Salopperie de trojan
naruto
-
nico-81 Messages postés 1633 Statut Membre -
nico-81 Messages postés 1633 Statut Membre -
Bonjour,
J'ai un trojan dans mon ordi et j'ai besoin de votre aide pour m'en débarasser
Rapport de Kaspersky online scanner
C:\Documents and Settings\P4TR6\Local Settings\Temp\clb3E8.tmp Infected: Rootkit.Win32.Clbd.cv 1
C:\Documents and Settings\P4TR6\Local Settings\Temp\lowpower.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.x 2
C:\Documents and Settings\P4TR6\Local Settings\Temp\lowpower.exe Infected: not-a-virus:FraudTool.Win32.Agent.j 1
C:\Documents and Settings\P4TR6\Local Settings\Temp\lowpower.exe Infected: not-a-virus:FraudTool.Win32.Agent.i 1
C:\Documents and Settings\P4TR6\Local Settings\Temp\lowpower.exe Infected: Trojan.Win32.Agent.sby 1
C:\Documents and Settings\P4TR6\Local Settings\Temp\lowpower.exe Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.e 1
C:\Documents and Settings\P4TR6\Local Settings\Temp\lowpower.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.v 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\0M17EEVN\file[1].exe Infected: Rootkit.Win32.Clbd.cv 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\3AZBPJPK\favicon[1].ico Infected: Trojan.Win32.Monderb.gen 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\F89YHJMI\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.hjo 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\F89YHJMI\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.hij 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\F89YHJMI\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.hjp 3
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\F89YHJMI\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.hik 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\PTBZD5F8\4683[1].exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.x 2
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\PTBZD5F8\4683[1].exe Infected: not-a-virus:FraudTool.Win32.Agent.j 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\PTBZD5F8\4683[1].exe Infected: not-a-virus:FraudTool.Win32.Agent.i 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\PTBZD5F8\4683[1].exe Infected: Trojan.Win32.Agent.sby 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\PTBZD5F8\4683[1].exe Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.e 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\PTBZD5F8\4683[1].exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.v 1
C:\WINDOWS\system32\clbdll(2).dll Infected: Rootkit.Win32.Clbd.cu 1
C:\WINDOWS\system32\iifcBuSK.dll Infected: Trojan.Win32.Monderb.gen 1
Rapport de Hyjackthis
Logfile of HijackThis v1.99.1
Scan saved at 21:02:40, on 2008-06-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Souris-Clavier\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\P4TR6\LOCALS~1\Temp\Rar$EX00.859\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Souris-Clavier\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Souris-Clavier\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
J'attend les ordres.
et merci d'avances :)
J'ai un trojan dans mon ordi et j'ai besoin de votre aide pour m'en débarasser
Rapport de Kaspersky online scanner
C:\Documents and Settings\P4TR6\Local Settings\Temp\clb3E8.tmp Infected: Rootkit.Win32.Clbd.cv 1
C:\Documents and Settings\P4TR6\Local Settings\Temp\lowpower.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.x 2
C:\Documents and Settings\P4TR6\Local Settings\Temp\lowpower.exe Infected: not-a-virus:FraudTool.Win32.Agent.j 1
C:\Documents and Settings\P4TR6\Local Settings\Temp\lowpower.exe Infected: not-a-virus:FraudTool.Win32.Agent.i 1
C:\Documents and Settings\P4TR6\Local Settings\Temp\lowpower.exe Infected: Trojan.Win32.Agent.sby 1
C:\Documents and Settings\P4TR6\Local Settings\Temp\lowpower.exe Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.e 1
C:\Documents and Settings\P4TR6\Local Settings\Temp\lowpower.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.v 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\0M17EEVN\file[1].exe Infected: Rootkit.Win32.Clbd.cv 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\3AZBPJPK\favicon[1].ico Infected: Trojan.Win32.Monderb.gen 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\F89YHJMI\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.hjo 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\F89YHJMI\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.hij 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\F89YHJMI\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.hjp 3
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\F89YHJMI\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.hik 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\PTBZD5F8\4683[1].exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.x 2
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\PTBZD5F8\4683[1].exe Infected: not-a-virus:FraudTool.Win32.Agent.j 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\PTBZD5F8\4683[1].exe Infected: not-a-virus:FraudTool.Win32.Agent.i 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\PTBZD5F8\4683[1].exe Infected: Trojan.Win32.Agent.sby 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\PTBZD5F8\4683[1].exe Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.e 1
C:\Documents and Settings\P4TR6\Local Settings\Temporary Internet Files\Content.IE5\PTBZD5F8\4683[1].exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.v 1
C:\WINDOWS\system32\clbdll(2).dll Infected: Rootkit.Win32.Clbd.cu 1
C:\WINDOWS\system32\iifcBuSK.dll Infected: Trojan.Win32.Monderb.gen 1
Rapport de Hyjackthis
Logfile of HijackThis v1.99.1
Scan saved at 21:02:40, on 2008-06-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Souris-Clavier\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\P4TR6\LOCALS~1\Temp\Rar$EX00.859\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Souris-Clavier\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Souris-Clavier\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
J'attend les ordres.
