Virus Cle crypto API
Thalie91
-
Thalie91 -
Thalie91 -
Bonjour,
J'ai un problème avec un virus transmis par mail UPS et qui génère une fenetre qui me dema&nde la clé crypto.
J'ai cru comprendre à travers le forum que le virus est répandu.
J'ai essayé plusieurs anti-virus, dont AVG 7.5 et avast qui n'ont rien detecté. les messages persistent à chaque ouverture de fichiers.
J'ai scanné le disque à l'aide de hijackthis et je joints le log ci-dessous:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:15, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
J'ai un problème avec un virus transmis par mail UPS et qui génère une fenetre qui me dema&nde la clé crypto.
J'ai cru comprendre à travers le forum que le virus est répandu.
J'ai essayé plusieurs anti-virus, dont AVG 7.5 et avast qui n'ont rien detecté. les messages persistent à chaque ouverture de fichiers.
J'ai scanné le disque à l'aide de hijackthis et je joints le log ci-dessous:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:15, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
A voir également:
- Virus Cle crypto API
- Clé usb non détectée - Guide
- Clé windows 8 - Guide
- Clé usb - Accueil - Stockage
- Formater clé usb - Guide
- Virus mcafee - Accueil - Piratage
5 réponses
Salut,
telecharge RSIT:
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
telecharge RSIT:
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Télécharges SDFix sur ton bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
--->Double-cliques sur SDFix.exe et choisis "Install" .
( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )
Puis une fois l'installe faite, redémarre en mode sans échec .
Comment aller en Mode sans échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
--->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presse une touche pour redémarrer quand il te le sera demandé .
Le PC va mettre du temps avant de démarrer ( c'est normal), après le chargement du Bureau presse une touche lorsque "Finished" s'affiche .
Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Poste ce dernier dans ta prochaine réponse.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
--->Double-cliques sur SDFix.exe et choisis "Install" .
( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )
Puis une fois l'installe faite, redémarre en mode sans échec .
Comment aller en Mode sans échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
--->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presse une touche pour redémarrer quand il te le sera demandé .
Le PC va mettre du temps avant de démarrer ( c'est normal), après le chargement du Bureau presse une touche lorsque "Finished" s'affiche .
Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Poste ce dernier dans ta prochaine réponse.
Bonsoir,
J'ai suivi votre procédure et je vous joints le rapport:
[b]SDFix: Version 1.240 [/b]
Run by Administrateur on 11/11/2008 at 21:46
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds - Deleted
C:\Documents and Settings\NetworkService\Application Data\twain_32\user.ds - Deleted
C:\WINDOWS\autorun.inf - Deleted
C:\WINDOWS\system32\twain_32\local.ds - Deleted
C:\WINDOWS\system32\twain_32\user.ds - Deleted
C:\WINDOWS\system32\twext.exe - Deleted
Folder C:\Documents and Settings\LocalService\Application Data\twain_32 - Removed
Folder C:\Documents and Settings\NetworkService\Application Data\twain_32 - Removed
Folder C:\WINDOWS\system32\twain_32 - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 22:16:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 30 Aug 2002 49,680 A..H. --- "C:\WINDOWS\twunk_16.exe"
Fri 30 Aug 2002 25,600 A..H. --- "C:\WINDOWS\twunk_32.exe"
Mon 23 Jun 1997 123,664 A.SH. --- "C:\WINDOWS\system32\Msjint35.dll"
Wed 5 Sep 2001 225,280 A..H. --- "C:\Program Files\Fichiers communs\InstallShield\IScript\iscript.dll"
Wed 5 Sep 2001 77,824 A..H. --- "C:\Program Files\Fichiers communs\InstallShield\engine\6\Intel 32\ctor.dll"
Wed 5 Sep 2001 176,128 A..H. --- "C:\Program Files\Fichiers communs\InstallShield\engine\6\Intel 32\iuser.dll"
Wed 5 Sep 2001 32,768 A..H. --- "C:\Program Files\Fichiers communs\InstallShield\engine\6\Intel 32\objectps.dll"
[b]Finished![/b]
J'ai l'impression qu'il a detecté et supprimé le virus.
Si c'est le cas, merci infiniment de votre aide, vous m'avez évité de gros ennuis.
Avec mes remerciements,
Thalie91
J'ai suivi votre procédure et je vous joints le rapport:
[b]SDFix: Version 1.240 [/b]
Run by Administrateur on 11/11/2008 at 21:46
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds - Deleted
C:\Documents and Settings\NetworkService\Application Data\twain_32\user.ds - Deleted
C:\WINDOWS\autorun.inf - Deleted
C:\WINDOWS\system32\twain_32\local.ds - Deleted
C:\WINDOWS\system32\twain_32\user.ds - Deleted
C:\WINDOWS\system32\twext.exe - Deleted
Folder C:\Documents and Settings\LocalService\Application Data\twain_32 - Removed
Folder C:\Documents and Settings\NetworkService\Application Data\twain_32 - Removed
Folder C:\WINDOWS\system32\twain_32 - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 22:16:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 30 Aug 2002 49,680 A..H. --- "C:\WINDOWS\twunk_16.exe"
Fri 30 Aug 2002 25,600 A..H. --- "C:\WINDOWS\twunk_32.exe"
Mon 23 Jun 1997 123,664 A.SH. --- "C:\WINDOWS\system32\Msjint35.dll"
Wed 5 Sep 2001 225,280 A..H. --- "C:\Program Files\Fichiers communs\InstallShield\IScript\iscript.dll"
Wed 5 Sep 2001 77,824 A..H. --- "C:\Program Files\Fichiers communs\InstallShield\engine\6\Intel 32\ctor.dll"
Wed 5 Sep 2001 176,128 A..H. --- "C:\Program Files\Fichiers communs\InstallShield\engine\6\Intel 32\iuser.dll"
Wed 5 Sep 2001 32,768 A..H. --- "C:\Program Files\Fichiers communs\InstallShield\engine\6\Intel 32\objectps.dll"
[b]Finished![/b]
J'ai l'impression qu'il a detecté et supprimé le virus.
Si c'est le cas, merci infiniment de votre aide, vous m'avez évité de gros ennuis.
Avec mes remerciements,
Thalie91
Telecharge malwarebytes
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir,
J'ai fait le ménage avec Malware et supprimé les fichiers infectés.
Ci-Joint le rapport Log.
On touche à la fin ?
Merci
Thalie91
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1390
Windows 5.1.2600 Service Pack 2
12/11/2008 22:47:41
mbam-log-2008-11-12 (22-47-41).txt
Type de recherche: Examen complet (C:\|G:\|)
Eléments examinés: 133560
Temps écoulé: 33 minute(s), 32 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 64
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\common (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\common\drivers\com_os\hpoism01.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpop1610.rgn (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpop6210.rgn (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpopeb10.rgn (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpqip09.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpqish09.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzcfg10.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzcon10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzeng10.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzflt10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzimc10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzime10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzims10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzjui10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzpcl10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzpre10.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzres10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzslk10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzstc10.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzstw10.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpztbi10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpztbu10.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpztbx10.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzvip10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj62-74phgftb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj62-74phgftp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj62-74ppptb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj62-74ppptp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj62-74pptb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj62-74pptp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj72-74phgftg.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj72-74ppptg.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj72-74pptg.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppc16-23phgftb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppc16-23phgftp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppc16-23ppptb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppc16-23ppptp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppc16-23pptb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppc16-23pptp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27phgftb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27phgftg.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27phgftp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27ppptb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27ppptg.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27ppptp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27pptb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27pptg.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27pptp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpz2ku10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpzcoi10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpzlnt10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpzpm310.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpzsnt10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\HPZ9XD10.dr_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzfac10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzglu10.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzl9x10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzpm110.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzs9x10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzscr10.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzsta9x.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzstsin.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\usbmon.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\usbprint.sys (Trojan.Agent) -> Quarantined and deleted successfully.
J'ai fait le ménage avec Malware et supprimé les fichiers infectés.
Ci-Joint le rapport Log.
On touche à la fin ?
Merci
Thalie91
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1390
Windows 5.1.2600 Service Pack 2
12/11/2008 22:47:41
mbam-log-2008-11-12 (22-47-41).txt
Type de recherche: Examen complet (C:\|G:\|)
Eléments examinés: 133560
Temps écoulé: 33 minute(s), 32 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 64
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\common (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\common\drivers\com_os\hpoism01.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpop1610.rgn (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpop6210.rgn (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpopeb10.rgn (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpqip09.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpqish09.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzcfg10.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzcon10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzeng10.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzflt10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzimc10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzime10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzims10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzjui10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzpcl10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzpre10.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzres10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzslk10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzstc10.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzstw10.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpztbi10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpztbu10.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpztbx10.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\com_os\hpzvip10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj62-74phgftb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj62-74phgftp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj62-74ppptb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj62-74ppptp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj62-74pptb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj62-74pptp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj72-74phgftg.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj72-74ppptg.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpoj72-74pptg.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppc16-23phgftb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppc16-23phgftp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppc16-23ppptb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppc16-23ppptp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppc16-23pptb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppc16-23pptp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27phgftb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27phgftg.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27phgftp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27ppptb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27ppptg.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27ppptp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27pptb.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27pptg.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hppm26-27pptp.icc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpz2ku10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpzcoi10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpzlnt10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpzpm310.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win2k_xp\hpzsnt10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\HPZ9XD10.dr_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzfac10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzglu10.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzl9x10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzpm110.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzs9x10.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzscr10.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzsta9x.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\hpzstsin.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\usbmon.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\common\drivers\win9x_me\usbprint.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Tout d'abord merci de votre aide.
Ci-dessous le fichier Log.txt et Info .txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-11-11 11:23:49
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 23 GB (66%) free of 35 GB
Total RAM: 2047 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:00, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\TEMP\AdskCleanup.0001
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\IMJR9GQT\RSIT[1].exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe