Se connecter / S'enregistrer
Votre question

Comment supprimer le virus Trojan.cachecachekit (pb sur rdriv.sys)

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Novembre 2005 14:51:57

Bonjour,
mon pc a choppé le virus Trojan.cachecachekit que détecte mon norton V9.
par contre, bien entendu, Norton, le detecte mais ne le supprime pas, j'ai des notifications Norton toutes les minutes pour me dire que le trojan a été détecté et que le fichier rdriv.sys a été supprimé....

Voici la log de HighJack, merci de me dire ce que je peux faire pour me débarrassé de cette m---.
Merci d'avance.

Montilov.


Logfile of HijackThis v1.99.1
Scan saved at 14:36:06, on 03/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\nicolas.valentin\My Documents\Perso\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://portal.accenture.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://130.1.25.153:80/proxy.pac
O1 - Hosts: 152.9.126.5 fr0-mailmb10
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe"
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [tgcmd] "C:\Progra~1\Support.com\bin\tgcmd.exe " /nosystray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ENC GLUE INTERNET DRV] C:\Documents and Settings\All Users\Application Data\Itch Each Enc Glue\AUDIO 64.exe
O4 - HKLM\..\RunServices: [SetPoint] SetPoint.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Slow Stop] C:\DOCUME~1\NICOLA~1.VAL\APPLIC~1\MODEEL~1\rule2idle.exe
O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com
O15 - Trusted Zone: *.accenture.com
O15 - Trusted Zone: *.accenture.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1416D7C8-8A28-11CF-9236-444553540000} (Infragistics Data Explorer Control) - https://mylearning-lms6.accenture.com/docent/lms/pvxplo...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42442236-3673-4054-89C0-A7408BC51EFC} (SDLNSrvr.clsNotes) - https://methodology.accenture.com/codebase/SDLnSrvr_Cha...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - https://virtualclassroomext.accenture.com/SiteRoots/mai...
O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://merc-int.webex.com/client/v_mywebex/webex/ieatg...
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} (ERPageAddin Class) - http://fr0-prter-21.eu.airbus.corp:81/eroomsetup/client...
O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Accenture.com
O17 - HKLM\Software\..\Telephony: DomainName = Accenture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com,internal.accenture.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Accenture.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com,internal.accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com,internal.accenture.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: ACNUSvc - - c:\program files\acnu\acnupdatersvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
O23 - Service: IgniteService - Unknown owner - C:\Program Files\Accenture Connection\9341989\Program\IgniteService.exe" -Service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Accenture Media Viewer (MediaViewer) - - c:\program files\firm applications\media viewer\services\streamviewerservice.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: Windows 32 Bit (Windows 32 Bit Drivers) - Unknown owner - C:\WINDOWS\WinVid32.exe




Autres pages sur : supprimer virus trojan cachecachekit rdriv sys

3 Novembre 2005 14:54:09

Je ne sais pas analyser les logs hijackthis, tout ce que je peux te dire, c'est de passer un coup de
- ad-aware
- Spybot
- A² free
le tout en mode sans echec.
3 Novembre 2005 16:08:36

Merci pour l'information.
Je vais essayer tous ces trucs, j'espere que l'un d'entres eux arrivera à nettoyer.

Montilov.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS