besoin d'aide pour déloger un trojan
Dernière réponse : dans Le monde de Windows
Bonjour.
Je suis harcelé depuis quelques jours par un trojan du type *exssd* ou *exinjs* (où * est un chiffre aléatoire).
Avast détecte le trojan, je le supprime mais il revient sans cesse. J'ai plusieurs exe qui se créent dans le fichier TEMP. De plus j'ai une icône avast ! courrier électronique avec un gyrophare dans la barre en bas à droite de Windows (peut être des mails envoyés à mon insu ?)
J'ai appliqué le tutorial de désinfection : CCleaner, AVG, BitDefender puis HijackThis. Voilà les rapports :
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 14:28:17 05/02/2007
+ Résultat de l'analyse:
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Nettoyé.
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033289.exe -> Downloader.Horst.al : Nettoyé.
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP203\A0028306.exe -> Dropper.Agent.xk : Nettoyé.
Fin du rapport
BitDefender Online Scanner
Scan report generated at: Mon, Feb 05, 2007 - 15:30:10
Scan path: C:\;D:\;E:\;F:\;
Statistics
Time
00:57:09
Files
316069
Folders
6407
Boot Sectors
4
Archives
7316
Packed Files
14506
Results
Identified Viruses
3
Infected Files
24
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
23
Engines Info
Virus Definitions
418615
Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\system\smss.exe
Infected with: DeepScan:Generic.Horst.FAC5997C
C:\WINDOWS\system\smss.exe
Disinfection failed
C:\WINDOWS\system\smss.exe
Deleted
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\27exinjs.a2.exe
Infected with: Trojan.Killav.F
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\27exinjs.a2.exe
Disinfection failed
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\27exinjs.a2.exe
Deleted
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\87exinjs.a2.exe
Infected with: Trojan.Killav.F
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\87exinjs.a2.exe
Disinfection failed
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\87exinjs.a2.exe
Deleted
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\77exmodul32i.9.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\77exmodul32i.9.exe
Disinfection failed
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\77exmodul32i.9.exe
Deleted
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\4exinjs.a2.exe
Infected with: Trojan.Killav.F
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\4exinjs.a2.exe
Disinfection failed
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\4exinjs.a2.exe
Deleted
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\16exinjs.a2.exe
Infected with: Trojan.Killav.F
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\16exinjs.a2.exe
Disinfection failed
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\16exinjs.a2.exe
Deleted
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\66exmodul32i.9.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\66exmodul32i.9.exe
Disinfection failed
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\66exmodul32i.9.exe
Deleted
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\47exinjs.a2.exe
Infected with: Trojan.Killav.F
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\47exinjs.a2.exe
Disinfection failed
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\47exinjs.a2.exe
Delete failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033288.exe
Infected with: Trojan.Killav.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033288.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033288.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033291.exe
Infected with: Trojan.Killav.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033291.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033291.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033292.exe
Infected with: Trojan.Killav.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033292.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033292.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033293.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033293.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033293.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033296.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033296.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033296.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033297.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033297.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033297.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033298.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033298.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033298.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033300.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033300.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033300.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033301.exe
Infected with: Trojan.Killav.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033301.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033301.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033303.exe
Infected with: Trojan.Killav.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033303.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033303.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033304.exe
Infected with: Trojan.Killav.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033304.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033304.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033305.exe
Infected with: Trojan.Killav.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033305.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033305.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033306.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033306.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033306.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033308.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033308.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033308.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033309.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033309.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033309.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033814.exe
Infected with: DeepScan:Generic.Horst.FAC5997C
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033814.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033814.exe
Deleted
Logfile of HijackThis v1.99.1
Scan saved at 17:30:42, on 05/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\FAYOLLE\LOCALS~1\Temp\18exinjs.a2.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0949F47-D9B3-475D-ABC0-2D1C16A55290}: NameServer = 192.168.34.16
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
Ne sachant plus quoi faire je fais appel à vos lumières...
Merci d'avance pour votre aide.
Je suis harcelé depuis quelques jours par un trojan du type *exssd* ou *exinjs* (où * est un chiffre aléatoire).
Avast détecte le trojan, je le supprime mais il revient sans cesse. J'ai plusieurs exe qui se créent dans le fichier TEMP. De plus j'ai une icône avast ! courrier électronique avec un gyrophare dans la barre en bas à droite de Windows (peut être des mails envoyés à mon insu ?)
J'ai appliqué le tutorial de désinfection : CCleaner, AVG, BitDefender puis HijackThis. Voilà les rapports :
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 14:28:17 05/02/2007
+ Résultat de l'analyse:
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Nettoyé.
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033289.exe -> Downloader.Horst.al : Nettoyé.
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP203\A0028306.exe -> Dropper.Agent.xk : Nettoyé.
Fin du rapport
BitDefender Online Scanner
Scan report generated at: Mon, Feb 05, 2007 - 15:30:10
Scan path: C:\;D:\;E:\;F:\;
Statistics
Time
00:57:09
Files
316069
Folders
6407
Boot Sectors
4
Archives
7316
Packed Files
14506
Results
Identified Viruses
3
Infected Files
24
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
23
Engines Info
Virus Definitions
418615
Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\system\smss.exe
Infected with: DeepScan:Generic.Horst.FAC5997C
C:\WINDOWS\system\smss.exe
Disinfection failed
C:\WINDOWS\system\smss.exe
Deleted
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\27exinjs.a2.exe
Infected with: Trojan.Killav.F
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\27exinjs.a2.exe
Disinfection failed
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\27exinjs.a2.exe
Deleted
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\87exinjs.a2.exe
Infected with: Trojan.Killav.F
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\87exinjs.a2.exe
Disinfection failed
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\87exinjs.a2.exe
Deleted
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\77exmodul32i.9.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\77exmodul32i.9.exe
Disinfection failed
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\77exmodul32i.9.exe
Deleted
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\4exinjs.a2.exe
Infected with: Trojan.Killav.F
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\4exinjs.a2.exe
Disinfection failed
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\4exinjs.a2.exe
Deleted
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\16exinjs.a2.exe
Infected with: Trojan.Killav.F
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\16exinjs.a2.exe
Disinfection failed
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\16exinjs.a2.exe
Deleted
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\66exmodul32i.9.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\66exmodul32i.9.exe
Disinfection failed
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\66exmodul32i.9.exe
Deleted
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\47exinjs.a2.exe
Infected with: Trojan.Killav.F
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\47exinjs.a2.exe
Disinfection failed
C:\Documents and Settings\FAYOLLE\Local Settings\Temp\47exinjs.a2.exe
Delete failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033288.exe
Infected with: Trojan.Killav.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033288.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033288.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033291.exe
Infected with: Trojan.Killav.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033291.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033291.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033292.exe
Infected with: Trojan.Killav.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033292.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033292.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033293.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033293.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033293.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033296.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033296.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033296.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033297.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033297.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033297.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033298.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033298.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033298.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033300.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033300.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033300.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033301.exe
Infected with: Trojan.Killav.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033301.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033301.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033303.exe
Infected with: Trojan.Killav.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033303.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033303.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033304.exe
Infected with: Trojan.Killav.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033304.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033304.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033305.exe
Infected with: Trojan.Killav.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033305.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033305.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033306.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033306.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033306.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033308.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033308.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033308.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033309.exe
Infected with: Generic.Spammer.C2B1D6DE
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033309.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033309.exe
Deleted
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033814.exe
Infected with: DeepScan:Generic.Horst.FAC5997C
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033814.exe
Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP238\A0033814.exe
Deleted
Logfile of HijackThis v1.99.1
Scan saved at 17:30:42, on 05/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\FAYOLLE\LOCALS~1\Temp\18exinjs.a2.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0949F47-D9B3-475D-ABC0-2D1C16A55290}: NameServer = 192.168.34.16
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
Ne sachant plus quoi faire je fais appel à vos lumières...
Merci d'avance pour votre aide.
Autres pages sur : besoin aide deloger trojan
Lassé par la pub ? Créez un compte
A la vu de ce rapport il est evident que ton ordinateur est infecter par le trojan killav.f
pour l'enlever va a l'adresse cid-dessous clique sur l'onglet removal et suit les instructions :
http://www.symantec.com/security_response/writeup.jsp?d...
edit : il semble que pour ce trojan symantec n'ai pas fournit de solution generique et demande d'utiliser son logiciel (Norton antivirus) mais a mon avi il te suffit de desactiver la restoration systeme et de faire un scan au demarage avec avast apres l'avoir reinstaller et re mis a jour.
pour l'enlever va a l'adresse cid-dessous clique sur l'onglet removal et suit les instructions :
http://www.symantec.com/security_response/writeup.jsp?d...
edit : il semble que pour ce trojan symantec n'ai pas fournit de solution generique et demande d'utiliser son logiciel (Norton antivirus) mais a mon avi il te suffit de desactiver la restoration systeme et de faire un scan au demarage avec avast apres l'avoir reinstaller et re mis a jour.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumAchat de watercooling besoin aide
- ForumBesoin d aide avec mon processeur
- ForumBesoin aide virus 2
- ForumBesoin aide avec xp
- ForumBesoin d aide pour excel
- ForumBesoin d aide sur fraps
- ForumBesoin aide hijackthis
- ForumAchat d un pc portable besoin d aide
- ForumAh ceux qui ont un routeur linksys besoin d aide
- ForumPossesseur de hp nx7300 besoin de votre aide
- Voir plus