et merci d'avances :)
A voir également:
- Salopperie de trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Virus trojan al11 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan win32 - Forum Virus
19 réponses
fais un scan en mode sans echec avec ceci mais fais la mise à jour avant :
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
poste le rapport.
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
poste le rapport.
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 910
Windows 5.1.2600 Service Pack 3
21:22:21 2008-06-30
mbam-log-6-30-2008 (21-22-17).txt
Type de recherche: Examen rapide
Eléments examinés: 56372
Temps écoulé: 10 minute(s), 39 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\iifcBuSK.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
Version de la base de données: 910
Windows 5.1.2600 Service Pack 3
21:22:21 2008-06-30
mbam-log-6-30-2008 (21-22-17).txt
Type de recherche: Examen rapide
Eléments examinés: 56372
Temps écoulé: 10 minute(s), 39 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\iifcBuSK.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 910
Windows 5.1.2600 Service Pack 3
22:08:16 2008-06-30
mbam-log-6-30-2008 (22-08-09) 5
Type de recherche: Examen complet (C:\|)
Eléments examinés: 82620
Temps écoulé: 26 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 16
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018420.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018421.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018424.cpl (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018425.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018426.cpl (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018428.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018429.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018430.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018431.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018434.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018435.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018436.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018437.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018438.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018439.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP111\A0020019.dll (Trojan.Vundo) -> No action taken.
Moi aussi je vais faire un tit dodo!
Version de la base de données: 910
Windows 5.1.2600 Service Pack 3
22:08:16 2008-06-30
mbam-log-6-30-2008 (22-08-09) 5
Type de recherche: Examen complet (C:\|)
Eléments examinés: 82620
Temps écoulé: 26 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 16
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018420.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018421.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018424.cpl (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018425.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018426.cpl (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018428.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018429.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018430.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018431.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018434.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018435.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018436.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018437.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018438.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018439.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP111\A0020019.dll (Trojan.Vundo) -> No action taken.
Moi aussi je vais faire un tit dodo!
toujours pas au lit en fait xD
alors ben tu refais le scan et tu supprime à la fin les menaces troouvées ^^
alors ben tu refais le scan et tu supprime à la fin les menaces troouvées ^^
ok...mais j'attendrais pas encore 25 minutes pour poster le rapport alors je vais faire le scan et envoyer le rapport demain a mon reveille
Voila le rapport apres avoir supprimer les fichiers infecté. En mode sans echec bien sur
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 910
Windows 5.1.2600 Service Pack 3
10:52:46 2008-07-01
mbam-log-7-1-2008 (10-52-46).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 82610
Temps écoulé: 27 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 16
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018420.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018421.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018424.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018425.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018426.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018428.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018429.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018430.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018431.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018434.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018435.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018436.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018438.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018439.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP111\A0020019.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 910
Windows 5.1.2600 Service Pack 3
10:52:46 2008-07-01
mbam-log-7-1-2008 (10-52-46).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 82610
Temps écoulé: 27 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 16
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018420.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018421.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018424.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018425.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018426.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018428.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018429.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018430.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018431.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018434.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018435.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018436.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018438.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP102\A0018439.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC538B5-7C09-472B-AA3A-8CCB2217B856}\RP111\A0020019.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Bon, j'ai fait un nouveau scan avec Hyjackthis et voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:15, on 2008-07-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Souris-Clavier\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\P4TR6\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Souris-Clavier\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Souris-Clavier\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:15, on 2008-07-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Souris-Clavier\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\P4TR6\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Souris-Clavier\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Souris-Clavier\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
