un virus ou trojan relou...

un virus ou trojan relou... - Sécurité - Windows & Software

Marsh Posté le 22-11-2006 à 10:08:36    

Bonjour,
Décidement mon pc me fait bien des misères depuis ce week end...
j'ai un trojan ou un virus indetectable pas Avast qui visiblement envoie des spams ou je ne sais quoi avec mon zordi,
en effet j'avais remarqué que ma machine ramait sa mere depuis plusieurs jours, pas de bol avast etait out of licence.. j'ai reactivé la licence.. fait un scan total, il m'a trouvé deux trois merdouilles, il les a squeezé et voila... il me reste tout de même une anomalie... j'ai des fichiers du genre "dior4f415121231.exe" (genre 3 ou 4 sur la même session) qui sont presents au démarrage, et avast me dit "Attention, une infection possible a été detectée" et il me met un message du genre tentative d'envoie successifs trop importants à l'adresse tartempion@toto.com ....  
Quand j'ai vu ça, avec Regcleaner j'ai viré les fichiers dior4f41213211.exe de ma liste de démarrage.. mais à chaque redemarrage ils reviennent.. j'ai tenté un coup de ad-aware et de yahoo anti-spy... il m'ont viré mes espions.. Mais le probleme n'est point résolu...
 
un conseil ???
 
Merci !
 
Freed

Reply

Marsh Posté le 22-11-2006 à 10:08:36   

Reply

Marsh Posté le 22-11-2006 à 11:09:40    

un ch'ti coup de scan antivirus en ligne, genre secuser.com ou bien sur le site de panda antivirus...passes par Internet Explorer :-( car généralement ces antivirus utilisent les activeX. Deja, ca devrait t'aider.
Si ca ne marche pas, fait un ch'ti scan HijackThis et poste ton log.
 
@+
 
Dams

Reply

Marsh Posté le 24-11-2006 à 07:00:40    

Logfile of HijackThis v1.99.1
Scan saved at 06:56:47, on 24/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\EASYPH~1\Apache\apache.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
D:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
D:\PROGRA~1\EASYPH~1\Apache\apache.exe
D:\Program Files\No-IP\DUC20.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Tablet.exe
D:\Program Files\UltraVNC\WinVNC.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\USBIR\FrontPanelIo.exe
D:\WINDOWS\system32\RunDll32.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\EasyPHP1-7\easyphp.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\MESDOC~1\FTP_SE~1\ftpserv.exe
C:\downloads_folder\winamp\Y! Amp.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\SystemControl\SystemControl\SystemControl.exe
D:\Program Files\No-IP\DUC20.exe
D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\SWiSHmax\SwishMax.exe
D:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Illustrator.exe
D:\DOCUME~1\Freed\LOCALS~1\Temp\Adobelm_Cleanup.0001
D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
D:\DOCUME~1\Freed\LOCALS~1\Temp\Adobelm_Cleanup.0001
D:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe
D:\Program Files\Macromedia\Flash 8\Flash.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
D:\WINDOWS\system32\cjnr4r42114705.exe
D:\WINDOWS\system32\dior4f43834411.exe
D:\WINDOWS\system32\dior4f43834411.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\downloads_folder\antivirus et cie\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [USBIR] c:\Program Files\USBIR\FrontPanelIo.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EasyPHP] "D:\Program Files\EasyPHP1-7\easyphp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [FTP SERVER] C:\MESDOC~1\FTP_SE~1\ftpserv.exe
O4 - HKLM\..\Run: [Y! listening] C:\\downloads_folder\\winamp\\Y! Amp.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DJ Console] D:\Program Files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe -hide
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dior4f42323191] D:\WINDOWS\system32\dior4f42323191.exe
O4 - HKLM\..\Run: [dior4f4165671] D:\WINDOWS\system32\dior4f4165671.exe
O4 - HKLM\..\Run: [dior4f47435586] D:\WINDOWS\system32\dior4f47435586.exe
O4 - HKLM\..\Run: [cjnr4r41296485] D:\WINDOWS\system32\cjnr4r41296485.exe
O4 - HKLM\..\Run: [WinVNC] "D:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [sklrr7y5717363] D:\WINDOWS\system32\sklrr7y5717363.exe
O4 - HKLM\..\Run: [mlsdf8h3253639] D:\WINDOWS\system32\mlsdf8h3253639.exe
O4 - HKLM\..\Run: [cjnr4r42114705] D:\WINDOWS\system32\cjnr4r42114705.exe
O4 - HKLM\..\Run: [dior4f43834411] D:\WINDOWS\system32\dior4f43834411.exe
O4 - HKLM\..\RunServices: [dior4f42323191] D:\WINDOWS\system32\dior4f42323191.exe
O4 - HKLM\..\RunServices: [dior4f4165671] D:\WINDOWS\system32\dior4f4165671.exe
O4 - HKLM\..\RunServices: [dior4f47435586] D:\WINDOWS\system32\dior4f47435586.exe
O4 - HKLM\..\RunServices: [cjnr4r41296485] D:\WINDOWS\system32\cjnr4r41296485.exe
O4 - HKLM\..\RunServices: [sklrr7y5717363] D:\WINDOWS\system32\sklrr7y5717363.exe
O4 - HKLM\..\RunServices: [mlsdf8h3253639] D:\WINDOWS\system32\mlsdf8h3253639.exe
O4 - HKLM\..\RunServices: [cjnr4r42114705] D:\WINDOWS\system32\cjnr4r42114705.exe
O4 - HKLM\..\RunServices: [dior4f43834411] D:\WINDOWS\system32\dior4f43834411.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: No-IP DUC.lnk = D:\Program Files\No-IP\DUC20.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SystemControl.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apache - Unknown owner - D:\PROGRA~1\EASYPH~1\Apache\apache.exe" --ntservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - D:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft sdk core (sdk) - Unknown owner - D:\WINDOWS\lsass.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - D:\WINDOWS\system32\Tablet.exe
O23 - Service: Print Spooler Service (tbyhqxyyuo5j3) - Unknown owner - D:\WINDOWS\system32\dior4f43834411.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - D:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)
 

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed