----------------------------
 
PortailPortail  AccueilAccueil  FAQFAQ  RechercherRechercher  S'enregistrerS'enregistrer  MembresMembres  GroupesGroupes  ConnexionConnexion  

Partagez
 

 Trojan entré ou pas entré ?

Aller en bas 
AuteurMessage
poitevine
Apprenti expert
poitevine

Féminin Nombre de messages : 204
Age : 41
Localisation : Vendée
Réputation : 0
Date d'inscription : 11/10/2005

Votre configuration PC
Processeur, RAM: Intel Centrino duo, 1024 Mo RAM, 1666 MHz
Carte graphique, disque dur: NVIDIA Ge Force Go 7300, ST98823A (74 Go, IDE)
Système d'exploitation, service pack: XP Pro SP3

Trojan entré ou pas entré ? Empty
MessageSujet: Trojan entré ou pas entré ?   Trojan entré ou pas entré ? EmptyVen 10 Juil - 14:15

En visitant un lien de site (je faisais une recherche sur l'histoire des télécoms), j'ai eu un avertissement Avast sur la potentielle entrée d'un Trojan. Je l'ai supprimé aussitôt et vidé mes tmp puisqu'il se serait niché dedans. Mais à tout hasard je vous mets le warning log d'Avast et un rapport HiJackthis (sur posts séparés)
Revenir en haut Aller en bas
Voir le profil de l'utilisateur
poitevine
Apprenti expert
poitevine

Féminin Nombre de messages : 204
Age : 41
Localisation : Vendée
Réputation : 0
Date d'inscription : 11/10/2005

Votre configuration PC
Processeur, RAM: Intel Centrino duo, 1024 Mo RAM, 1666 MHz
Carte graphique, disque dur: NVIDIA Ge Force Go 7300, ST98823A (74 Go, IDE)
Système d'exploitation, service pack: XP Pro SP3

Trojan entré ou pas entré ? Empty
MessageSujet: Re: Trojan entré ou pas entré ?   Trojan entré ou pas entré ? EmptyVen 10 Juil - 14:17

Rapport Avast sur le trojan :

04/12/2008 11:28:16 1228386496 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\svedqckw.dll" file.
04/12/2008 11:28:42 1228386522 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\bcgattcp.dll" file.
04/12/2008 11:28:51 1228386531 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\domqpypu.dll" file.
04/12/2008 11:28:54 1228386534 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\leqbaist.dll" file.
04/12/2008 11:28:57 1228386537 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\womqjjyh.dll" file.
04/12/2008 11:29:00 1228386540 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\ewskxvon.dll" file.
04/12/2008 11:29:03 1228386543 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\swddoash.dll" file.
04/12/2008 11:29:03 1228386543 cassegrain 2276 Sign of "Win32:Trojano-1165 [Trj]" has been found in "C:\WINDOWS\system32\oliikxac.dll\[UPX]" file.
04/12/2008 11:29:07 1228386547 cassegrain 2276 Sign of "Win32:Trojano-1165 [Trj]" has been found in "C:\WINDOWS\system32\hyomwchw.dll\[UPX]" file.
04/12/2008 11:29:08 1228386548 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\shewswos.dll" file.
04/12/2008 11:29:12 1228386552 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\abrjssjm.dll" file.
04/12/2008 11:29:15 1228386555 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\ahbmmtgn.dll" file.
04/12/2008 11:29:16 1228386556 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\awrfscnk.dll" file.
04/12/2008 11:29:17 1228386557 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\tvqqpujm.dll" file.
04/12/2008 11:29:18 1228386558 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\eiogwicc.dll" file.
04/12/2008 11:29:19 1228386559 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\odomorqa.dll" file.
04/12/2008 11:29:32 1228386572 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\oglypten.dll" file.
04/12/2008 12:00:10 1228388410 cassegrain 2276 Sign of "Win32:Navipo [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP29\A0012711.exe" file.
04/12/2008 12:05:36 1228388736 cassegrain 2276 Sign of "Win32:Navipo [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP60\A0017434.exe" file.
04/12/2008 12:07:34 1228388854 cassegrain 2276 Sign of "Win32:Navipo [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP60\A0017520.exe" file.
04/12/2008 12:11:46 1228389106 cassegrain 2276 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP65\A0018097.exe" file.
04/12/2008 12:12:08 1228389128 cassegrain 2276 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP65\A0018098.exe" file.
04/12/2008 12:14:09 1228389249 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024369.dll" file.
04/12/2008 12:14:34 1228389274 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024370.dll" file.
04/12/2008 12:14:46 1228389286 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024371.dll" file.
04/12/2008 12:14:46 1228389286 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024372.dll" file.
04/12/2008 12:14:47 1228389287 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024373.dll" file.
04/12/2008 12:14:47 1228389287 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024374.dll" file.
04/12/2008 12:14:48 1228389288 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024375.dll" file.
04/12/2008 12:14:49 1228389289 cassegrain 2276 Sign of "Win32:Trojano-1165 [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024376.dll\[UPX]" file.
04/12/2008 12:14:49 1228389289 cassegrain 2276 Sign of "Win32:Trojano-1165 [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024377.dll\[UPX]" file.
04/12/2008 12:14:50 1228389290 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024378.dll" file.
04/12/2008 12:14:51 1228389291 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024379.dll" file.
04/12/2008 12:14:51 1228389291 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024380.dll" file.
04/12/2008 12:14:52 1228389292 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024381.dll" file.
04/12/2008 12:14:53 1228389293 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024382.dll" file.
04/12/2008 12:14:54 1228389294 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024383.dll" file.
04/12/2008 12:14:56 1228389296 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024384.dll" file.
04/12/2008 12:14:57 1228389297 cassegrain 2276 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP74\A0024385.dll" file.
05/12/2008 10:33:50 1228469630 SYSTEM 1972 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/12/2008 16:29:45 1228490985 SYSTEM 1836 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/12/2008 17:14:39 1228493679 SYSTEM 1816 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/12/2008 20:39:36 1228505976 SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
06/12/2008 12:57:47 1228564667 SYSTEM 1820 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
07/12/2008 16:13:22 1228662802 SYSTEM 1956 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
08/12/2008 10:41:04 1228729264 SYSTEM 1964 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
08/12/2008 15:46:33 1228747593 SYSTEM 1844 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
09/12/2008 10:51:08 1228816268 SYSTEM 1968 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
09/12/2008 15:47:07 1228834027 SYSTEM 1844 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/12/2008 09:53:20 1228899200 SYSTEM 1840 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
20/12/2008 11:46:25 1229769985 SYSTEM 2024 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
22/12/2008 10:44:55 1229939095 SYSTEM 1960 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
