Tom's Guide > Forum > Sécurité - Virus > Win32: Ordinateur infecté

Win32: Ordinateur infecté

Forum Sécurité - Virus : Win32: Ordinateur infecté

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
DonMoo   08-10-2008 à 13:59:00

Bonjour,
Voila, depuis hier, je reçois pleins d'alertes comme quoi mon PC est infecté par des spyware, adware et divers Trojan, de divers machin d'antivirus apparenté a windows me demandant de payer pour les enregistrer.
Evidemment, mon windows étant en français et ces messages en anglais, je n'ai pas payé, soupçonnant qu'ils fassent parti du virus dans le but d'avoir mon code de carte bleue.

J'ai lancé un Scan avec Avast! qui m'a dit que j'étais infecté par Win32:PureMorph [Cryp].

A noter que je n'ai plus acces a Internet Explorer (vive mozilla) ni au gestionnaire de tache (CTRL + ALT + SUPP), il me dit "Le gestionnaire te tache a été désactivé par votre administrateur".

Voila le rapport HijackThis:

Citation :

Logfile of HijackThis v1.99.1
Scan saved at 13:57:38, on 08/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\All Users\Application Data\vczwryji\bshyliva.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\brastk.exe
C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\zwdqnspo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\wzf827\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O1 - Hosts: HP2B8254 HP0018FE2B8254
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [XP Antispyware 2009] "C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe" /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_3_1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe




A noter que je suis vraiment tres tres mauvais avec tout ce qui touche de pres ou de loin a la technologie (je ne sais même pas ce que je viens de faire a l'instant :))

Je vous remercie d'avance de votre aide,
DonMoo.

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Angeldark   08-10-2008 à 14:36:55
- 0 +

Bonjour,

Tu as l'emplacement de l'infection ?

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
DonMoo   08-10-2008 à 20:31:39
- 0 +

Il semblerait que ça ait marché, milles mercis.
Voila quand même le rapport de Malware, des fois que le virus soit caché dans les entrailles de mon PC:

Citation :

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1244
Windows 5.1.2600 Service Pack 2

08/10/2008 20:20:52
mbam-log-2008-10-08 (20-20-48).txt

Type de recherche: Examen rapide
Eléments examinés: 62466
Temps écoulé: 11 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 35
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 83

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xp_antispyware (Rogue.XPAntiSpyware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\XP_Antispyware (Rogue.XPAntiSpyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp antispyware 2009 (Rogue.XPAntiSpyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\WINDOWS\mslagent (Adware.EGDAccess) -> No action taken.
C:\Program Files\akl (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\XP_AntiSpyware (Rogue.XPAntiSpyware) -> No action taken.
C:\Program Files\XP_AntiSpyware\data (Rogue.XPAntiSpyware) -> No action taken.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT (Rogue.XPAntiSpyware) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\XP_AntiSpyware\comp.dat (Rogue.XPAntiSpyware) -> No action taken.
C:\Program Files\XP_AntiSpyware\htmlayout.dll (Rogue.XPAntiSpyware) -> No action taken.
C:\Program Files\XP_AntiSpyware\pthreadVC2.dll (Rogue.XPAntiSpyware) -> No action taken.
C:\Program Files\XP_AntiSpyware\Uninstall.exe (Rogue.XPAntiSpyware) -> No action taken.
C:\Program Files\XP_AntiSpyware\wscui.cpl (Rogue.XPAntiSpyware) -> No action taken.
C:\Program Files\XP_AntiSpyware\XP_Antispyware.cfg (Rogue.XPAntiSpyware) -> No action taken.
C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe (Rogue.XPAntiSpyware) -> No action taken.
C:\Program Files\XP_AntiSpyware\data\daily.cvd (Rogue.XPAntiSpyware) -> No action taken.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.XPAntiSpyware) -> No action taken.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcm80.dll (Rogue.XPAntiSpyware) -> No action taken.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcp80.dll (Rogue.XPAntiSpyware) -> No action taken.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcr80.dll (Rogue.XPAntiSpyware) -> No action taken.
C:\WINDOWS\hosts (Trojan.Agent) -> No action taken.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\bdn.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Bureau\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> No action taken.
C:\Documents and Settings\HP_Administrateur\delself.bat (Malware.Trace) -> No action taken.


La prochaine fois, je lancerai Malware avant de vous demander :)

Merci encore,
Don Moo.

Répondre à DonMoo
Angeldark   08-10-2008 à 20:51:46
- 0 +

Tu as bien supprimé les infections détectées par MBAM ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
DonMoo   08-10-2008 à 23:52:23
- 0 +

J'ai cliqué sur le bouton supprimer ouai. J'ai même du redémarrer pour finir de supprimer les fichiers.

Répondre à DonMoo
Angeldark   09-10-2008 à 17:02:49
- 0 +

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
DonMoo   09-10-2008 à 17:24:33
- 0 +

Tenez:

Citation :

Logfile of HijackThis v1.99.1
Scan saved at 17:24:13, on 09/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\wzcb2d\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O1 - Hosts: HP2B8254 HP0018FE2B8254
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_3_1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe


Répondre à DonMoo
Angeldark   09-10-2008 à 17:58:00
- 0 +

Re,

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
DonMoo   20-10-2008 à 19:04:07
- 0 +

Désolé je n'étais pas chez moi.
j'ai fait ce que tu as demandé, et effectivement, il restait une 40aines d'infections.
Voila le rapport:

Citation :

 

Avira AntiVir Personal
Report file date: lundi 20 octobre 2008 08:20

 

Scanning for 1694128 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DONCORLEONE

 

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 19/10/2008 06:19:13
ANTIVIR3.VDF : 7.0.7.60 2048 Bytes 19/10/2008 06:19:13
Engineversion : 8.2.0.5
AEVDF.DLL : 8.1.0.6 102772 Bytes 20/10/2008 06:19:37
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 20/10/2008 06:19:36
AESCN.DLL : 8.1.1.3 123252 Bytes 20/10/2008 06:19:34
AERDL.DLL : 8.1.1.2 438644 Bytes 20/10/2008 06:19:33
AEPACK.DLL : 8.1.2.4 369014 Bytes 20/10/2008 06:19:31
AEOFFICE.DLL : 8.1.0.28 196987 Bytes 20/10/2008 06:19:28
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 20/10/2008 06:19:27
AEHELP.DLL : 8.1.1.2 115062 Bytes 20/10/2008 06:19:21
AEGEN.DLL : 8.1.0.41 319861 Bytes 20/10/2008 06:19:20
AEEMU.DLL : 8.1.0.9 393588 Bytes 20/10/2008 06:19:17
AECORE.DLL : 8.1.2.6 172406 Bytes 20/10/2008 06:19:15
AEBB.DLL : 8.1.0.3 53618 Bytes 20/10/2008 06:19:14
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 20/10/2008 06:19:14
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

 

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

 

Start of the scan: lundi 20 octobre 2008 08:20

 

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'HPZinw12.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'hpqnrs08.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'CEC_MAIN.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'traybar.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'arpwrmsg.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'arservice.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
61 processes with 61 modules were scanned

 

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

 

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

 

Starting to scan the registry.
The registry was scanned ( '79' files ).

 


Starting the file scan:

 

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03694415.dat
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03694415.dat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03E92989.dat
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03E92989.dat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B611DE7.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B611DE7.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4932245c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D6B64AC.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D6B64AC.exe
[DETECTION] Is the TR/Dldr.Amisa.1 Trojan
[NOTE] The file was moved to '49322463.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F6B2880.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F6B2880.exe
[DETECTION] Is the TR/Spy.Banbra.df.199 Trojan
[NOTE] The file was moved to '49322466.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7189622B.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7189622B.dll
[DETECTION] Is the TR/Dldr.Small.ctp Trojan
[NOTE] The file was moved to '49342451.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{038AC8B9-C67B-431B-ACF6-19690A2A1D86}\00000009.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{038AC8B9-C67B-431B-ACF6-19690A2A1D86}\00000009.URM
[DETECTION] Is the TR/Dldr.VB.ach.1 Trojan
[NOTE] The file was moved to '492c2450.qua'!
C:\Documents and Settings\All Users\Documents\transfert\Alcohol_120_v1[1].9.5.3823_Retail\Activator\alcohol_activator.exe
[DETECTION] Is the TR/Hupigon.SNO Trojan
[NOTE] The file was moved to '495f24d4.qua'!
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\Binaries1.cab2
[0] Archive type: CAB (Microsoft)
--> XP_AntiSpyware.exe
[DETECTION] Is the TR/FakeAV.baj.2 Trojan
[DETECTION] Is the TR/FakeAV.baj.2 Trojan
[NOTE] The file was moved to '496a25d7.qua'!
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\Binaries2.cab3
[0] Archive type: CAB (Microsoft)
--> AVEngn.dll
[DETECTION] Contains recognition pattern of the PHISH/Fraud.XPSecurityCenter.AS phishing file/email
--> wscui.cpl
[DETECTION] Is the TR/FakeAV.bak.2 Trojan
[NOTE] The file was moved to '48e1ae80.qua'!
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\AFI3IDYR\Binaries2[1].cab
[0] Archive type: CAB (Microsoft)
--> AVEngn.dll
[DETECTION] Contains recognition pattern of the PHISH/Fraud.XPSecurityCenter.AS phishing file/email
--> wscui.cpl
[DETECTION] Is the TR/FakeAV.bak.2 Trojan
[NOTE] The file was moved to '496a261b.qua'!
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TP3BGTTL\Binaries1[1].cab
[0] Archive type: CAB (Microsoft)

 

--> XP_AntiSpyware.exe
[DETECTION] Is the TR/FakeAV.baj.2 Trojan
[DETECTION] Is the TR/FakeAV.baj.2 Trojan
[NOTE] The file was moved to '496a269e.qua'!
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\WDSLUV0P\pipo[1]
[DETECTION] Is the TR/Obfuscated.GX.2340 Trojan
[NOTE] The file was moved to '496c26da.qua'!
C:\Documents and Settings\HP_Administrateur\Mes documents\LimeWire\Incomplete\Preview-T-5745425-my name is earl 3x18.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49612753.qua'!
C:\Program Files\iPod Access for Windows\iPod Access.exe
[DETECTION] Is the TR/Drop.Agent.vwc Trojan
[NOTE] The file was moved to '496b2fcf.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP867\A0194911.exe
[DETECTION] Is the TR/Dldr.FraudL.vahh Trojan
[NOTE] TR/Dldr.FraudL.vahh:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN]:<Default_Search_URL>=sz:google.com/ie>=SZ:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[NOTE] TR/Dldr.FraudL.vahh:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN]:<Search Page>=sz:google.com>=SZ:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[NOTE] The file was moved to '492d399f.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP867\A0194947.exe
[DETECTION] Is the TR/Obfuscated.GX.2340 Trojan
[NOTE] The file was moved to '492d39a0.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP867\A0194953.dll
[DETECTION] Is the TR/Obfuscated.GX.2391 Trojan
[NOTE] The file was moved to '48a7ba19.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP867\A0194954.dll
[DETECTION] Contains recognition pattern of the PHISH/Fraud.XPSecurityCenter.AS phishing file/email
[NOTE] The file was moved to '492d39a2.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP867\A0194955.exe
[DETECTION] Is the TR/Dldr.FraudL.vahh Trojan
[NOTE] The file was moved to '48a7ba1b.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP867\A0194956.exe
[DETECTION] Is the TR/Obfuscated.GX.2344 Trojan
[NOTE] The file was moved to '492d39a4.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP867\A0195967.cpl
[DETECTION] Is the TR/FakeAV.bak.2 Trojan
[NOTE] The file was moved to '492d39a1.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP867\A0195969.exe
[DETECTION] Is the TR/FakeAV.baj.2 Trojan
[NOTE] The file was moved to '48a7ba1a.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP867\A0196022.exe
[DETECTION] Is the TR/Dldr.FraudL.vahh Trojan
[NOTE] The file was moved to '48a7ba1d.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP867\A0196023.cpl
[DETECTION] Is the TR/FakeAV.bak.2 Trojan
[NOTE] The file was moved to '492d39a6.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP877\A0206322.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP877\A0206322.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '492e3b93.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP877\A0206323.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP877\A0206323.exe
[DETECTION] Is the TR/Dldr.Amisa.1 Trojan
[NOTE] The file was moved to '48a4b82c.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP877\A0206324.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP877\A0206324.exe
[DETECTION] Is the TR/Spy.Banbra.df.199 Trojan
[NOTE] The file was moved to '492e3b95.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP877\A0206325.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP877\A0206325.dll
[DETECTION] Is the TR/Dldr.Small.ctp Trojan
[NOTE] The file was moved to '48a4b82e.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP877\A0206326.exe
[DETECTION] Is the TR/Drop.Agent.vwc Trojan
[NOTE] The file was moved to '492e3b94.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd7917.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\vaxscsi.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>

 


End of the scan: lundi 20 octobre 2008 10:32
Used time: 2:12:29 Hour(s)

 

The scan has been done completely.

 

11488 Scanning directories
641184 Files were scanned
34 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
28 files were moved to quarantine
0 files were renamed
5 Files cannot be scanned
641145 Files not concerned
18120 Archives were scanned
9 Warnings
30 Notes

 


 

Merci d'avance.

 

Edit: Etrangement, mon dossier de quarantaine est vide. Bug, Virus ou banalité?


Message édité par DonMoo le 20-10-2008 à 19:06:08
Répondre à DonMoo
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Win32: Ordinateur infecté
Aller à :

Il y a 2250 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,440 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens