Trojan horse BackDoor.Generic9.SYCRésolu/Fermé

Question

Bonjour,
   Fidèle a comment ça marche, je m'inscris aujourd'hui pour un souci de trojans persistants.
Voilà mon problème, hier soir 46 trojans détectés dans le dossier temp par AVG free edition. j'ai lancé ccleaner, options internet/ supprimer les dossiers temporaires, j'ai refais un scan avec avg et apparemment tranquille. 
Ce matin, 48 trojans détectés par avg free edition. je relance ccleaner, je re supprime les dossiers temporaires sur options internet, je suis le chemin indiqué dans avg et supprime tous les dossiers concernés, sauf un que je ne peux . je ne sais plus quoi faire , car apparement ils reviennent sans cesse. 
 voici les dossiers placés en quarantaine:

"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\13exhmrgas1.exe","13/02/2008 11:42:23","13exhmrgas1.exe","215 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\14exhmrgas2.exe","13/02/2008 11:42:26","14exhmrgas2.exe","215.5 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\16exhmrgas1.exe","13/02/2008 11:42:29","16exhmrgas1.exe","215 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\1exhmrgas1.exe","13/02/2008 11:42:32","1exhmrgas1.exe","215 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\20exhmrgas1.exe","13/02/2008 11:42:35","20exhmrgas1.exe","215 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\21exhmrgas1.exe","13/02/2008 11:42:37","21exhmrgas1.exe","215 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\22exhmrgas2.exe","13/02/2008 11:42:40","22exhmrgas2.exe","215.5 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\23exhmrgas1.exe","13/02/2008 11:42:42","23exhmrgas1.exe","215 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\23exhmrgas2.exe","13/02/2008 11:42:45","23exhmrgas2.exe","215.5 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\24exhmrgas2.exe","13/02/2008 11:42:47","24exhmrgas2.exe","215.5 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\26exhmrgas1.exe","13/02/2008 11:42:49","26exhmrgas1.exe","215 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\31exhmrgas2.exe","13/02/2008 11:42:52","31exhmrgas2.exe","215.5 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\33exhmrgas2.exe","13/02/2008 11:42:54","33exhmrgas2.exe","215.5 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\34exhmrgas1.exe","13/02/2008 11:42:56","34exhmrgas1.exe","215 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\35exhmrgas1.exe","13/02/2008 11:42:58","35exhmrgas1.exe","215 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\3exhmrgas1.exe","13/02/2008 11:43:00","3exhmrgas1.exe","215 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\40exhmrgas1.exe","13/02/2008 11:43:03","40exhmrgas1.exe","215 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\43exhmrgas1.exe","13/02/2008 11:43:05","43exhmrgas1.exe","215 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\55exhmrgas1.exe","13/02/2008 11:43:07","55exhmrgas1.exe","215 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\58exhmrgas2.exe","13/02/2008 11:43:10","58exhmrgas2.exe","215.5 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\59exhmrgas2.exe","13/02/2008 11:43:12","59exhmrgas2.exe","215.5 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\61exhmrgas1.exe","13/02/2008 11:43:14","61exhmrgas1.exe","215 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\63exhmrgas2.exe","13/02/2008 11:43:16","63exhmrgas2.exe","215.5 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\65exhmrgas2.exe","13/02/2008 11:43:18","65exhmrgas2.exe","215.5 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\66exhmrgas1.exe","13/02/2008 11:43:21","66exhmrgas1.exe","215 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\71exhmrgas1.exe","13/02/2008 11:43:23","71exhmrgas1.exe","215 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\71exhmrgas2.exe","13/02/2008 11:43:25","71exhmrgas2.exe","215.5 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\72exhmrgas1.exe","13/02/2008 11:43:27","72exhmrgas1.exe","215 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\72exhmrgas2.exe","13/02/2008 11:43:29","72exhmrgas2.exe","215.5 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\73exhmrgas1.exe","13/02/2008 11:43:31","73exhmrgas1.exe","215 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\78exhmrgas1.exe","13/02/2008 11:43:33","78exhmrgas1.exe","215 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\78exhmrgas2.exe","13/02/2008 11:43:34","78exhmrgas2.exe","215.5 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\7exhmrgas2.exe","13/02/2008 11:43:36","7exhmrgas2.exe","215.5 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\81exhmrgas1.exe","13/02/2008 11:43:38","81exhmrgas1.exe","215 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\83exhmrgas1.exe","13/02/2008 11:43:40","83exhmrgas1.exe","215 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\83exhmrgas2.exe","13/02/2008 11:43:42","83exhmrgas2.exe","215.5 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\84exhmrgas2.exe","13/02/2008 11:43:45","84exhmrgas2.exe","215.5 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\88exhmrgas1.exe","13/02/2008 11:43:47","88exhmrgas1.exe","215 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\8exhmrgas2.exe","13/02/2008 11:43:49","8exhmrgas2.exe","215.5 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\92exhmrgas2.exe","13/02/2008 11:43:51","92exhmrgas2.exe","215.5 KB"
"","","Trojan horse BackDoor.Generic9.SYC","C:\Documents and Settings\sophie\Local Settings\Temp\93exhmrgas1.exe","13/02/2008 11:43:53","93exhmrgas1.exe","215 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\94exhmrgas2.exe","13/02/2008 11:43:56","94exhmrgas2.exe","215.5 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\99exhmrgas2.exe","13/02/2008 11:43:58","99exhmrgas2.exe","215.5 KB"
"","","Trojan horse Generic9.BAUS","C:\DOCUME~1\sophie\LOCALS~1\Temp\34exhmrgas2.exe","13/02/2008 11:54:59","34exhmrgas2.exe","215.5 KB"
"","","Trojan horse Generic9.BAUS","C:\DOCUME~1\sophie\LOCALS~1\Temp\58exhmrgas2.exe","13/02/2008 12:39:59","58exhmrgas2.exe","215.5 KB"
"","","Trojan horse Generic9.BAUS","C:\DOCUME~1\sophie\LOCALS~1\Temp\27exhmrgas2.exe","13/02/2008 12:40:02","27exhmrgas2.exe","215.5 KB"
"","","Trojan horse Generic9.BAUS","C:\Documents and Settings\sophie\Local Settings\Temp\90exhmrgas2.exe","13/02/2008 13:41:55","90exhmrgas2.exe","215.5 KB"
"","","Trojan horse Generic9.BAUS","C:\DOCUME~1\sophie\LOCALS~1\Temp\63exhmrgas2.exe","13/02/2008 14:10:03","63exhmrgas2.exe","215.5 KB"


merci de votre aide.

Utilisateur anonyme · Answer

Salut,
1./
Télécharger CCleaner (installe pas la barre de Yahoo ) :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

lance le, dans nettoyeur clique sur lancer le nettoyage puis dans Registre fait chercher et répare les erreurs autant de fois qu'il y en n'a.

2/
On enlève le plus gros : 

fait un scan en ligne (coche toutes les cases à chaque fois) :
https://www.eset.com/

3/
Ensuite une fois fini fait un rapport hijackthis :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

tu le télécharges, tu le lances et tu cliquera sur le premier bouton en haut "Do a system scan and save a logfile"
tu colleras le fichier texte ici ;).

keaska · Answer

merci Dorgane pour ta réponse rapide.

J'avais dejà ccleaner , j'ai relancé un nettoyage et réparé les erreurs.

J'ai fais le scan en ligne qui a trouvé 6 dossiers infectés (j'ai essayé de copier le rapport ça m'a changé la page j'espère que ça ne faussera pas le rapport)

et j'ai telechargé hijackthis et voici le rapport:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:28, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\$NtUninstallKB896428$\IEXPLORE.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\DOCUME~1\sophie\LOCALS~1\Temp\32exgmrgml18.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80CB5ED4-567F-4B95-97B9-B7C3484C4782} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C9E2798F-AD8B-41B4-9379-EB8D14E33604} - C:\WINDOWS\system32emotfpg.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8E9715B-2D44-4955-BF64-EC88EE001B3D}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Utilisateur anonyme · Answer

Non, si tu avais coché toutes les cases il les aura supprimé.

fix checked :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80CB5ED4-567F-4B95-97B9-B7C3484C4782} - (no file)
O2 - BHO: (no name) - {C9E2798F-AD8B-41B4-9379-EB8D14E33604} - C:\WINDOWS\system32\remotfpg.dll (file missing)
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)


---------------------

Télécharge 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
sur ton Bureau et lance le.

Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée.

Copie et colle les ligne ci-dessous dans l'encadré bleue de OTMoveIt nommé Paste Standard List of Files/Folders to move.

C:\WINDOWS\system\smvss.exe

Clique sur MoveIt! pour lancer la suppression.
Si OTMoveIt propose de redémarrer ton PC, accepte !
Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.

Dans ta future réponse, envoie le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.

keaska · Answer

C:\WINDOWS\system\smvss.exe moved successfully.
 
OTMoveIt2 v1.0.19 log created on 02132008_173240

voici ce que j'ai copier sur C:\_OTMoveIt\MovedFiles

avg m'a detectés 2 autres virus .dans c/local setting/temp  j'ai pu constaté que des nouveaux dossiers représentant 3 petits carrés de couleur avec les lettres M F C . autremement dit, les memes que j'avais supprimés la première fois a part un que je n'arrivais pas. cela en fait 4 rien qu'ici.

keaska · Answer

désolée je viens de m'apercevoir que j'avais posté en anonyme. ci dessus le rapport OTmoveIT.

keaska · Answer

Que dois je faire ensuite SVP ???? AVG m'en signale encore ils reviennent ou se multiplient dans C/ document and setting/ local settig/ temp !!! Je les supprime mais il en reste toujours un que je ne peux pas supprimer.

keaska · Answer

je viens de faire une restauration système au 6 fevrier pensant que les virus n'y seraient plus.... erreur de ma part ! 
du coup, j'ai refait les recommandations ci dessus
j'ai nettoyé avec ccleaner, réparé les erreurs
puis j'ai refais un scan en ligne avec eset-nod32 qui en a trouvé 3 et supprimés
et ensuite j'ai lancé hijackthis et voici le rapport: 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46:49, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\$NtUninstallKB893756$\IEXPLORE.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80CB5ED4-567F-4B95-97B9-B7C3484C4782} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C9E2798F-AD8B-41B4-9379-EB8D14E33604} - C:\WINDOWS\system32emotfpg.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8E9715B-2D44-4955-BF64-EC88EE001B3D}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Utilisateur anonyme · Answer

tu as le nom du virus stp, ca m'aiderai


1 /Désactive la restauration système ( https://www.informatruc.com )

2 /refix :
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w

et re-move le

3 /va dans :

C:\document and setting\local setting	emp (je sais plus trop orthographe)


tu créer un nouveau fichiers texte et tu copies :

del *.* /q


tu enregistre et ensuite tu le renomme
Nouveau document texte.txt => del.bat

(si tu n'as pas l'extension .txt fait ceci : outils-> option -> affichage et décoche Masquer les extensions dont le types est connus.)
puis lance del.bat


4 / Refait une analyse en ligne (coches bien toutes les cases) et colle le rapport

keaska · Answer

bonjour dorgane!

n'ayant pas de nouvelle, j'ai reposté et quelqu'un m'indique la marche a suivre. merci pour ton aide.

keaska · Answer

problème résolu sur le post "y a t'il un pro pour éradiquer 54 trojans?"

Trojan horse BackDoor.Generic9.SYC

10 réponses

Discussions similaires

Newsletters