Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Win32 trojan-gen {other}... la cata !!

Dernière réponse le 6 jan 2009 à 13:36:45 lutherjimmy, le 27 aoû 2007 à 17:57:59

Signaler ce message aux modérateurs

Bonjour,

Ma machine s'est traînée dans des endroits peu recommandables et elle s'est chopée "win32 trojan-gen {other}". A bout d'essais infructeux et étant novice en la matière, peut-être quelqu'un pourrait trouver une solution à la situation ?

Mille merci d'avance à ces personnes.

Lutherjimmy

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:48:36 27/08/2007

+ Résultat de l'analyse:

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138462.exe -> Not-A-Virus.NetTool.Win32.NukeNabber.21 : Aucune action entreprise.
:mozilla.26:C:\Documents and Settings\LasCom\Application Data\Mozilla\Firefox\Profiles\oas03gi2.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.73:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.100:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.99:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@adtech[2].txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.40:C:\Documents and Settings\LasCom\Application Data\Mozilla\Firefox\Profiles\oas03gi2.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.69:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.70:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.71:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.38:C:\Documents and Settings\LasCom\Application Data\Mozilla\Firefox\Profiles\oas03gi2.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@atdmt[1].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.33:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.94:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.35:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.24:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@as1.falkag[1].txt -> TrackingCookie.Falkag : Aucune action entreprise.
:mozilla.86:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.88:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.89:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.91:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.92:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.93:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@auto.search.msn[1].txt -> TrackingCookie.Msn : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.18:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise.
:mozilla.26:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Skype : Aucune action entreprise.
:mozilla.28:C:\Documents and Settings\LasCom\Application Data\Mozilla\Firefox\Profiles\oas03gi2.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.38:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.39:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.58:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@m.webtrends[1].txt -> TrackingCookie.Webtrends : Aucune action entreprise.
:mozilla.23:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\Program Files\MépHisTo Script v1.0\protect\NukeNabber\Report.exe -> Trojan.Nuker.nukenabber.a : Aucune action entreprise.

Fin du rapport

BitDefender Online Scanner

Scan report generated at: Mon, Aug 27, 2007 - 17:33:41

Scan path: A:\;C:\;E:\;F:\;G:\;H:\;I:\;J:\;

Statistics

Time

01:37:56

Files

561726

Folders

9784

Boot Sectors

7

Archives

33474

Packed Files

28268

Results

Identified Viruses

7

Infected Files

59

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

54

Engines Info

Virus Definitions

750101

Engine build

AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Scan plugins

14

Archive plugins

38

Unpack plugins

6

E-mail plugins

6

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\$CTJTMP\CTJ.EXE

Infected with: Win32.Bacalid.A

C:\$CTJTMP\CTJ.EXE

Disinfection failed

C:\$CTJTMP\CTJ.EXE

Deleted

C:\$CTJTMP\VB40032.DLL

Infected with: Win32.Bacalid.A

C:\$CTJTMP\VB40032.DLL

Disinfection failed

C:\$CTJTMP\VB40032.DLL

Deleted

C:\Adobe\Streamline 4.0\plugin.dll

Infected with: Win32.Bacalid.A

C:\Adobe\Streamline 4.0\plugin.dll

Disinfection failed

C:\Adobe\Streamline 4.0\plugin.dll

Deleted

C:\Adobe\Streamline 4.0\SLRes.dll

Infected with: Win32.Bacalid.A

C:\Adobe\Streamline 4.0\SLRes.dll

Disinfection failed

C:\Adobe\Streamline 4.0\SLRes.dll

Deleted

C:\ATI-CPanel\atiicdxx.dll

Infected with: Win32.Bacalid.A

C:\ATI-CPanel\atiicdxx.dll

Disinfection failed

C:\ATI-CPanel\atiicdxx.dll

Deleted

C:\ATI-CPanel\atiphexx.exe

Infected with: Win32.Bacalid.A

C:\ATI-CPanel\atiphexx.exe

Disinfection failed

C:\ATI-CPanel\atiphexx.exe

Deleted

C:\ATI-CPanel\atippaxx.dll

Infected with: Win32.Bacalid.A

C:\ATI-CPanel\atippaxx.dll

Disinfection failed

C:\ATI-CPanel\atippaxx.dll

Deleted

C:\ATI-CPanel\atiprbxx.exe

Infected with: Win32.Bacalid.A

C:\ATI-CPanel\atiprbxx.exe

Disinfection failed

C:\ATI-CPanel\atiprbxx.exe

Deleted

C:\AUT0EXEC.BAT

Infected with: Trojan.FakeFolder.A

C:\AUT0EXEC.BAT

Disinfection failed

C:\AUT0EXEC.BAT

Deleted

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Dreamweaver MX\Configuration\Flash Player\FlashPlayerW.dll

Infected with: Win32.Bacalid.A

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Dreamweaver MX\Configuration\Flash Player\FlashPlayerW.dll

Disinfection failed

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Dreamweaver MX\Configuration\Flash Player\FlashPlayerW.dll

Deleted

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\authplay.dll

Infected with: Win32.Bacalid.A

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\authplay.dll

Disinfection failed

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\authplay.dll

Deleted

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\AIImport.dll

Infected with: Win32.Bacalid.A

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\AIImport.dll

Disinfection failed

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\AIImport.dll

Deleted

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\FhDbRdr.dll

Infected with: Win32.Bacalid.A

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\FhDbRdr.dll

Disinfection failed

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\FhDbRdr.dll

Deleted

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\Fireworks Importer.dll

Infected with: Win32.Bacalid.A

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\Fireworks Importer.dll

Disinfection failed

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\Fireworks Importer.dll

Deleted

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin.dll

Infected with: Win32.Bacalid.A

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin.dll

Disinfection failed

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin.dll

Deleted

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)=>reg_pass.zip

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)=>reg_pass.zip

Disinfection failed

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)=>reg_pass.zip

Deleted

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)

Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)

Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx

Update failed

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip=>t_535475.exe

Infected with: Generic.Mitglied.F050E13C

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip=>t_535475.exe

Disinfection failed

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip=>t_535475.exe

Deleted

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip

Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)

Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)

Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx

Update failed

C:\Documents and Settings\Frédéric\Mes documents\DEUST 205\UE112\mircfr.zip=>mircfr/mirc.exe

Infected with: Trojan.Mirchack.A

C:\Documents and Settings\Frédéric\Mes documents\DEUST 205\UE112\mircfr.zip=>mircfr/mirc.exe

Disinfection failed

C:\Documents and Settings\Frédéric\Mes documents\DEUST 205\UE112\mircfr.zip=>mircfr/mirc.exe

Deleted

C:\Documents and Settings\Frédéric\Mes documents\DEUST 205\UE112\mircfr.zip

Updated

C:\Program Files\eMule\Temp\008.part=>Need.For.Speed.Carbono.(PC-Spanish).By.Delirium.Group\Keygen\Keygen.exe

Infected with: Trojan.Horse.BAU

C:\Program Files\eMule\Temp\008.part=>Need.For.Speed.Carbono.(PC-Spanish).By.Delirium.Group\Keygen\Keygen.exe

Disinfection failed

C:\Program Files\eMule\Temp\008.part=>Need.For.Speed.Carbono.(PC-Spanish).By.Delirium.Group\Keygen\Keygen.exe

Deleted

C:\Program Files\eMule\Temp\008.part

Update failed

C:\Program Files\Mindjet\MindManager 6\MindManager.exe

Infected with: Win32.Bacalid.A

C:\Program Files\Mindjet\MindManager 6\MindManager.exe

Disinfection failed

C:\Program Files\Mindjet\MindManager 6\MindManager.exe

Deleted

C:\Program Files\Movie Maker\wmmres.dll

Infected with: Win32.Bacalid.A

C:\Program Files\Movie Maker\wmmres.dll

Disinfection failed

C:\Program Files\Movie Maker\wmmres.dll

Deleted

C:\Program Files\QuickTime\QuickTimePlayer.exe

Infected with: Win32.Bacalid.A

C:\Program Files\QuickTime\QuickTimePlayer.exe

Disinfection failed

C:\Program Files\QuickTime\QuickTimePlayer.exe

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138452.com

Infected with: Trojan.FakeFolder.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138452.com

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138452.com

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138453.com

Infected with: Trojan.FakeFolder.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138453.com

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138453.com

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138454.BAT

Infected with: Trojan.FakeFolder.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138454.BAT

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138454.BAT

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138455.reg

Infected with: Trojan.FakeFolder.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138455.reg

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138455.reg

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0138684.reg

Infected with: Trojan.FakeFolder.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0138684.reg

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0138684.reg

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139579.exe

Infected with: Trojan.Nuker.Nukenabber.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139579.exe

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139579.exe

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139580.EXE

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139580.EXE

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139580.EXE

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139581.DLL

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139581.DLL

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139581.DLL

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139582.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139582.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139582.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139583.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139583.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139583.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139584.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139584.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139584.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139585.exe

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139585.exe

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139585.exe

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139586.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139586.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139586.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139587.exe

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139587.exe

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139587.exe

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139588.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139588.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139588.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139589.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139589.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139589.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139590.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139590.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139590.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139591.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139591.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139591.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139592.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139592.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139592.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139593.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139593.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139593.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139594.exe

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139594.exe

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139594.exe

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139595.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139595.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139595.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139596.exe

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139596.exe

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139596.exe

Deleted

C:\WINDOWS\system32\dllcache\Regedit32.com

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllcache\Regedit32.com

Disinfection failed

C:\WINDOWS\system32\dllcache\Regedit32.com

Deleted

C:\WINDOWS\system32\dllcache\Shell32.com

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllcache\Shell32.com

Disinfection failed

C:\WINDOWS\system32\dllcache\Shell32.com

Deleted

C:\WINDOWS\system32\dllchache\4A7.tmp

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\4A7.tmp

Disinfection failed

C:\WINDOWS\system32\dllchache\4A7.tmp

Deleted

C:\WINDOWS\system32\dllchache\4A8.tmp

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\4A8.tmp

Disinfection failed

C:\WINDOWS\system32\dllchache\4A8.tmp

Deleted

C:\WINDOWS\system32\dllchache\4A9.tmp

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\4A9.tmp

Disinfection failed

C:\WINDOWS\system32\dllchache\4A9.tmp

Deleted

C:\WINDOWS\system32\dllchache\Blank.doc

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Blank.doc

Disinfection failed

C:\WINDOWS\system32\dllchache\Blank.doc

Delete failed

C:\WINDOWS\system32\dllchache\Empty.jpg

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Empty.jpg

Disinfection failed

C:\WINDOWS\system32\dllchache\Empty.jpg

Delete failed

C:\WINDOWS\system32\dllchache\Hole.zip

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Hole.zip

Disinfection failed

C:\WINDOWS\system32\dllchache\Hole.zip

Delete failed

C:\WINDOWS\system32\dllchache\Unoccupied.reg

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Unoccupied.reg

Disinfection failed

C:\WINDOWS\system32\dllchache\Unoccupied.reg

Deleted

C:\WINDOWS\system32\dllchache\Zero.txt

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Zero.txt

Disinfection failed

C:\WINDOWS\system32\dllchache\Zero.txt

Delete failed

C:\WINDOWS\system32\dllchache.exe

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache.exe

Disinfection failed

C:\WINDOWS\system32\dllchache.exe

Deleted

C:\WINDOWS\system32\M5VBVM60.EXE

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\M5VBVM60.EXE

Disinfection failed

C:\WINDOWS\system32\M5VBVM60.EXE

Deleted

C:\WINDOWS\system32\rund1132.exe

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\rund1132.exe

Disinfection failed

C:\WINDOWS\system32\rund1132.exe

Delete failed

C:\WINDOWS\system32.exe

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32.exe

Disinfection failed

C:\WINDOWS\system32.exe

Deleted

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:29, on 27/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllChache\Empty.jpg
C:\WINDOWS\system32\dllChache\Blank.doc
C:\WINDOWS\system32\dllChache\Zero.txt
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllChache\Hole.zip
C:\WINDOWS\system32\rund1132.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Frédéric\Bureau\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:21
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, "C:\WINDOWS\system32\M5VBVM60.EXE StartUp"
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Blank AntiViri] C:\AUT0EXEC.BAT StartUp
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Secure32] C:\WINDOWS\system32\dllcache\Shell32.com StartUp
O4 - HKCU\..\Run: [Secure64] C:\WINDOWS\system32\dllcache\Regedit32.com StartUp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: Interface Chat Voila - http://chat15.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/...
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25a9a28e86bbff480414/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/album-photo/wistiti/Upload/ImageUploader35.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01BC69D8-9608-469E-89CD-C87A957EB72B}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{75009A93-754D-441E-BCB0-989F3BCDCF99}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS1\Services\Tcpip\..\{01BC69D8-9608-469E-89CD-C87A957EB72B}: NameServer = 212.27.32.5,213.228.0.168
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Gene6 FTP Server (G6FTPServer) - Gene6 - C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
End of file - 13995 bytes

Configuration: Windows XP
Firefox 2.0.0.6

Meilleures réponses pour « win32 trojan gen {other}... la cata !! » dans :

Win 32 trojan-gen (other) et win 32 skimorph (Résolu) Voir

Win.32:Trojan-gen. (Other) (Résolu) Voir

Win 32 trojan gen other (Résolu) Voir

Comment éradiquer Win 32: Trojan-gen {other} (Résolu) Voir

Comment suprimer win 32 trojan-gen (other) (Résolu) Voir

Impossible d'enlever win 32; trojan-gen{other Voir

Posez votre question Répondre

Kevindu36, le 27 aoû 2007 à 18:12:42

Salut

Telecharge genproc de Jean-Chrétien 1 et Narco 4.
http://www.alt-shift-return.org/Info/GenProc-HowTo.html
Poste le rapport .

A plus tard.

Configuration: Windows XP
Firefox 2.0.0.6

Répondre à Kevindu36

MOUN's, le 6 jan 2009 à 13:36:45

Salut,

j'ai le même problème que ce jeune homme j'ai fait exactement ce que tu as demandé de faire. Es ce que tu pourrais m'aider s'il te plait je te joint les différent rapports:

Clean Navipromo version 3.7.1 commencé le 06/01/2009 à 13:11:54,46

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Version 5.00 R1.03.1826
USER : Mounia ( Administrator )
BOOT : Fail-safe boot

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:186 Go (Free:89 Go)
D:\ (USB)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (USB)

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage executé en mode sans échec

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\Mounia\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Mounia\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Mounia\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Mounia\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Mounia\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

* Dans "C:\Documents and Settings\Mounia\locals~1\applic~1" *

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***

*** Nettoyage terminé le 06/01/2009 à 13:15:25,37 ***

SmitFraudFix v2.388

Rapport fait à 13:16:10,07, 06/01/2009
Executé à partir de C:\Documents and Settings\Mounia\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\Program Files\Google\googletoolbar1.dll supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{88013600-9E30-428C-A091-CFEA83B004FE}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{88013600-9E30-428C-A091-CFEA83B004FE}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{88013600-9E30-428C-A091-CFEA83B004FE}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{88013600-9E30-428C-A091-CFEA83B004FE}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:54, on 06/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Norman\NVC\BIN\ZLH.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Documents and Settings\Mounia\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\Mounia\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: AdvancedAdvisor - {7141E838-7BE0-F63D-6939-29A2CC9FBB15} - C:\Program Files\AdvancedAdvisor\AdvancedAdvisor-2.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\NVC\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Mounia\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm266YYFR
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
End of file - 10170 bytes

Répondre à MOUN's

lutherjimmy, le 27 aoû 2007 à 18:39:36

Bonjour et merci pour la réponse. Voici le log de GenProc :

[1] Aucune infection caractéristique trouvée !

Configuration: Windows XP
Firefox 2.0.0.6

Répondre à lutherjimmy

Kevindu36, le 27 aoû 2007 à 18:45:59

Re

le virus est dans la restauration du systeme, desactive la restauration du systeme
http://www.pcentraide.com/index.php?showtopic=9039
puis reactive là il faudrat que tu recreer un point de restauration car tout tes points vont etre supprimer

Fait un scan avec Bitdefender Online
http://www.bitdefender.com/scan8/ie.html]

Désactive ton antivirus pendant le scan
Puis poste le rapport génerré

++donne moi de tes nouvelles

Répondre à Kevindu36

badger, le 27 aoû 2007 à 18:46:25

Bonjour,
J'ai également le même problème avec Tojan, et je n'arive pas à m'en débarrasser.
Me'rci

Configuration: Windows XP
Internet Explorer 6.0

Répondre à badger

lutherjimmy, le 27 aoû 2007 à 21:54:58

Voici le dernier log de BitDfender :

BitDefender Online Scanner

Scan report generated at: Mon, Aug 27, 2007 - 20:36:05

Scan path: A:\;C:\;E:\;F:\;G:\;H:\;I:\;J:\;

Statistics

Time
01:39:40

Files
552223

Folders
9447

Boot Sectors
7

Archives
33553

Packed Files
28158

Results

Identified Viruses
6

Infected Files
22

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
16

Engines Info

Virus Definitions
750151

Engine build
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\ATI-CPanel\atipdsxx.dll
Infected with: Win32.Bacalid.A

C:\ATI-CPanel\atipdsxx.dll
Disinfection failed

C:\ATI-CPanel\atipdsxx.dll
Deleted

C:\ATI-CPanel\atipdxxx.dll
Infected with: Win32.Bacalid.A

C:\ATI-CPanel\atipdxxx.dll
Disinfection failed

C:\ATI-CPanel\atipdxxx.dll
Deleted

C:\ATI-CPanel\atiptaxx.exe
Infected with: Win32.Bacalid.A

C:\ATI-CPanel\atiptaxx.exe
Disinfection failed

C:\ATI-CPanel\atiptaxx.exe
Deleted

C:\ATI-CPanel\atipuixx.dll
Infected with: Win32.Bacalid.A

C:\ATI-CPanel\atipuixx.dll
Disinfection failed

C:\ATI-CPanel\atipuixx.dll
Deleted

C:\AUT0EXEC.BAT
Infected with: Trojan.FakeFolder.A

C:\AUT0EXEC.BAT
Disinfection failed

C:\AUT0EXEC.BAT
Deleted

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)=>reg_pass.zip
Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)=>reg_pass.zip
Disinfection failed

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)=>reg_pass.zip
Deleted

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)
Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)
Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx
Update failed

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip=>t_535475.exe
Infected with: Generic.Mitglied.F050E13C

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip=>t_535475.exe
Disinfection failed

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip=>t_535475.exe
Deleted

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip
Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)
Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)
Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx
Update failed

C:\Documents and Settings\Frédéric\Local Settings\Temp\VCab.DLL
Infected with: Trojan.Downloader.Small.DQQ

C:\Documents and Settings\Frédéric\Local Settings\Temp\VCab.DLL
Disinfection failed

C:\Documents and Settings\Frédéric\Local Settings\Temp\VCab.DLL
Delete failed

C:\Program Files\eMule\Temp\008.part=>Need.For.Speed.Carbono.(PC-Spanish).By.Delirium.Group\Keygen\Keygen.exe
Infected with: Trojan.Horse.BAU

C:\Program Files\eMule\Temp\008.part=>Need.For.Speed.Carbono.(PC-Spanish).By.Delirium.Group\Keygen\Keygen.exe
Disinfection failed

C:\Program Files\eMule\Temp\008.part=>Need.For.Speed.Carbono.(PC-Spanish).By.Delirium.Group\Keygen\Keygen.exe
Deleted

C:\Program Files\eMule\Temp\008.part
Update failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1125\A0139604.dll
Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1125\A0139604.dll
Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1125\A0139604.dll
Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1125\A0139605.BAT
Infected with: Trojan.FakeFolder.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1125\A0139605.BAT
Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1125\A0139605.BAT
Deleted

C:\WINDOWS\system32\dllcache\Regedit32.com
Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllcache\Regedit32.com
Disinfection failed

C:\WINDOWS\system32\dllcache\Regedit32.com
Deleted

C:\WINDOWS\system32\dllcache\Shell32.com
Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllcache\Shell32.com
Disinfection failed

C:\WINDOWS\system32\dllcache\Shell32.com
Deleted

C:\WINDOWS\system32\dllchache\Blank.doc
Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Blank.doc
Disinfection failed

C:\WINDOWS\system32\dllchache\Blank.doc
Delete failed

C:\WINDOWS\system32\dllchache\Empty.jpg
Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Empty.jpg
Disinfection failed

C:\WINDOWS\system32\dllchache\Empty.jpg
Delete failed

C:\WINDOWS\system32\dllchache\Hole.zip
Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Hole.zip
Disinfection failed

C:\WINDOWS\system32\dllchache\Hole.zip
Delete failed

C:\WINDOWS\system32\dllchache\Unoccupied.reg
Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Unoccupied.reg
Disinfection failed

C:\WINDOWS\system32\dllchache\Unoccupied.reg
Delete failed

C:\WINDOWS\system32\dllchache\Zero.txt
Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Zero.txt
Disinfection failed

C:\WINDOWS\system32\dllchache\Zero.txt
Delete failed

C:\WINDOWS\system32\dllchache.exe
Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache.exe
Disinfection failed

C:\WINDOWS\system32\dllchache.exe
Deleted

C:\WINDOWS\system32\M5VBVM60.EXE
Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\M5VBVM60.EXE
Disinfection failed

C:\WINDOWS\system32\M5VBVM60.EXE
Deleted

C:\WINDOWS\system32\rund1132.exe
Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\rund1132.exe
Disinfection failed

C:\WINDOWS\system32\rund1132.exe
Deleted

C:\WINDOWS\system32.exe
Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32.exe
Disinfection failed

C:\WINDOWS\system32.exe
Deleted

Configuration: Windows XP
Internet Explorer 7.0

Répondre à lutherjimmy

lutherjimmy, le 28 aoû 2007 à 10:14:10

Bonjour,

Voilà quelques heures que mon ordi a retrouvé un comportement normal. Il semblerait que le win32 Trojan-gen qui l'avait complètement paralysé ait disparu. J'attends encore cet après-midi pour voir l'évolution et passerais l'item sur problème résolu.

Merci, merci et merci à Kevindu36.

Bien que travaillant dans le monde de l'informatique je ne connais rien à celui des virus. Existe-t-il des bouquins ou des liens de référence qui pourraient venir combler mon ignorance ?

Lutherjimmy

Configuration: Windows XP
Firefox 2.0.0.6

Répondre à lutherjimmy

lutherjimmy, le 3 sep 2007 à 15:20:15

Ben voilà, je crois qu'il a été anéanti ! Une bonne nouvelle.

Merci encore à Kevindu 36.

Configuration: Windows XP
Firefox 2.0.0.6

Répondre à lutherjimmy

Posez votre question Répondre