Se connecter / S'enregistrer
Votre question

Problèmes Backdoor, trojan

Tags :
  • scanner
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Janvier 2006 00:18:44

Bonjour à tous
je viens de découvrir le site qui m'a l'air tres bien
ainsi que ce forum
j'ai un serieux probleme car n'ayant plus internet depuis des mois je me suis reconnecté a nu et chopé de nombreux virus trojan et je ne sais quoi. J'ai formaté mais ca n'a rien fais.
Après avoir lu quelques discussions sur le forum j'ai fais un rapport d'errreur que voici:

Scan Results:
scan start: 02/01/2006 23:35:59
scan stop: 02/01/2006 23:39:54
scanned items: 44100
found items: 45
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner



Infection Name Location Risk
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Services\rdriv High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Services\rdriv## High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Services\rdriv##Type High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Services\rdriv##Start High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Services\rdriv##ErrorControl High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Services\rdriv##ImagePath High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Services\rdriv##DisplayName High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Services\rdriv\Security High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Services\rdriv\Security## High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Services\rdriv\Security##Security High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##Type Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##0 Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##Count Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##NextInstance Elevated
Trojan.Dropper.Agent.TK HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate##DoNotAllowXPSP2 High
Trojan.Win32.Sdbot-QG HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##Configuration Loader High
Known Bad Sites C:\Documents and Settings\Propri鴡ire\Local Settings\Temporary Internet Files\Content.IE5\ANKXYVCY\searchbar.findthewebsiteyouneed[1].htm High
Trojan.Dialer.FU C:\Documents and Settings\Propri鴡ire\Local Settings\Temporary Internet Files\Content.IE5\ANKXYVCY\config[1].htm Medium
Trojan.Dialer.FU C:\Documents and Settings\Propri鴡ire\Local Settings\Temporary Internet Files\Content.IE5\07AHSBWX\css_fr[1].css Medium
Trojan.Dialer.FU C:\Documents and Settings\Propri鴡ire\Local Settings\Temporary Internet Files\Content.IE5\WH2VLPIP\phone[1].gif Medium
Trojan.Dialer.FU C:\Documents and Settings\Propri鴡ire\Local Settings\Temporary Internet Files\Content.IE5\ANKXYVCY\bulkplugin[1].htm Medium
Trojan.Dialer.FU C:\Documents and Settings\Propri鴡ire\Local Settings\Temporary Internet Files\Content.IE5\WH2VLPIP\3[1].gif Medium
Trojan.Dialer.FU C:\Documents and Settings\Propri鴡ire\Local Settings\Temporary Internet Files\Content.IE5\07AHSBWX\sponsoradulto[1].gif Medium
Trojan.Dialer.FU C:\Documents and Settings\Propri鴡ire\Local Settings\Temporary Internet Files\Content.IE5\WH2VLPIP\bulkplugin[1].htm Medium
Trojan.Dialer.FU C:\Documents and Settings\Propri鴡ire\Local Settings\Temporary Internet Files\Content.IE5\WH2VLPIP\1[2].gif Medium
Trojan.Dialer.FU C:\Documents and Settings\Propri鴡ire\Local Settings\Temporary Internet Files\Content.IE5\WH2VLPIP\2[1].gif Medium
Tracking Cookie(s) C:\Documents and Settings\Propri鴡ire\Cookies\propri鴡ire@tradedoubler[1].txt Medium
Common Components for Claria C:\Documents and Settings\Propri鴡ire\Cookies\propri鴡ire@belnk[1].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Propri鴡ire\Cookies\propri鴡ire@xiti[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Propri鴡ire\Cookies\propri鴡ire@ad.yieldmanager[2].txt Medium
Trojan.Downloader.VB.RI C:\WINDOWS\drsmartload.dat Elevated
SP2Update C:\WINDOWS\teller2.chk High
Trojan.Startpage.AW C:\WINDOWS\timessquare1.dat High
TargetSavers C:\Program Files\Fichiers communs\urfi\urfid\class-barrel High
TargetSavers C:\Program Files\Fichiers communs\urfi\urfid\urfic.dll High
TargetSavers C:\Program Files\Fichiers communs\urfi\urfid\vocabulary High
I-Search Desktop Search Toolbar C:\WINDOWS\c2FiYWRv\wZI2sqlS.vbs Elevated
I-Search Desktop Search Toolbar C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\07AHSBWX\installer[1].exe Elevated
PurityScan C:\WINDOWS\system32\wcpsu.exe High
I-Search Desktop Search Toolbar C:\WINDOWS\Temp\cmdinst.exe Elevated
TargetSavers C:\WINDOWS\Temp\tsinstall_4_0_4_0_b4.exe High


Merci d'avance de bien vouloir me venir en aide...et promis je vais essayer de mieux me protéger et de me renseigner sur les différents problèmes rencontrés sur le net
c'est formidable l'informatique mais tellement vaste !!
euh...à 30ans c 'est pas trop tard pour s'y interrésser !!

Autres pages sur : problemes backdoor trojan

3 Janvier 2006 00:32:09

finalement je vous laisse le rapport de hijack qui est souvent demandé

Logfile of HijackThis v1.99.1
Scan saved at 00:30:10, on 03/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\NeroFil.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\BF410YHO\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {04C1A2BD-1E02-66F3-22E4-64834CDBCB9D} - C:\WINDOWS\System32\vxnvpc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE
O4 - HKLM\..\Run: [NeroFil] NeroFil.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 - HKLM\..\Run: [Realsched.exe] C:\WINDOWS\Debug\UserMode\Update.exe C:\WINDOWS\Debug\UserMode\sm56help.exe
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\System32\00xstmp.exe
O4 - HKLM\..\Run: [Registry Value Name] service.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias\no-spy.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE
O4 - HKLM\..\RunServices: [NeroFil] NeroFil.EXE
O4 - HKLM\..\RunServices: [Registry Value Name] service.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NeroFil] NeroFil.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunServices: [NeroFil] NeroFil.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: printpnp - printpnp.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe (file missing)

Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS