no save
Identification
Assistance
Achat
News

Forum | virus/sécurité
ipassist.biz et autres pbs SCAN HIJACKING
masaccio, le dim. 08 mai 2005 à 23:25:42
J'ai eu pas mal de problèmes, le plus important étant que je n'arrive pas à redémarrer en mode sans échec. Impossible de sélectionner le mode après le F8 : les flèches haut/bas ne fonctionnent pas. Donc pas mal de fichiers que je n'arrive pas à supprimer car en cours d'exécution.

voilà le rapport ravantivirus
Scan started at 08/05/2005 22:52:02

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\richard\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv412.jar-313a61ea-427fd8e7.zip->Counter.class - Trojan:Java/ClassLoader -> Infected
C:\Documents and Settings\richard\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv412.jar-313a61ea-427fd8e7.zip->Matrix.class - TrojanDownloader:Java/OpenStream.C -> Infected
C:\Documents and Settings\richard\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv412.jar-313a61ea-427fd8e7.zip->Parser.class - Java/Bytverify -> Infected
C:\WINDOWS\axosdbrmglp.exe - Trojan:Win32/Small.DU -> Infected
C:\WINDOWS\installer_SIAC.exe - TrojanDownloader:Win32/Adload.E -> Infected
C:\WINDOWS\istinstall_si.exe - TrojanDownloader:Win32/Small.GL -> Infected
C:\WINDOWS\ms2.exe - Backdoor:Win32/Haxdoor.CN -> Infected
C:\WINDOWS\od-stnd245.exe - Tool:PornDialer.EQ -> Infected
C:\WINDOWS\od-stnd246.exe - Tool:PornDialer.EQ -> Infected
C:\WINDOWS\od-stnd318.exe - Tool:PornDialer.EQ -> Infected
C:\WINDOWS\isrvs\sysupd.dll - TrojanDownloader:Win32/Small.QT -> Infected
C:\WINDOWS\system32\polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8TAFGTYF\WksPatch[2].exe - Worm:Win32/Nachi.B.dam#2 -> Infected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8TAFGTYF\WksPatch[3].exe - Worm:Win32/Nachi.B.dam#2 -> Infected
C:\WINDOWS\system32\drivers\delprot.sys - VirTool:WinNT/Ispro.B -> Infected
F:\Téléchargements\Hijacking\backups\backup-20050508-212536-641.dll - TrojanDownloader:Win32/Lemmy.U -> Infected
F:\Téléchargements\Hijacking\backups\backup-20050508-212536-988.dll - TrojanDownloader:Win32/Small.QT -> Infected

Scanned
============================
Objects: 64333
Directories: 4873
Archives: 1185
Size(Kb): 1896581
Infected files: 17

Found
============================
Viruses found: 14
Suspicious files: 0
Disinfected files: 0
Mail files: 471


Voilà le hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 23:23:14, on 08/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.10\WlanCU.exe
c:\windows\system32\kipsgga.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Documents and Settings\richard\Bureau\IEXPLORE.EXE
C:\Program Files\Logitech\Video\AlbumDB2.exe
F:\Téléchargements\Hijacking\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: nvwrsdwf - {AEAC9A71-A167-21D3-86FC-DF7D6DF1E798} - C:\WINDOWS\System32\nvwrsdwf.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "G:\daemon\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [xgavbkc] c:\windows\system32\kipsgga.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{40F2E534-F0C8-45BA-9AF0-0EF645F487C6}\SECURITY.EXE
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.10\WlanCU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Compagnon) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Ya encore du boulot !
Merci pour tout, je suis ouvert à toute suggestion pour solutionner le reste !!!
Précédentballtrap34
mai 05
balltrap34
mai 05
Suivant
REPONSES
moe
mai 05
masaccio
mai 05
balltrap34
mai 05
moe
mai 05
balltrap34
mai 05
masaccio
mai 05
balltrap34
mai 05
masaccio
mai 05
moe
mai 05
masaccio
mai 05
Version Web
Mentions légales (c)2009
Réalisé par RedShift
no save