Le vilain (Trojan-gen other)
pur2000
Messages postés
5
Statut
Membre
-
pur2000 Messages postés 5 Statut Membre -
pur2000 Messages postés 5 Statut Membre -
Bonjour à tous,
J'ai un problème avec le trojan "Win32:Trojan-gen {Other}". Cela fait qq jours qu'il me fait des misères (au début des processus winoldap était lancé et un message m'avertissait que la mémoire devenait insuffisante et le PC plantait peu de temps après.
Voici le journal des détections d'Avast. C'est toujours le même virus dans les mêmes emplacement. Il semble que j'arrive à supprimer les fichiers infectés (avec ou sans l'aide d'Avast). Mais ils reviennent toujours !!! Je ne comprends pas d'où ces fichiers proviennent.
Avast fait les détection suivantes :
19/11/07 18:05:16 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\179302449.exe" file.
19/11/07 18:56:25 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\385153806.exe" file.
19/11/07 19:59:59 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1718806957.exe" file.
19/11/07 20:32:39 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\501450830.exe" file.
19/11/07 20:36:40 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1568336268.exe" file.
19/11/07 20:50:09 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\85265394.exe" file.
19/11/07 21:13:30 1Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1679874040.exe" file.
19/11/07 21:42:13 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\938517563.exe" file.
19/11/07 22:14:24 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\841033429.exe" file.
19/11/07 22:14:45 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1707370463.exe" file.
20/11/07 18:50:50 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8DEJO563\N2_21_09_07_0[1].EXE" file.
20/11/07 18:50:50 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1312612026.exe" file.
20/11/07 19:27:07 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8DEJO563\N2_21_09_07_0[1].EXE" file.
20/11/07 19:27:07 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\447219907.exe" file.
20/11/07 19:32:48 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\7JBQ0OOX\N2_21_09_07_0[1].EXE" file.
20/11/07 19:32:48 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\2113599880.exe" file.
20/11/07 19:33:08 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\2113599880.EXE" file.
20/11/07 20:57:53 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8DEJO563\N2_21_09_07_0[1].EXE" file.
20/11/07 20:57:53 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\2072229514.exe" file.
20/11/07 20:58:07 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\2072229514.EXE" file.
20/11/07 21:39:34 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\321338723.EXE" file.
20/11/07 21:39:35 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\321338723.exe" file.
20/11/07 22:14:32 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\IDE9MN0V\N2_21_09_07_0[1].EXE" file.
20/11/07 22:14:32 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\985493229.exe" file.
20/11/07 22:14:48 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\985493229.EXE" file.
20/11/07 22:32:36 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\IDE9MN0V\N2_21_09_07_0[1].EXE" file.
20/11/07 22:32:37 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1108543154.exe" file.
20/11/07 22:51:24 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\IDE9MN0V\N2_21_09_07_0[1].EXE" file.
20/11/07 22:51:25 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1863607070.exe" file.
20/11/07 22:52:27 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\1863607070.EXE" file.
21/11/07 19:20:27 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\UIRQALVB\N2_21_09_07_0[1].EXE" file.
21/11/07 19:20:27 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1445053857.exe" file.
21/11/07 20:16:27 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\IDE9MN0V\N2_21_09_07_0[1].EXE" file.
21/11/07 20:16:28 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1461246895.exe" file.
Voici les scan d'HJT
En mode ss echec
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:25, on 20/11/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\FR\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\FR\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TridTray] c:\windows\SYSTEM\tridtray.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Initialize8x8] c:\windows\pinnacle\PCTV\8x8_init.exe
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\Tiny Disk\Tiny Disk\TinyMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\Tiny Disk\Tiny Disk\USBTD.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ICSDCLT] c:\windows\rundll32.exe c:\windows\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [icf] c:\windows\system\icf.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [DkService] c:\Program Files\Executive Software\DiskeeperWorkstation\DkService.exe
O4 - HKLM\..\RunServices: [SSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\.DEFAULT\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Default user')
O4 - .DEFAULT Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe (User 'Default user')
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.1
En mode normal :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:34, on 20/11/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\TRIDTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TINY DISK\TINY DISK\TINYMON.EXE
C:\PROGRAM FILES\TINY DISK\TINY DISK\USBTD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\FR\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\ICF.EXE
C:\WINDOWS\SYSTEM\W98EJECT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJT\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\FR\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\FR\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TridTray] c:\windows\SYSTEM\tridtray.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Initialize8x8] c:\windows\pinnacle\PCTV\8x8_init.exe
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\Tiny Disk\Tiny Disk\TinyMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\Tiny Disk\Tiny Disk\USBTD.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ICSDCLT] c:\windows\rundll32.exe c:\windows\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [icf] c:\windows\system\icf.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [DkService] c:\Program Files\Executive Software\DiskeeperWorkstation\DkService.exe
O4 - HKLM\..\RunServices: [SSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\.DEFAULT\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Default user')
O4 - .DEFAULT Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe (User 'Default user')
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.1
Merci de votre aide.
