Comment supprimer T>rojan Start Page???
loup0789
-
crofft59 Messages postés 70 Statut Membre -
crofft59 Messages postés 70 Statut Membre -
Bonjour à tous
Norton vient de me signaler qu'un de mes fichiers est infecté par Trojan.StartPage
Le fichier se nomme eplrr9.dll et il se trouve dans le répertoire system32 du répertoire Windows
Norton me signale qu'il est impossible de supprimer le trojan et me propose de le mettre en quarantaine, ce que j'hésite à faire, ne voulant à aucun prix garder cette saloperie sur mon PC
J'ai fait un scan à l'aide d'hijackthis.
Voilà le résultat du SaveLog:
Logfile of HijackThis v1.98.2
Scan saved at 18:33:03, on 02/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\WINDOWS\System32\ezSP_PxEngine.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Fichiers communs\ARS Company\Agent\Agent.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Norton Internet Security\ATRACK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rencontres Cinéma\Local Settings\Temp\Répertoire temporaire 1 pour hjt.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <http://hp.naupoint.com>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <http://hp.naupoint.com>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <http://www.naupoint.com/toolbar/ie.html>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <http://hp.naupoint.com>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <http://hp.naupoint.com>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <http://hp.naupoint.com>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <http://hp.naupoint.com>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = <http://home.fr.netscape.com/fr/home/winsearch200.html>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <http://hp.naupoint.com>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <http://hp.naupoint.com>
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = <http://hp.naupoint.com>
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <http://hp.naupoint.com>
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <http://hp.naupoint.com>
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = <http://hp.naupoint.com>
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = <http://keyword.fr.netscape.com/keyword/%s>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = <http://hp.naupoint.com>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = <http://hp.naupoint.com>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: No description - {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} - C:\WINDOWS\DOWNLO~1\iEBINST2.dll
O2 - BHO: No description - {60261C06-81B0-4DE0-9313-E5BA203A64E9} - C:\WINDOWS\DOWNLO~1\pdfmgr.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AMP Agent] C:\Program Files\Fichiers communs\ARS Company\Agent\Agent.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - <http://www.wanadoo.fr> (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - <http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab>
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - <http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab>
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - <http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab>
O16 - DPF: {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} (No description) - <http://naupoint.com/toolbar/installer/iEBINST2.cab>
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - <http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab>
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E5DF351-EA9C-4B06-8CDE-F1E3FBC42EA7}: NameServer = 205.188.146.146
O21 - SSODL: eplrr9 - {4688003D-7B45-43C8-953C-CEDC45D72085} - C:\WINDOWS\System32\eplrr9.dll
Comment supprimer et se débarrasser de ce trojan?
Pouvez-vous m'aider svp???
Merci de vos réponses
Norton vient de me signaler qu'un de mes fichiers est infecté par Trojan.StartPage
Le fichier se nomme eplrr9.dll et il se trouve dans le répertoire system32 du répertoire Windows
Norton me signale qu'il est impossible de supprimer le trojan et me propose de le mettre en quarantaine, ce que j'hésite à faire, ne voulant à aucun prix garder cette saloperie sur mon PC
J'ai fait un scan à l'aide d'hijackthis.
Voilà le résultat du SaveLog:
Logfile of HijackThis v1.98.2
Scan saved at 18:33:03, on 02/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\WINDOWS\System32\ezSP_PxEngine.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Fichiers communs\ARS Company\Agent\Agent.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Norton Internet Security\ATRACK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rencontres Cinéma\Local Settings\Temp\Répertoire temporaire 1 pour hjt.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <http://hp.naupoint.com>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <http://hp.naupoint.com>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <http://www.naupoint.com/toolbar/ie.html>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <http://hp.naupoint.com>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <http://hp.naupoint.com>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <http://hp.naupoint.com>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <http://hp.naupoint.com>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = <http://home.fr.netscape.com/fr/home/winsearch200.html>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <http://hp.naupoint.com>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <http://hp.naupoint.com>
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = <http://hp.naupoint.com>
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <http://hp.naupoint.com>
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <http://hp.naupoint.com>
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = <http://hp.naupoint.com>
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = <http://keyword.fr.netscape.com/keyword/%s>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = <http://hp.naupoint.com>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = <http://hp.naupoint.com>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: No description - {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} - C:\WINDOWS\DOWNLO~1\iEBINST2.dll
O2 - BHO: No description - {60261C06-81B0-4DE0-9313-E5BA203A64E9} - C:\WINDOWS\DOWNLO~1\pdfmgr.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AMP Agent] C:\Program Files\Fichiers communs\ARS Company\Agent\Agent.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - <http://www.wanadoo.fr> (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - <http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab>
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - <http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab>
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - <http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab>
O16 - DPF: {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} (No description) - <http://naupoint.com/toolbar/installer/iEBINST2.cab>
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - <http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab>
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E5DF351-EA9C-4B06-8CDE-F1E3FBC42EA7}: NameServer = 205.188.146.146
O21 - SSODL: eplrr9 - {4688003D-7B45-43C8-953C-CEDC45D72085} - C:\WINDOWS\System32\eplrr9.dll
Comment supprimer et se débarrasser de ce trojan?
Pouvez-vous m'aider svp???
Merci de vos réponses
A voir également:
- Comment supprimer T>rojan Start Page???
- Supprimer rond bleu whatsapp - Guide
- Comment supprimer une page sur word - Guide
- Comment supprimer une application préinstallée sur android - Guide
- Supprimer pub youtube - Accueil - Streaming
- Fichier impossible à supprimer - Guide
1 réponse
salut
surtout fais bien attention en supprimant ce troyan ds la base de registre, il es planque super bien.
tout ce qui touche au system32 pose un pb si tu veux eradiquer un virus.
je l'ai fait une fois... malheur a moi !!!! j'ai du reinstaller tout mon systeme, j'ai du effacer un fichier pilier.
voila.
sinon, scann ton disk.
++
surtout fais bien attention en supprimant ce troyan ds la base de registre, il es planque super bien.
tout ce qui touche au system32 pose un pb si tu veux eradiquer un virus.
je l'ai fait une fois... malheur a moi !!!! j'ai du reinstaller tout mon systeme, j'ai du effacer un fichier pilier.
voila.
sinon, scann ton disk.
++
