Trojan, comment faire pour m'en debarasser ?

Trojan, comment faire pour m'en debarasser ? - Win NT/2K/XP - Windows & Software

Marsh Posté le 03-12-2005 à 08:02:29    

Bonjour,
 
J'ai chopé il ya deux jours un triojan. Je n'arrive pas a m'en defaire.  
 
J'ai utilisé : Spybot, Microsoft anti spyware? ad aware, j'ai AVG comme antivirus.
 
Je poste un log HijackThis.
 
Je pense que les lignes en gras sont responsables mais j'aimerais en etre certain.
 
Merci de votre aide
 
Logfile of HijackThis v1.99.1
Scan saved at 7:57:38, on 3/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\HPPROPTY.EXE
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Alcatel\Secure VPN Client for Windows XP\Permit.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\d3iz32.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Alcatel\Secure VPN Client for Windows XP\PermitNT.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dtnds.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dtnds.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dtnds.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dtnds.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dtnds.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dtnds.dll/sp.html#17702
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dtnds.dll/sp.html#17702
R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {588FCF78-9883-FD4A-E7E4-8988603547DE} - C:\WINDOWS\system32\sdkso32.dll
O2 - BHO: Class - {929D9CB6-B915-B33C-CEB9-BFBCB95AA0D4} - C:\WINDOWS\system32\appjv32.dll (file missing)

O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.fr.fr-be\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP LaserJet ToolBox] HPPROPTY.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PERMITStart] C:\Program Files\Alcatel\Secure VPN Client for Windows XP\Permit.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
[/b]O4 - HKLM\..\Run: [ipcj32.exe] C:\WINDOWS\ipcj32.exe
O4 - HKLM\..\Run: [sdkzm32.exe] C:\WINDOWS\sdkzm32.exe
O4 - HKLM\..\Run: [apibz.exe] C:\WINDOWS\system32\apibz.exe
O4 - HKLM\..\Run: [atlnt.exe] C:\WINDOWS\atlnt.exe
O4 - HKLM\..\Run: [ipky32.exe] C:\WINDOWS\system32\ipky32.exe
O4 - HKLM\..\Run: [mfcyq.exe] C:\WINDOWS\system32\mfcyq.exe
O4 - HKLM\..\Run: [appbv.exe] C:\WINDOWS\system32\appbv.exe
O4 - HKLM\..\Run: [d3iz32.exe] C:\WINDOWS\d3iz32.exe[/b]
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [ntfz.exe] C:\WINDOWS\ntfz.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ntbj.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Alcatel Networks Secure VPN Client (PermitNTService) - Alcatel Networks Corporation - C:\Program Files\Alcatel\Secure VPN Client for Windows XP\PermitNT.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
 

Reply

Marsh Posté le 03-12-2005 à 08:02:29   

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed