Rapport antivirus - avis d'un expert requis
Fabieng
-
Fabieng -
Fabieng -
Bonjour,
Je me suis fait infecté, je ne sais pas comment. Mon pc est beaucoup plus lent, des fenetres intempestives s'ouvrent quand je surfe avec Frefox.
J''ai suivi les instructions de ce post: http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr
Il n'y a rien d'urgent, mais bon pour éviter que je transmette un virus a mon tour, merci a l'expert qui pourra me donner les instructions necessaires pour me debarasser de tout mes virus.
Voici la copie des 3 rapports ci-dessous:
1) AVG Anti-Spyware 7.5
Scan "Scan whole computer" was finished.
Infections;"1";"1";"0"
Warnings;"18"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Thursday, April 02, 2009, 11:22:50 PM"
Scan finished:;"Friday, April 03, 2009, 1:42:03 AM (2 hour(s) 19 minute(s) 12 second(s))"
Total object scanned:;"527067"
User who launched the scan:;"User"
Infections
File;"Infection";"Result"
C:\fsf\magnibar\plugins\SystemSnap\SystemSnap.dll;"Trojan horse Generic13.SNW";"Moved to Virus Vault"
Warnings
File;"Infection";"Result"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite;"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\advertising.com.1820df7a;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\advertising.com.f62113d5;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\smartadserver.com.321a5cf8;"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\smartadserver.com.3e749ab9;"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\smartadserver.com.5550c4ed;"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\smartadserver.com.c5827141;"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
2) Bitdefender
BitDefender Online Scanner
Scan report generated at: Fri, Apr 03, 2009 - 11:15:31
Scan path: C:\;D:\;
Statistics
Time
02:05:41
Files
514786
Folders
11966
Boot Sectors
0
Archives
6936
Packed Files
27991
Results
Identified Viruses
5
Infected Files
9
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
9
Engines Info
Virus Definitions
2816380
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins
17
Archive plugins
45
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\User\Desktop\Magic\Bonus\blainemagic\davidblainmegamagic.exe
Infected with: Trojan.Generic.1553057
C:\Documents and Settings\User\Desktop\Magic\Bonus\blainemagic\davidblainmegamagic.exe
Deleted
C:\Documents and Settings\User\Desktop\Magic\Bonus\blainemagic\Magic_tricks_blaine.zip=>davidblainmegamagic.exe
Infected with: Trojan.Generic.1553057
C:\Documents and Settings\User\Desktop\Magic\Bonus\blainemagic\Magic_tricks_blaine.zip=>davidblainmegamagic.exe
Deleted
C:\Documents and Settings\User\Desktop\Magic\Bonus\blainemagic\Magic_tricks_blaine.zip
Updated
C:\Documents and Settings\User\Desktop\Magic\Magic_for_all_com\dblaine_7452.zip=>davidblainmegamagic.exe
Infected with: Trojan.Generic.1553057
C:\Documents and Settings\User\Desktop\Magic\Magic_for_all_com\dblaine_7452.zip=>davidblainmegamagic.exe
Deleted
C:\Documents and Settings\User\Desktop\Magic\Magic_for_all_com\dblaine_7452.zip
Updated
C:\Program Files\Norton PC Checkup\downloader.vbs
Infected with: Dropped:Generic.XPL.ADODB.5C75C9B7
C:\Program Files\Norton PC Checkup\downloader.vbs
Disinfection failed
C:\Program Files\Norton PC Checkup\downloader.vbs
Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP93\A0038262.exe
Infected with: Gen:Adware.Heur.0131CEDEDE
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP93\A0038262.exe
Disinfection failed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP93\A0038262.exe
Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0039788.exe
Infected with: Gen:Adware.Heur.0141BEAEAE
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0039788.exe
Disinfection failed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0039788.exe
Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0040985.exe
Infected with: Trojan.Generic.1344866
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0040985.exe
Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0041214.exe
Infected with: Trojan.Generic.1553057
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0041214.exe
Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0041223.vbs
Infected with: Dropped:Generic.XPL.ADODB.5C75C9B7
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0041223.vbs
Disinfection failed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0041223.vbs
Deleted
3) Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:57 AM, on 4/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\fsf\magnibar\magnibar.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\documents and settings\user\local settings\application data\ooyao.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=3080307
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://marketingtips.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MagniBar] "C:\fsf\magnibar\magnibar.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ooyao] "c:\documents and settings\user\local settings\application data\ooyao.exe" ooyao
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: FreshDownload - {2C38B8E8-0904-4696-89C0-27A9B4C4284F} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://marketingtips.webex.com/client/T26L/webex/ieatgpc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9b1e4cf405c32) (gupdate1c9b1e4cf405c32) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Je me suis fait infecté, je ne sais pas comment. Mon pc est beaucoup plus lent, des fenetres intempestives s'ouvrent quand je surfe avec Frefox.
J''ai suivi les instructions de ce post: http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr
Il n'y a rien d'urgent, mais bon pour éviter que je transmette un virus a mon tour, merci a l'expert qui pourra me donner les instructions necessaires pour me debarasser de tout mes virus.
Voici la copie des 3 rapports ci-dessous:
1) AVG Anti-Spyware 7.5
Scan "Scan whole computer" was finished.
Infections;"1";"1";"0"
Warnings;"18"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Thursday, April 02, 2009, 11:22:50 PM"
Scan finished:;"Friday, April 03, 2009, 1:42:03 AM (2 hour(s) 19 minute(s) 12 second(s))"
Total object scanned:;"527067"
User who launched the scan:;"User"
Infections
File;"Infection";"Result"
C:\fsf\magnibar\plugins\SystemSnap\SystemSnap.dll;"Trojan horse Generic13.SNW";"Moved to Virus Vault"
Warnings
File;"Infection";"Result"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite;"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\advertising.com.1820df7a;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\advertising.com.f62113d5;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\smartadserver.com.321a5cf8;"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\smartadserver.com.3e749ab9;"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\smartadserver.com.5550c4ed;"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vlky0egd.default\cookies.sqlite:\smartadserver.com.c5827141;"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
2) Bitdefender
BitDefender Online Scanner
Scan report generated at: Fri, Apr 03, 2009 - 11:15:31
Scan path: C:\;D:\;
Statistics
Time
02:05:41
Files
514786
Folders
11966
Boot Sectors
0
Archives
6936
Packed Files
27991
Results
Identified Viruses
5
Infected Files
9
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
9
Engines Info
Virus Definitions
2816380
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins
17
Archive plugins
45
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\User\Desktop\Magic\Bonus\blainemagic\davidblainmegamagic.exe
Infected with: Trojan.Generic.1553057
C:\Documents and Settings\User\Desktop\Magic\Bonus\blainemagic\davidblainmegamagic.exe
Deleted
C:\Documents and Settings\User\Desktop\Magic\Bonus\blainemagic\Magic_tricks_blaine.zip=>davidblainmegamagic.exe
Infected with: Trojan.Generic.1553057
C:\Documents and Settings\User\Desktop\Magic\Bonus\blainemagic\Magic_tricks_blaine.zip=>davidblainmegamagic.exe
Deleted
C:\Documents and Settings\User\Desktop\Magic\Bonus\blainemagic\Magic_tricks_blaine.zip
Updated
C:\Documents and Settings\User\Desktop\Magic\Magic_for_all_com\dblaine_7452.zip=>davidblainmegamagic.exe
Infected with: Trojan.Generic.1553057
C:\Documents and Settings\User\Desktop\Magic\Magic_for_all_com\dblaine_7452.zip=>davidblainmegamagic.exe
Deleted
C:\Documents and Settings\User\Desktop\Magic\Magic_for_all_com\dblaine_7452.zip
Updated
C:\Program Files\Norton PC Checkup\downloader.vbs
Infected with: Dropped:Generic.XPL.ADODB.5C75C9B7
C:\Program Files\Norton PC Checkup\downloader.vbs
Disinfection failed
C:\Program Files\Norton PC Checkup\downloader.vbs
Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP93\A0038262.exe
Infected with: Gen:Adware.Heur.0131CEDEDE
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP93\A0038262.exe
Disinfection failed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP93\A0038262.exe
Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0039788.exe
Infected with: Gen:Adware.Heur.0141BEAEAE
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0039788.exe
Disinfection failed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0039788.exe
Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0040985.exe
Infected with: Trojan.Generic.1344866
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0040985.exe
Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0041214.exe
Infected with: Trojan.Generic.1553057
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0041214.exe
Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0041223.vbs
Infected with: Dropped:Generic.XPL.ADODB.5C75C9B7
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0041223.vbs
Disinfection failed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0041223.vbs
Deleted
3) Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:57 AM, on 4/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\fsf\magnibar\magnibar.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\documents and settings\user\local settings\application data\ooyao.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=3080307
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://marketingtips.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MagniBar] "C:\fsf\magnibar\magnibar.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ooyao] "c:\documents and settings\user\local settings\application data\ooyao.exe" ooyao
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: FreshDownload - {2C38B8E8-0904-4696-89C0-27A9B4C4284F} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://marketingtips.webex.com/client/T26L/webex/ieatgpc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9b1e4cf405c32) (gupdate1c9b1e4cf405c32) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
A voir également:
- Rapport antivirus - avis d'un expert requis
- Comodo antivirus - Télécharger - Sécurité
- Norton antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Panda antivirus - Télécharger - Antivirus & Antimalwares
- Plan d'un rapport de stage - Guide
- Expert php pinterest - Télécharger - Langages
23 réponses
Il te reste juste à désinstaller les outils :
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :
Télécharge toolscleaner sur ton Bureau :
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de ton disque dur (C:\)...colle le dans ta réponse
Pour ta question sur l'antivirus, ce n'est pas parce que c'est payant que c'est forcément meilleur.
Avira Antivir est gratuit et a une excellente réputation.
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :
Télécharge toolscleaner sur ton Bureau :
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de ton disque dur (C:\)...colle le dans ta réponse
Pour ta question sur l'antivirus, ce n'est pas parce que c'est payant que c'est forcément meilleur.
Avira Antivir est gratuit et a une excellente réputation.
Et Avira Antivir ne ralentie pas trop le PC? Est ce mieux qu'AVG?
Parce que c'est vrai que mieux vaut prévenir que guérir.
Voici le rapport généré:
[ Rapport ToolsCleaner version 2.2.8 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\SDFIX: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\User\Desktop\SdFix.exe: trouvé !
C:\Documents and Settings\User\Desktop\ComboFix.exe: trouvé !
C:\Documents and Settings\User\Desktop\HijackThis.exe: trouvé !
C:\Documents and Settings\User\Desktop\hijackthis.log: trouvé !
C:\Documents and Settings\User\Desktop\GenProc: trouvé !
C:\Documents and Settings\User\Desktop\Photos\GenProc: trouvé !
C:\Documents and Settings\User\Recent\HijackThis.lnk: trouvé !
C:\WINDOWS\NIRCMD.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\User\Desktop\SdFix.exe: supprimé !
C:\Documents and Settings\User\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\User\Desktop\HijackThis.exe: supprimé !
C:\Documents and Settings\User\Recent\HijackThis.lnk: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\User\Desktop\hijackthis.log: supprimé !
C:\WINDOWS\NIRCMD.exe: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\User\Desktop\GenProc: supprimé !
C:\Documents and Settings\User\Desktop\Photos\GenProc: supprimé !
Parce que c'est vrai que mieux vaut prévenir que guérir.
Voici le rapport généré:
[ Rapport ToolsCleaner version 2.2.8 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\SDFIX: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\User\Desktop\SdFix.exe: trouvé !
C:\Documents and Settings\User\Desktop\ComboFix.exe: trouvé !
C:\Documents and Settings\User\Desktop\HijackThis.exe: trouvé !
C:\Documents and Settings\User\Desktop\hijackthis.log: trouvé !
C:\Documents and Settings\User\Desktop\GenProc: trouvé !
C:\Documents and Settings\User\Desktop\Photos\GenProc: trouvé !
C:\Documents and Settings\User\Recent\HijackThis.lnk: trouvé !
C:\WINDOWS\NIRCMD.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\User\Desktop\SdFix.exe: supprimé !
C:\Documents and Settings\User\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\User\Desktop\HijackThis.exe: supprimé !
C:\Documents and Settings\User\Recent\HijackThis.lnk: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\User\Desktop\hijackthis.log: supprimé !
C:\WINDOWS\NIRCMD.exe: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\User\Desktop\GenProc: supprimé !
C:\Documents and Settings\User\Desktop\Photos\GenProc: supprimé !