J'ai un problème avec le trojan "Win32:Trojan-gen {Other}". Cela fait qq jours qu'il me fait des misères (au début des processus winoldap était lancé et un message m'avertissait que la mémoire devenait insuffisante et le PC plantait peu de temps après.
Voici le journal des détections d'Avast. C'est toujours le même virus dans les mêmes emplacement. Il semble que j'arrive à supprimer les fichiers infectés (avec ou sans l'aide d'Avast). Mais ils reviennent toujours !!! Je ne comprends pas d'où ces fichiers proviennent.
Avast fait les détection suivantes :
19/11/07 18:05:16 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\179302449.exe" file.
19/11/07 18:56:25 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\385153806.exe" file.
19/11/07 19:59:59 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1718806957.exe" file.
19/11/07 20:32:39 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\501450830.exe" file.
19/11/07 20:36:40 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1568336268.exe" file.
19/11/07 20:50:09 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\85265394.exe" file.
19/11/07 21:13:30 1Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1679874040.exe" file.
19/11/07 21:42:13 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\938517563.exe" file.
19/11/07 22:14:24 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\841033429.exe" file.
19/11/07 22:14:45 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1707370463.exe" file.
20/11/07 18:50:50 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8DEJO563\N2_21_09_07_0[1].EXE" file.
20/11/07 18:50:50 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1312612026.exe" file.
20/11/07 19:27:07 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8DEJO563\N2_21_09_07_0[1].EXE" file.
20/11/07 19:27:07 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\447219907.exe" file.
20/11/07 19:32:48 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\7JBQ0OOX\N2_21_09_07_0[1].EXE" file.
20/11/07 19:32:48 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\2113599880.exe" file.
20/11/07 19:33:08 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\2113599880.EXE" file.
20/11/07 20:57:53 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8DEJO563\N2_21_09_07_0[1].EXE" file.
20/11/07 20:57:53 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\2072229514.exe" file.
20/11/07 20:58:07 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\2072229514.EXE" file.
20/11/07 21:39:34 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\321338723.EXE" file.
20/11/07 21:39:35 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\321338723.exe" file.
20/11/07 22:14:32 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\IDE9MN0V\N2_21_09_07_0[1].EXE" file.
20/11/07 22:14:32 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\985493229.exe" file.
20/11/07 22:14:48 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\985493229.EXE" file.
20/11/07 22:32:36 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\IDE9MN0V\N2_21_09_07_0[1].EXE" file.
20/11/07 22:32:37 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1108543154.exe" file.
20/11/07 22:51:24 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\IDE9MN0V\N2_21_09_07_0[1].EXE" file.
20/11/07 22:51:25 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1863607070.exe" file.
20/11/07 22:52:27 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\1863607070.EXE" file.
21/11/07 19:20:27 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\UIRQALVB\N2_21_09_07_0[1].EXE" file.
21/11/07 19:20:27 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1445053857.exe" file.
21/11/07 20:16:27 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\IDE9MN0V\N2_21_09_07_0[1].EXE" file.
21/11/07 20:16:28 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\TEMP\1461246895.exe" file.
Voici les scan d'HJT
En mode ss echec
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:25, on 20/11/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\FR\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\FR\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TridTray] c:\windows\SYSTEM\tridtray.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Initialize8x8] c:\windows\pinnacle\PCTV\8x8_init.exe
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\Tiny Disk\Tiny Disk\TinyMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\Tiny Disk\Tiny Disk\USBTD.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ICSDCLT] c:\windows\rundll32.exe c:\windows\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [icf] c:\windows\system\icf.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [DkService] c:\Program Files\Executive Software\DiskeeperWorkstation\DkService.exe
O4 - HKLM\..\RunServices: [SSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\.DEFAULT\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Default user')
O4 - .DEFAULT Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe (User 'Default user')
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.1
En mode normal :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:34, on 20/11/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\TRIDTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TINY DISK\TINY DISK\TINYMON.EXE
C:\PROGRAM FILES\TINY DISK\TINY DISK\USBTD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\FR\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\ICF.EXE
C:\WINDOWS\SYSTEM\W98EJECT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJT\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\FR\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\FR\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TridTray] c:\windows\SYSTEM\tridtray.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Initialize8x8] c:\windows\pinnacle\PCTV\8x8_init.exe
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\Tiny Disk\Tiny Disk\TinyMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\Tiny Disk\Tiny Disk\USBTD.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ICSDCLT] c:\windows\rundll32.exe c:\windows\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [icf] c:\windows\system\icf.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [DkService] c:\Program Files\Executive Software\DiskeeperWorkstation\DkService.exe
O4 - HKLM\..\RunServices: [SSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\.DEFAULT\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Default user')
O4 - .DEFAULT Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe (User 'Default user')
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.1
Merci de votre aide.
A voir également:
- Le vilain (Trojan-gen other)
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Press esc in 1 seconds to skip startup.nsh any other key to continue ✓ - Forum Windows 10
- Trojan gen 2 ✓ - Forum Virus
- Win64 malware gen - Forum Virus
- Oxy-gen - Télécharger - Généalogie
