Comment supprimé virus avec OfficeScan ?
remy-vtt
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
je viens de faire un scan avec mon anti-virus OfficeScan et je viens de remarqué que j'avais 79virus =o.
beaucoup de ceux-ci s'appellent : TROJ_(VUNDO souvent, mais il y beaucoup de nom différents), SPYW_VIRTUMONDE aussi. Mais je n'arrive pas à les supprimé a l'aide de Officescan.
Mon pc rame beaucoup et quand je vais sur internet des fenetre publicitaires s'ouvrent souvent !
Que dois-je faire ?
Aidez-moi svp
Merci
je viens de faire un scan avec mon anti-virus OfficeScan et je viens de remarqué que j'avais 79virus =o.
beaucoup de ceux-ci s'appellent : TROJ_(VUNDO souvent, mais il y beaucoup de nom différents), SPYW_VIRTUMONDE aussi. Mais je n'arrive pas à les supprimé a l'aide de Officescan.
Mon pc rame beaucoup et quand je vais sur internet des fenetre publicitaires s'ouvrent souvent !
Que dois-je faire ?
Aidez-moi svp
Merci
A voir également:
- Comment supprimé virus avec OfficeScan ?
- Comment recuperer un message supprimé sur whatsapp - Guide
- Message supprimé whatsapp - Guide
- Virus mcafee - Accueil - Piratage
- Comment supprimer une page sur word - Guide
- Comment supprimer un fichier qui refuse d'être supprimé - Guide
8 réponses
slt,
scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Logfile of random's system information tool 1.05 (written by random/random)
Run by Rémy at 2009-01-20 13:36:03
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 3 GB (13%) free of 19 GB
Total RAM: 254 MB (9% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:40, on 20/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\WI9A26.EXE
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Temp\Temporary Internet Files\Content.IE5\329485HE\RSIT[1].exe
C:\Program Files\trend micro\Rémy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtuspnN.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: {446f0dcc-e7b2-d4b9-03d4-984a5281c58d} - {d85c1825-a489-4d30-9b4d-2b7eccd0f644} - C:\WINDOWS\system32\aegvsd.dll
O2 - BHO: (no name) - {F594B8D3-C21F-4B03-B3F7-CAC8FF01E18C} - C:\WINDOWS\system32\geBtRkhH.dll
O3 - Toolbar: Mirar - {8FFA9BDC-600D-417F-90D0-03F395CACC8B} - C:\WINDOWS\system32\winab75.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Service] C:\Documents and Settings\Rémy\service.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.75.4.34:4343/officescan/console/html/AtxEnc.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05B79FCE-DD4B-4F84-82A2-67A49607AB97}: NameServer = 195.238.2.21,195.238.2.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{530E30D6-3C5C-45BA-A64E-ACD8B2BED911}: NameServer = 195.238.2.21,195.238.2.22
O20 - AppInit_DLLs: aegvsd.dll
O20 - Winlogon Notify: awtuspnN - C:\WINDOWS\SYSTEM32\awtuspnN.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Run by Rémy at 2009-01-20 13:36:03
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 3 GB (13%) free of 19 GB
Total RAM: 254 MB (9% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:40, on 20/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\WI9A26.EXE
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Temp\Temporary Internet Files\Content.IE5\329485HE\RSIT[1].exe
C:\Program Files\trend micro\Rémy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtuspnN.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: {446f0dcc-e7b2-d4b9-03d4-984a5281c58d} - {d85c1825-a489-4d30-9b4d-2b7eccd0f644} - C:\WINDOWS\system32\aegvsd.dll
O2 - BHO: (no name) - {F594B8D3-C21F-4B03-B3F7-CAC8FF01E18C} - C:\WINDOWS\system32\geBtRkhH.dll
O3 - Toolbar: Mirar - {8FFA9BDC-600D-417F-90D0-03F395CACC8B} - C:\WINDOWS\system32\winab75.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Service] C:\Documents and Settings\Rémy\service.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.75.4.34:4343/officescan/console/html/AtxEnc.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05B79FCE-DD4B-4F84-82A2-67A49607AB97}: NameServer = 195.238.2.21,195.238.2.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{530E30D6-3C5C-45BA-A64E-ACD8B2BED911}: NameServer = 195.238.2.21,195.238.2.22
O20 - AppInit_DLLs: aegvsd.dll
O20 - Winlogon Notify: awtuspnN - C:\WINDOWS\SYSTEM32\awtuspnN.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by Rémy at 2009-01-20 13:36:03
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 3 GB (13%) free of 19 GB
Total RAM: 254 MB (9% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:40, on 20/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\WI9A26.EXE
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Temp\Temporary Internet Files\Content.IE5\329485HE\RSIT[1].exe
C:\Program Files\trend micro\Rémy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtuspnN.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: {446f0dcc-e7b2-d4b9-03d4-984a5281c58d} - {d85c1825-a489-4d30-9b4d-2b7eccd0f644} - C:\WINDOWS\system32\aegvsd.dll
O2 - BHO: (no name) - {F594B8D3-C21F-4B03-B3F7-CAC8FF01E18C} - C:\WINDOWS\system32\geBtRkhH.dll
O3 - Toolbar: Mirar - {8FFA9BDC-600D-417F-90D0-03F395CACC8B} - C:\WINDOWS\system32\winab75.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Service] C:\Documents and Settings\Rémy\service.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.75.4.34:4343/officescan/console/html/AtxEnc.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05B79FCE-DD4B-4F84-82A2-67A49607AB97}: NameServer = 195.238.2.21,195.238.2.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{530E30D6-3C5C-45BA-A64E-ACD8B2BED911}: NameServer = 195.238.2.21,195.238.2.22
O20 - AppInit_DLLs: aegvsd.dll
O20 - Winlogon Notify: awtuspnN - C:\WINDOWS\SYSTEM32\awtuspnN.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Run by Rémy at 2009-01-20 13:36:03
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 3 GB (13%) free of 19 GB
Total RAM: 254 MB (9% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:40, on 20/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\WI9A26.EXE
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Temp\Temporary Internet Files\Content.IE5\329485HE\RSIT[1].exe
C:\Program Files\trend micro\Rémy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtuspnN.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: {446f0dcc-e7b2-d4b9-03d4-984a5281c58d} - {d85c1825-a489-4d30-9b4d-2b7eccd0f644} - C:\WINDOWS\system32\aegvsd.dll
O2 - BHO: (no name) - {F594B8D3-C21F-4B03-B3F7-CAC8FF01E18C} - C:\WINDOWS\system32\geBtRkhH.dll
O3 - Toolbar: Mirar - {8FFA9BDC-600D-417F-90D0-03F395CACC8B} - C:\WINDOWS\system32\winab75.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Service] C:\Documents and Settings\Rémy\service.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.75.4.34:4343/officescan/console/html/AtxEnc.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.75.4.34:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05B79FCE-DD4B-4F84-82A2-67A49607AB97}: NameServer = 195.238.2.21,195.238.2.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{530E30D6-3C5C-45BA-A64E-ACD8B2BED911}: NameServer = 195.238.2.21,195.238.2.22
O20 - AppInit_DLLs: aegvsd.dll
O20 - Winlogon Notify: awtuspnN - C:\WINDOWS\SYSTEM32\awtuspnN.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
j'avais demandé malwarebyte avant :)
merci de faire malwarebyte et de mettre le rapport
puis un rapport RSIt
a plus
merci de faire malwarebyte et de mettre le rapport
puis un rapport RSIt
a plus
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1668
Windows 5.1.2600 Service Pack 3
20/01/2009 15:00:46
mbam-log-2009-01-20 (15-00-35).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 88721
Temps écoulé: 1 hour(s), 1 minute(s), 50 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 22
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 49
Processus mémoire infecté(s):
C:\WINDOWS\csrss.exe (Backdoor.Bot) -> No action taken.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\geBtRkhH.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aegvsd.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\awtuspnN.dll (Trojan.Vundo) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtuspnn (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d85c1825-a489-4d30-9b4d-2b7eccd0f644} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d85c1825-a489-4d30-9b4d-2b7eccd0f644} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f594b8d3-c21f-4b03-b3f7-cac8ff01e18c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f594b8d3-c21f-4b03-b3f7-cac8ff01e18c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d85c1825-a489-4d30-9b4d-2b7eccd0f644} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f594b8d3-c21f-4b03-b3f7-cac8ff01e18c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Service (Backdoor.Bot) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebtrkhh -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebtrkhh -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\awtuspnN.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aegvsd.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\geBtRkhH.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\HhkRtBeg.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\HhkRtBeg.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aoqymmkc.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ckmmyqoa.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aqgrjpkw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wkpjrgqa.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\dgaehesw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wseheagd.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\dincmxub.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\buxmcnid.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ffwrkygf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fgykrwff.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gdrgfcwv.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vwcfgrdg.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\isyqtkij.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jiktqysi.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mrcunwcl.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\lcwnucrm.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sgswyssw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wssywsgs.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tkaqqity.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ytiqqakt.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\uywhnawg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gwanhwyu.ini (Trojan.Vundo.H) -> No action taken.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\System Volume Information\_restore{F3FC67F0-369F-4B09-830C-9E289BEC46F4}\RP519\A0188896.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\System Volume Information\_restore{F3FC67F0-369F-4B09-830C-9E289BEC46F4}\RP523\A0193912.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F3FC67F0-369F-4B09-830C-9E289BEC46F4}\RP540\A0212557.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F3FC67F0-369F-4B09-830C-9E289BEC46F4}\RP540\A0212560.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F3FC67F0-369F-4B09-830C-9E289BEC46F4}\RP540\A0212562.