22/12/2008 16:11:12 1229958672 SYSTEM 1868 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
23/12/2008 10:40:05 1230025205 SYSTEM 1972 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
24/12/2008 10:44:51 1230111891 SYSTEM 1856 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
25/12/2008 12:02:51 1230202971 SYSTEM 1968 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
30/12/2008 11:06:02 1230631562 SYSTEM 1972 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
30/12/2008 14:10:45 1230642645 SYSTEM 1848 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
31/12/2008 13:56:29 1230728189 SYSTEM 1840 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
03/01/2009 10:47:33 1230976053 SYSTEM 1972 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
03/01/2009 16:07:26 1230995246 SYSTEM 1852 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
04/01/2009 10:01:52 1231059712 SYSTEM 2016 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/01/2009 10:51:19 1231149079 SYSTEM 1976 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
06/01/2009 11:28:10 1231237690 SYSTEM 1972 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
07/01/2009 17:30:11 1231345811 SYSTEM 164 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
09/01/2009 11:19:08 1231496348 SYSTEM 1844 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
09/01/2009 14:16:22 1231506982 SYSTEM 1976 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/01/2009 10:12:40 1231578760 SYSTEM 2016 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/01/2009 16:11:12 1231600272 SYSTEM 1848 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
12/01/2009 10:24:10 1231752250 SYSTEM 1976 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
12/01/2009 15:56:28 1231772188 SYSTEM 1876 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
13/01/2009 10:34:28 1231839268 SYSTEM 2012 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
13/01/2009 15:21:51 1231856511 SYSTEM 1844 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
14/01/2009 10:11:25 1231924285 SYSTEM 1972 Sign of "VBS:Malware-gen" has been found in "http://yry.star.ro/expl/E-Greetings.exe\a.reg" file.
14/01/2009 10:11:39 1231924299 SYSTEM 1972 Sign of "VBS:Malware-gen" has been found in "C:\Documents and Settings\cassegrain\Local Settings\Temporary Internet Files\Content.IE5\6IIWR7VJ\E-Greetings[1].exe\a.reg" file.
14/01/2009 10:11:44 1231924304 SYSTEM 1972 Sign of "IRC:Malware-gen" has been found in "C:\Documents and Settings\cassegrain\Local Settings\Temporary Internet Files\Content.IE5\6IIWR7VJ\E-Greetings[1].exe\ident.txt" file.
14/01/2009 10:11:46 1231924306 SYSTEM 1972 Sign of "VBS:Malware-gen" has been found in "C:\Documents and Settings\cassegrain\Local Settings\Temporary Internet Files\Content.IE5\6IIWR7VJ\E-Greetings[1].exe\run.bat" file.
14/01/2009 15:56:32 1231944992 SYSTEM 1844 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
15/01/2009 10:51:33 1232013093 SYSTEM 1960 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
08/04/2009 13:47:25 1239191245 cassegrain 3896 Sign of "BV:AutoRun-G [Wrm]" has been found in "F:\Autorun.inf" file.
08/04/2009 13:47:51 1239191271 cassegrain 3896 Sign of "Win32:VB-HIP [Wrm]" has been found in "F:\Recycled\INFO.EXE\[Embedded_R#SYSTEM]" file.
08/04/2009 13:47:58 1239191278 cassegrain 3896 Sign of "Win32:Trojan-gen {Other}" has been found in "F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe" file.
27/04/2009 13:43:30 1240832610 cassegrain 1844 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\DCIM\100MLT02\PICT0244.JPG (F:\DCIM\100MLT02\PICT0244.JPG) returning error, 0000001E.
12/05/2009 10:18:31 1242116311 SYSTEM 1948 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
12/05/2009 10:18:31 1242116311 SYSTEM 1948 An error has occured while attempting to update. Please check the logs.
12/05/2009 11:30:46 1242120646 SYSTEM 1840 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\RealPlayer11GOLD_fr.exe\[Embedded_O#15000]" file.
18/05/2009 14:28:01 1242649681 cassegrain 5600 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP148\A0039353.exe\[Embedded_O#15000]" file.
16/06/2009 14:45:26 1245156326 cassegrain 5020 Sign of "Win32:Agent-AFJZ [Trj]" has been found in "C:\WINDOWS\ComboFix.exe" file.
16/06/2009 15:43:16 1245159796 cassegrain 5020 Sign of "Win32:Agent-AFJZ [Trj]" has been found in "C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP169\A0043088.exe" file.
19/06/2009 10:42:56 1245400976 SYSTEM 1840 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
19/06/2009 12:10:25 1245406225 SYSTEM 1872 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/07/2009 16:03:25 1247234605 SYSTEM 352 Sign of "HTML:Iframe-inf" has been found in "http://www.beiret-communication.com/" file.
10/07/2009 16:03:26 1247234606 SYSTEM 352 Sign of "JS:Downloader-CC [Trj]" has been found in "C:\Documents and Settings\cassegrain\Local Settings\Temporary Internet Files\Content.IE5\R9WGELQB\index[2].htm" file.
10/07/2009 16:04:35 1247234675 SYSTEM 352 Sign of "HTML:Iframe-inf" has been found in "http://www.beiret-communication.com/" file.
10/07/2009 16:04:47 1247234687 SYSTEM 352 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\cassegrain\Local Settings\Temporary Internet Files\Content.IE5\GPCY2Y4Y\beiret-communication_com[1].htm" file.
10/07/2009 16:05:02 1247234702 SYSTEM 352 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\cassegrain\Local Settings\Temporary Internet Files\Content.IE5\0O86UH92\beiret-communication_com[1].htm" file.
Revenir en haut Aller en bas
Voir le profil de l'utilisateur
poitevine
Apprenti expert
poitevine

Féminin Nombre de messages : 204
Age : 41
Localisation : Vendée
Réputation : 0
Date d'inscription : 11/10/2005

Votre configuration PC
Processeur, RAM: Intel Centrino duo, 1024 Mo RAM, 1666 MHz
Carte graphique, disque dur: NVIDIA Ge Force Go 7300, ST98823A (74 Go, IDE)
Système d'exploitation, service pack: XP Pro SP3

Trojan entré ou pas entré ? Empty
MessageSujet: Re: Trojan entré ou pas entré ?   Trojan entré ou pas entré ? EmptyVen 10 Juil - 14:18

Rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:13, on 10/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mes données\OrangeDrvHome.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OnlineStorage] C:\Program Files\mes données\OrangeDrvHome.exe -startup
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://*.orange.fr
O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Office Outlook View Control) - http://activex.microsoft.com/activex/controls/office/outlctlx.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - http://contacts.orange.fr/wfr_webab/VoxsyncX.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/36.23/uploader2.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/framework/lib/objimageuploader/html_include/5.1.1.0/ImageUploader5.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - https://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_1.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCB1362C-F486-4B2D-B94B-DFC6A172F4A8}: NameServer = 192.168.1.1
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 12794 bytes
Revenir en haut Aller en bas
Voir le profil de l'utilisateur
Richard1
Modérateur
Richard1

Masculin Nombre de messages : 4278
Age : 71
Localisation : Montréal-Canada
Réputation : 15
Date d'inscription : 16/05/2005

Votre configuration PC
Processeur, RAM:
Carte graphique, disque dur:
Système d'exploitation, service pack:

Trojan entré ou pas entré ? Empty
MessageSujet: Re: Trojan entré ou pas entré ?   Trojan entré ou pas entré ? EmptyVen 10 Juil - 16:07

Bonjour AMHi poitevine,

Faut pas s'en faire quand notre antivirus trouve un virus ou un trojan: il est là pour ça. Le mien, mon antivirus Panda trouve régulierement des trojans et parfois des virus. Il me prévient des phishings, m'en informe immédiatement et fait le nécessaire sur-le-champs.

Un bon parefeu est aussi nécessaire. Par exemple, le mien (inclu dans Panda) a bloqué 632 tentatives d'intrusion et 2 menaces inconnues la semaine dernière. J'allais oublier de mentionner qu'il faut toujours avoir un antivirus à jour.

*****

Tout est OK dans ton log.
Tu peux cocher les lignes suivantes et cliquer sur FixChecked, ton ordi ne s'en portera que mieux:

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?

Redémarre ton ordi et...tout sera OK.

Bonne journée!

Bien AMHicalement
Revenir en haut Aller en bas
Voir le profil de l'utilisateur
Taz6700
Apprenti expert
Taz6700

Masculin Nombre de messages : 281
Age : 29
Localisation : Alsace (67)
Réputation : 0
Date d'inscription : 20/08/2006

Votre configuration PC
Processeur, RAM: Intel core 2 Quad 2,4 Ghz / 4 Go DDR2
Carte graphique, disque dur: Geforce fx8800GT 512 Mo / Disque dur: 500 Go + 80 Go
Système d'exploitation, service pack: Windows Seven Intégrale 64 bits

Trojan entré ou pas entré ? Empty
MessageSujet: Re: Trojan entré ou pas entré ?   Trojan entré ou pas entré ? EmptyVen 10 Juil - 16:27

bonjour,

Richard1 a écrit:
Par exemple, le mien (inclu dans Panda) a bloqué 632 tentatives d'intrusion et 2 menaces inconnues la semaine dernière

Moi qui pensais être un habitué avec mes problèmes hebdomadaires (432 intrusions) me voilà rassuré en voyant tes chiffres ! Trojan entré ou pas entré ? Ordi10

Bonne journée,

Taz6700 Wink
Revenir en haut Aller en bas
Voir le profil de l'utilisateur
Richard1
Modérateur
Richard1

Masculin Nombre de messages : 4278
Age : 71
Localisation : Montréal-Canada
Réputation : 15
Date d'inscription : 16/05/2005

Votre configuration PC
Processeur, RAM:
Carte graphique, disque dur:
Système d'exploitation, service pack:

Trojan entré ou pas entré ? Empty
MessageSujet: Re: Trojan entré ou pas entré ?   Trojan entré ou pas entré ? EmptyVen 10 Juil - 17:59

lolllll

Salut Taz!
Revenir en haut Aller en bas
Voir le profil de l'utilisateur
poitevine
Apprenti expert
poitevine

Féminin Nombre de messages : 204
Age : 41
Localisation : Vendée
Réputation : 0
Date d'inscription : 11/10/2005

Votre configuration PC
Processeur, RAM: Intel Centrino duo, 1024 Mo RAM, 1666 MHz
Carte graphique, disque dur: NVIDIA Ge Force Go 7300, ST98823A (74 Go, IDE)
Système d'exploitation, service pack: XP Pro SP3

Trojan entré ou pas entré ? Empty
MessageSujet: Re: Trojan entré ou pas entré ?   Trojan entré ou pas entré ? EmptyVen 10 Juil - 18:16

Bon, en remettant mon ordi, pas de dommages, ouf !
Comme pare-feu, j'ai celui de Windows qui est activé.
J'avais également passé un scan de mon dossier Local Settings au Malwarebytes anti-Malware qui lui n'a rien révélé.
Par contre, comme c'était via un lien sur lequel j'avais cliqué que j'avais attrapé ce trojan, ce que j'ai fait c'est : Outils > options > onglet Sécurité > sites sensibles (sécurité réglée à la hausse) > sites > j'ai entré l'adresse incriminée. Je ne sais pas si c'est suffisant, mais au moins j'aurai essayé de limiter les dégâts !
Revenir en haut Aller en bas
Voir le profil de l'utilisateur
chrifleur
Modérateur
chrifleur

Féminin Nombre de messages : 686
Age : 63
Réputation : 1
Date d'inscription : 01/10/2006

Trojan entré ou pas entré ? Empty
MessageSujet: Trojan entré ou pas entré ?   Trojan entré ou pas entré ? EmptyDim 12 Juil - 14:35

bonjour à tous
pour en être certain, un scan RSIT et un scan complet de malwarebytes sur le poste de travail pas seulement sur local settings
Trojan entré ou pas entré ? Nature02
Revenir en haut Aller en bas
Voir le profil de l'utilisateur
Contenu sponsorisé




Trojan entré ou pas entré ? Empty
MessageSujet: Re: Trojan entré ou pas entré ?   Trojan entré ou pas entré ? Empty

Revenir en haut Aller en bas
 
Trojan entré ou pas entré ?
Revenir en haut 
Page 1 sur 1

Permission de ce forum:Vous ne pouvez pas répondre aux sujets dans ce forum
Le forum d'Aide Informatique pour tous :: Applications :: Sécurité-
Sauter vers: