINDOWS\SYSTEM32\o
    Infected with: Backdoor.BotGet.FtpB.Gen

    C:\WINDOWS\SYSTEM32\o
    Disinfection failed

    C:\WINDOWS\SYSTEM32\o
    Delete failed

    C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
    Infected with: Backdoor.SDBot.AMV

    C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
    Deleted

    C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
    Infected with: Trojan.Mutech.E

    C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
    Deleted

    C:\WINDOWS\SYSTEM32\TFTP1332
    Infected with: Backdoor.Sdbot.MA

    C:\WINDOWS\SYSTEM32\TFTP1332
    Disinfection failed

    C:\WINDOWS\SYSTEM32\TFTP1332
    Deleted

    C:\WINDOWS\SYSTEM32\c.bat
    Infected with: Backdoor.BotGet.FtpA.Gen

    C:\WINDOWS\SYSTEM32\c.bat
    Deleted

    C:\WINDOWS\SYSTEM32\.pif
    Infected with: Backdoor.BotGet.FtpB.Gen

    C:\WINDOWS\SYSTEM32\.pif
    Deleted

    C:\WINDOWS\SYSTEM32\1.bat
    Infected with: Backdoor.BotGet.FtpA.Gen

    C:\WINDOWS\SYSTEM32\1.bat
    Deleted

    C:\WINDOWS\SYSTEM32\i
    Suspected of: Backdoor.BotGet.FtpB.Gen

    C:\WINDOWS\SYSTEM32\i
    Disinfection failed

    C:\WINDOWS\SYSTEM32\i
    Deleted

    C:\WINDOWS\SYSTEM32\mpsys.exe
    Infected with: Trojan.Dropper.Juntador.E

    C:\WINDOWS\SYSTEM32\mpsys.exe
    Deleted

    C:\WINDOWS\SYSTEM32\.a
    Infected with: Backdoor.BotGet.FtpB.Gen

    C:\WINDOWS\SYSTEM32\.a
    Deleted

    C:\WINDOWS\SYSTEM32\SVKP.sys
    Infected with: Backdoor.Rbot.CBD

    C:\WINDOWS\SYSTEM32\SVKP.sys
    Disinfection failed

    C:\WINDOWS\SYSTEM32\SVKP.sys
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
    Infected with: Virtool.HiddenRun.C

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
    Infected with: Trojan.Flood.22016

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
    Detected with: Application.SlimFTP.A

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
    Infected with: Virtool.Xscan.A

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
    Infected with: MemScan:Virtool.HiddenRun.B

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
    Detected with: Application.Sniffer.DaSniff

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
    Infected with: Virtool.Xscan.Plugin

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
    Infected with: Trojan.Mirc.Flood.J

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
    Infected with: IRC-Worm.Randon.T

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ntvdmn.exe
    Infected with: Backdoor.SDBot.838A8352

    C:\WINDOWS\SYSTEM32\ntvdmn.exe
    Deleted

    C:\WINDOWS\SYSTEM32\perfont.exe
    Infected with: Trojan.Mutech.E

    C:\WINDOWS\SYSTEM32\perfont.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\perfont.exe
    Delete failed

    C:\WINDOWS\SYSTEM32\msnservex.exe
    Infected with: Backdoor.RBot.1ED74066

    C:\WINDOWS\SYSTEM32\msnservex.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\msnservex.exe
    Delete failed

    C:\WINDOWS\SYSTEM32\down.com
    Infected with: Trojan.Dropper.Dos.Rute.D

    C:\WINDOWS\SYSTEM32\down.com
    Disinfection failed

    C:\WINDOWS\SYSTEM32\down.com
    Deleted

    C:\WINDOWS\win32ssr.exe
    Infected with: Backdoor.SDBot.AMV

    C:\WINDOWS\win32ssr.exe
    Disinfection failed

    C:\WINDOWS\win32ssr.exe
    Delete failed

    C:\WINDOWS\HELP\Tours\van32.exe
    Infected with: Virtool.HiddenRun.C

    C:\WINDOWS\HELP\Tours\van32.exe
    Disinfection failed

    C:\WINDOWS\HELP\Tours\van32.exe
    Deleted

    C:\WINDOWS\HELP\Tours\dat\nt_user.dic
    Infected with: Trojan.Mirc.Flood.J

    C:\WINDOWS\HELP\Tours\dat\nt_user.dic
    Disinfection failed

    C:\WINDOWS\HELP\Tours\dat\nt_user.dic
    Deleted

    C:\U.exe
    Infected with: Trojan.Mutech.E

    C:\U.exe
    Disinfection failed

    C:\U.exe
    Deleted

    C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
    Infected with: Trojan.Win95.Flashkiller

    C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
    Disinfection failed

    C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
    Deleted

    C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
    Infected with: Trojan.Downloader.Dyfuca.EI

    C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
    Disinfection failed

    C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
    Deleted

    C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT
    Update failed

    C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
    Infected with: Backdoor.RBot.3DFE4021

    C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
    Deleted

    C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
    Update failed

    C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
    Infected with: Trojan.Downloader.Dyfuca.DU

    C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
    Disinfection failed

    C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
    Deleted

    C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
    Update failed

    Et voici le log Hijack :

    Logfile of HijackThis v1.99.1
    Scan saved at 22:07:12, on 01/03/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
    C:\WINDOWS\System32\msnservex.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
    C:\WINDOWS\System32\perfont.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
    C:\WINDOWS\win32ssr.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\ftp.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\HP Client autorisé\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noos.fr/abonnes.php
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
    O4 - HKLM\..\Run: [AdobeReader] msni.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [System Service] real.exe
    O4 - HKLM\..\Run: [AdobeReaderPros] sysmsn.exe
    O4 - HKLM\..\Run: [AdobeReaderPro] msnservex.exe
    O4 - HKLM\..\RunServices: [AdobeReader] msni.exe
    O4 - HKLM\..\RunServices: [System Service] real.exe
    O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe
    O4 - HKLM\..\RunServices: [AdobeReaderPro] msnservex.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\OFFICE\1036\PHDINTL.DLL/phdContext.htm
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125517162534
    O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Evaluation Service - Evalution Customer - C:\Program Files\Fichiers communs\Evalution Customer Shared\Service\Evaluation Service FileName.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
    O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
    O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe
    O23 - Service: Windows HWinfo Loader - Unknown owner - C:\WINDOWS\iexplre.exe (file missing)

    Merci de votre aide.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    re
    1/ IE est à màj via WindowsUpdate - ta version est obsoléte

    2/fixe ces lignes
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125517162534
    O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab

    3/ démar+exécuter+tape services.msc+ok
    dans le menu déroulant tu cherches
    "Win32Sr"
    "Windows HWinfo Loader "
    tu désactives ces 2 programmes

    4/poursuite de l audit aprés bouffer
    0
  7. Catherine
     
    Bonsoir,

    Voici le rapport Bitdefender :

    Scan path: A:\;C:\;D:\;E:\;
    Statistics

    Time
    01:15:14

    Files
    245632

    Folders
    3398

    Boot Sectors
    2

    Archives
    2891

    Packed Files
    28973

    Results

    Identified Viruses
    15

    Infected Files
    15

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    15

    Engines Info

    Virus Definitions
    292665

    Engine build
    AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

    Scan plugins
    13

    Archive plugins
    39

    Unpack plugins
    4

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
    Infected with: Backdoor.RBot.28AF9287

    C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
    Deleted

    C:\msnupdatess.exe=>(CAB Sfx r)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
    Infected with: Virtool.HiddenRun.C

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
    Infected with: Trojan.Flood.22016

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
    Detected with: Application.SlimFTP.A

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
    Infected with: Virtool.Xscan.A

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
    Infected with: MemScan:Virtool.HiddenRun.B

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
    Detected with: Application.Sniffer.DaSniff

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
    Infected with: Virtool.Xscan.Plugin

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
    Infected with: Trojan.Mirc.Flood.J

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
    Infected with: IRC-Worm.Randon.T

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
    Disinfection failed

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
    Deleted

    C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
    Update failed

    C:\WINDOWS\SYSTEM32\msnservex.exe
    Infected with: Backdoor.RBot.1ED74066

    C:\WINDOWS\SYSTEM32\msnservex.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\msnservex.exe
    Delete failed

    C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
    Infected with: Backdoor.SDBot.AMV

    C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
    Disinfection failed

    C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
    Deleted

    C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
    Infected with: Trojan.Downloader.Dyfuca.EI

    C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
    Disinfection failed

    C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
    Deleted

    C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT
    Update failed

    C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
    Infected with: Backdoor.RBot.3DFE4021

    C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
    Deleted

    C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
    Update failed

    C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
    Infected with: Trojan.Downloader.Dyfuca.DU

    C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
    Disinfection failed

    C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
    Deleted

    C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
    Update failed
    0