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F3FC67F0-369F-4B09-830C-9E289BEC46F4}\RP540\A0212566.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\grqqqb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iwoysadq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jjljtwbx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mooauhis.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\phcajsua.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\raomay.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uxkefgmo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\baflte.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xwcbghoh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ylbwtj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rjysag.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\S4\FIW09GS.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\csrss.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
Version de la base de données: 1668
Windows 5.1.2600 Service Pack 3
20/01/2009 15:00:46
mbam-log-2009-01-20 (15-00-35).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 88721
Temps écoulé: 1 hour(s), 1 minute(s), 50 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 22
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 49
Processus mémoire infecté(s):
C:\WINDOWS\csrss.exe (Backdoor.Bot) -> No action taken.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\geBtRkhH.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aegvsd.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\awtuspnN.dll (Trojan.Vundo) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtuspnn (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d85c1825-a489-4d30-9b4d-2b7eccd0f644} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d85c1825-a489-4d30-9b4d-2b7eccd0f644} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f594b8d3-c21f-4b03-b3f7-cac8ff01e18c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f594b8d3-c21f-4b03-b3f7-cac8ff01e18c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d85c1825-a489-4d30-9b4d-2b7eccd0f644} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f594b8d3-c21f-4b03-b3f7-cac8ff01e18c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Service (Backdoor.Bot) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebtrkhh -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebtrkhh -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\awtuspnN.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aegvsd.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\geBtRkhH.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\HhkRtBeg.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\HhkRtBeg.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aoqymmkc.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ckmmyqoa.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aqgrjpkw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wkpjrgqa.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\dgaehesw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wseheagd.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\dincmxub.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\buxmcnid.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ffwrkygf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fgykrwff.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gdrgfcwv.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vwcfgrdg.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\isyqtkij.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jiktqysi.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mrcunwcl.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\lcwnucrm.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sgswyssw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wssywsgs.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tkaqqity.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ytiqqakt.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\uywhnawg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gwanhwyu.ini (Trojan.Vundo.H) -> No action taken.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\System Volume Information\_restore{F3FC67F0-369F-4B09-830C-9E289BEC46F4}\RP519\A0188896.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\System Volume Information\_restore{F3FC67F0-369F-4B09-830C-9E289BEC46F4}\RP523\A0193912.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F3FC67F0-369F-4B09-830C-9E289BEC46F4}\RP540\A0212557.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F3FC67F0-369F-4B09-830C-9E289BEC46F4}\RP540\A0212560.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F3FC67F0-369F-4B09-830C-9E289BEC46F4}\RP540\A0212562.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F3FC67F0-369F-4B09-830C-9E289BEC46F4}\RP540\A0212566.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\grqqqb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iwoysadq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jjljtwbx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mooauhis.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\phcajsua.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\raomay.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uxkefgmo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\baflte.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xwcbghoh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ylbwtj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rjysag.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\S4\FIW09GS.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\csrss.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
