Rapport Hijackthis

[Mazayes]

Bonsoir, j'ai suivi les tutos et je ne suis pas sur de moi merci d'avance pour votre aide

le rapport AVSCAN et le hijack à la suite:

 

 

AntiVir PersonalEdition Classic

Report file date: lundi 4 décembre 2006 19:41

 

Scanning for 574425 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Session

Computer name: AUBOULOT

 

Version information:

AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 11:06:58

AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 11:56:34

LUKE.DLL : 7.0.0.47 118824 07/09/2006 11:32:34

LUKERES.DLL : 7.0.0.47 9256 07/09/2006 11:56:34

ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 11:35:28

ANTIVIR1.VDF : 6.36.1.24 2212864 14/11/2006 18:13:42

ANTIVIR2.VDF : 6.36.1.113 221696 01/12/2006 18:13:42

ANTIVIR3.VDF : 6.36.1.126 73216 04/12/2006 18:13:42

AVEWIN32.DLL : 7.2.0.46 1925632 04/12/2006 18:13:42

AVPREF.DLL : 7.0.0.2 23592 24/07/2006 13:36:06

AVREP.DLL : 6.36.1.111 983080 04/12/2006 18:13:42

AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 09:43:32

AVPACK32.DLL : 7.2.0.5 368680 04/12/2006 18:13:44

AVREG.DLL : 6.31.0.90 27688 28/07/2005 11:06:36

NETNT.DLL : 6.32.0.0 6696 27/09/2005 08:56:50

NETNW.DLL : 7.0.0.0 9768 24/07/2006 13:35:56

RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 12:22:58

RCTEXT.DLL : 7.0.1.4 77864 04/12/2006 18:13:42

 

Configuration settings for the scan:

Jobname.......................: Manual Selection

Configuration file............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp

Boot sectors..................: C,D,E

Scan memory...................: 1

Process scan..................: 1

Scan all files................: 1

Scan archives.................: 1

Recursion depth...............: 20

Smart extensions..............: 1

Skipped archive types.........: 1000,1001,1002,1003,1004,1005,

Macro heuristic...............: 1

File heuristic................: 3

Primary action................: 1

Secondary action..............: 0

 

Start of the scan: lundi 4 décembre 2006 19:41

 

 

The scan of running processes will be started

4 Processes were scanned

 

Start scanning boot sectors:

 

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( 44 files ).

 

 

Starting the file scan:

 

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SYSTEM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SOFTWARE

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\DEFAULT

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\Session\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\Session\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\Session\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\Session\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\Session\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-337f00c0.zip

[0] Archive type: ZIP

--> HiPointInstallShieldRT.class

[DETECTION] Is the Trojan horse TR/Java.Downloader.Gen

[iNFO] The file was deleted!

C:\SDFix\backups1\backups.zip

[0] Archive type: ZIP

--> backups/16exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/16exhdd.m.exe

[DETECTION] Is the Trojan horse TR/Dldr.Horst.EG.1

--> backups/55exhdd.m.exe

[DETECTION] Is the Trojan horse TR/Dldr.Horst.EG.1

--> backups/47exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/3exmodul32f.b.exe

[DETECTION] Is the Trojan horse TR/Proxy.Ho.OR.51.B

--> backups/7exmodul32f.c.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.PZ

--> backups/49exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/53exmodul32f.b.exe

[DETECTION] Is the Trojan horse TR/Proxy.Ho.OR.51.B

--> backups/26exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/42exmodul32f.b.exe

[DETECTION] Is the Trojan horse TR/Proxy.Ho.OR.51.B

--> backups/39exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/81exhdd.m.exe

[DETECTION] Is the Trojan horse TR/Dldr.Horst.EG.1

--> backups/69exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/94exhdd.m.exe

[DETECTION] Is the Trojan horse TR/Dldr.Horst.EG.1

--> backups/61exhdd.m.exe

[DETECTION] Is the Trojan horse TR/Dldr.Horst.EG.1

--> backups/82exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/65exmodul32f.c.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.PZ

--> backups/6exhdd.m.exe

[DETECTION] Is the Trojan horse TR/Dldr.Horst.EG.1

--> backups/20exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/56exmodul32f.c.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.PZ

--> backups/17exmodul32f.c.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.PZ

--> backups/79exhdd.m.exe

[DETECTION] Is the Trojan horse TR/Dldr.Horst.EG.1

--> backups/59exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/14exhdd.m.exe

[DETECTION] Is the Trojan horse TR/Dldr.Horst.EG.1

--> backups/69exmodul32f.c.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.PZ

--> backups/51exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/29exmodul32f.c.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.PZ

--> backups/90exhdd.m.exe

[DETECTION] Is the Trojan horse TR/Dldr.Horst.EG.1

--> backups/5exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/96exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/96exhdd.m.exe

[DETECTION] Is the Trojan horse TR/Dldr.Horst.EG.1

--> backups/1exmodul32f.c.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.PZ

--> backups/54exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/7exhdd.m.exe

[DETECTION] Is the Trojan horse TR/Dldr.Horst.EG.1

--> backups/41exmodul32f.c.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.PZ

--> backups/92exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/44exmodul32f.c.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.PZ

--> backups/4exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/82exmodul32f.c.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.PZ

--> backups/59exhdd.m.exe

[DETECTION] Is the Trojan horse TR/Dldr.Horst.EG.1

--> backups/74exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/34exssd32.q.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.KQ.9

--> backups/39exmodul32f.c.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.PZ

--> backups/4exmodul32f.c.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.PZ

--> backups/38exmodul32f.c.exe

[DETECTION] Is the Trojan horse TR/Proxy.Horst.PZ

[WARNING] The file was ignored!

The path E:\ could not be found!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: lundi 4 décembre 2006 21:45

Used time: 2:04:01 min

 

The scan has been done completely.

 

4499 Scanning directories

364676 Files were scanned

46 viruses and/or unwanted programs were found

1 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

8684 Archives were scanned

20 Warnings

44 Notes

 

-----------------------------------------------------------------------------

---------------------------------------------------------

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:09:22, on 04/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Program Files\Launch Manager\Wbutton.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\ElkCtrl.exe

C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

C:\Program Files\Launch Manager\OSDCtrl.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hijack\HijackThis.exe

[Apollo]

Bonsoir et bienvenue sur les forums Zébulon!

 

Ton rapport Hijackthis n'est pas complet,refais-le et reposte le nouveau log stp.

 

TéléchargerAVG AntiSpyware 7.5

 

Faire la mise à Jour.

 

Dans l'onglet Analyse, cliquer sur Paramètres, cliquer alors sur Actions recommandées et choisir Quarantaine.

 

 

Passer en mode sans échec (tapoter F8 au redémarrage du pc) et cliquer sur Analyse: choisir: Analyse complète du système

 

A la fin du scan,si des malwares sont détectés, cliquer sur appliquer à tout

 

 

sauvegarder le rapport en cliquant sur Enregistrer le rapport d'analyse puis sur Enregistrer les rapport sous: choisir "bureau"

 

Poster ce rapport sur le forum ainsi qu'un nouveau rapport Hijackthis fait en mode normal.

 

NB: cette méthode est employée pour des analyses profondes, mais des scans réguliers peuvent aussi être faits en mode normal.

 

Je te laisse entre les mains de spécialistes de sécurité.

[flit]

Bonsoir et bienvenue sur les forums Zébulon!

 

Ton rapport Hijackthis n'est pas complet,refais-le et reposte le nouveau log stp.

 

TéléchargerAVG AntiSpyware 7.5

 

Faire la mise à Jour.

 

Dans l'onglet Analyse, cliquer sur Paramètres, cliquer alors sur Actions recommandées et choisir Quarantaine.

 

 

Passer en mode sans échec (tapoter F8 au redémarrage du pc) et cliquer sur Analyse: choisir: Analyse complète du système

 

A la fin du scan,si des malwares sont détectés, cliquer sur appliquer à tout

 

 

sauvegarder le rapport en cliquant sur Enregistrer le rapport d'analyse puis sur Enregistrer les rapport sous: choisir "bureau"

 

Poster ce rapport sur le forum ainsi qu'un nouveau rapport Hijackthis fait en mode normal.

 

NB: cette méthode est employée pour des analyses profondes, mais des scans réguliers peuvent aussi être faits en mode normal.

 

Je te laisse entre les mains de spécialistes de sécurité.

 

 

je suis nouveau ici,donc bonsoir a tous

 

quand je vois le post de Liegeois,çà me rappelle qq1 qui m'a beaucoup aide y a pas encore si longtemps

 

si c'est un de ses emules,Bravo

 

 

@+

[Apollo]

Emule, y'a des mots à ne pas citer ici

 

Bon, tu connais Apollo, moi aussi.