Trojan muldrop

robi -  
 robi 37 -
bonjour ,
voici mon rapport.
pouvez-vous l'analyser ,merci

BitDefender Online Scanner

Scan report generated at: Wed, Nov 02, 2005 - 21:22:09

Scan path: A:\;C:\;D:\;

Statistics

Time
00:15:44

Files
111774

Folders
2881

Boot Sectors
2

Archives
791

Packed Files
14040

Results

Identified Viruses
3

Infected Files
7

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
6

Engines Info

Virus Definitions
232377

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\ELODIE\Local Settings\Temporary Internet Files\Content.IE5\OHWNU98P\puppy_cls[1].exe=>wise0020
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\Documents and Settings\ELODIE\Local Settings\Temporary Internet Files\Content.IE5\OHWNU98P\puppy_cls[1].exe=>wise0020
Deleted

C:\Documents and Settings\ELODIE\Local Settings\Temporary Internet Files\Content.IE5\OHWNU98P\puppy_cls[1].exe
Update failed

C:\Documents and Settings\ELODIE\Local Settings\Temporary Internet Files\Content.IE5\OHWNU98P\puppy_cls[1].exe=>wise0023
Infected with: Trojan.Muldrop.1869.A

C:\Documents and Settings\ELODIE\Local Settings\Temporary Internet Files\Content.IE5\OHWNU98P\puppy_cls[1].exe=>wise0023
Disinfection failed

C:\Documents and Settings\ELODIE\Local Settings\Temporary Internet Files\Content.IE5\OHWNU98P\puppy_cls[1].exe=>wise0023
Deleted

C:\Documents and Settings\ELODIE\Local Settings\Temporary Internet Files\Content.IE5\OHWNU98P\puppy_cls[1].exe
Update failed

C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0020
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0020
Deleted

C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe
Update failed

C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0023
Infected with: Trojan.Muldrop.1869.A

C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0023
Disinfection failed

C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0023
Deleted

C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe
Update failed

C:\Program Files\NewDotNet\newdotnet6_38.dll
Detected with: Application.Adware.NewDotNet.B

C:\Program Files\NewDotNet\newdotnet6_38.dll
Disinfection failed

C:\Program Files\NewDotNet\newdotnet6_38.dll
Delete failed

C:\RECYCLER\S-1-5-21-329068152-823518204-839522115-1004\Dc6.exe=>wise0020
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\RECYCLER\S-1-5-21-329068152-823518204-839522115-1004\Dc6.exe=>wise0020
Deleted

C:\RECYCLER\S-1-5-21-329068152-823518204-839522115-1004\Dc6.exe
Update failed

C:\RECYCLER\S-1-5-21-329068152-823518204-839522115-1004\Dc6.exe=>wise0023
Infected with: Trojan.Muldrop.1869.A

C:\RECYCLER\S-1-5-21-329068152-823518204-839522115-1004\Dc6.exe=>wise0023
Disinfection failed

C:\RECYCLER\S-1-5-21-329068152-823518204-839522115-1004\Dc6.exe=>wise0023
Deleted

C:\RECYCLER\S-1-5-21-329068152-823518204-839522115-1004\Dc6.exe
Update failed

merci ; a++

11 réponses

  1. bernie61
     
    salut
    et bien ils ont été détecté et effacé, c'est cool donc
    a+
    0
    1. robi
       
      bonjour,
      j'ai vider mes fichiers temporaire , mes corbeilles et malgré tout quand je refait un scan il me retrouve toujours quelque chose qu'il elimine je suppose d'après ce que je decripte



      BitDefender Online Scanner



      Scan report generated at: Thu, Nov 03, 2005 - 09:46:26





      Scan path: A:\;C:\;D:\;







      Statistics

      Time
      00:11:33

      Files
      100750

      Folders
      2847

      Boot Sectors
      2

      Archives
      729

      Packed Files
      13110




      Results

      Identified Viruses
      3

      Infected Files
      5

      Suspect Files
      0

      Warnings
      0

      Disinfected
      0

      Deleted Files
      4




      Engines Info

      Virus Definitions
      232446

      Engine build
      AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

      Scan plugins
      13

      Archive plugins
      39

      Unpack plugins
      4

      E-mail plugins
      6

      System plugins
      1




      Scan Settings

      First Action
      Disinfect

      Second Action
      Delete

      Heuristics
      Yes

      Enable Warnings
      Yes

      Scanned Extensions
      exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

      Exclude Extensions


      Scan Emails
      Yes

      Scan Archives
      Yes

      Scan Packed
      Yes

      Scan Files
      Yes

      Scan Boot
      Yes




      Scanned File
      Status

      C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0020
      Detected with: Application.Adware.NewDotNet.B.Dropper

      C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0020
      Deleted

      C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe
      Update failed

      C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0023
      Infected with: Trojan.Muldrop.1869.A

      C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0023
      Disinfection failed

      C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0023
      Deleted

      C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe
      Update failed

      C:\Program Files\NewDotNet\newdotnet6_38.dll
      Detected with: Application.Adware.NewDotNet.B

      C:\Program Files\NewDotNet\newdotnet6_38.dll
      Disinfection failed

      C:\Program Files\NewDotNet\newdotnet6_38.dll
      Delete failed

      C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0020
      Detected with: Application.Adware.NewDotNet.B.Dropper

      C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0020
      Deleted

      C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe
      Update failed

      C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023
      Infected with: Trojan.Muldrop.1869.A

      C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023
      Disinfection failed

      C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023
      Deleted

      C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe
      Update failed


      je l'ai refait plusieurs fois seul les fichiers temporaires on disparue
      comment se fait t-ilque les autre reapparaise toujours
      merci pour vos explications

      a++
      0
  2. bernie61
     
    salut
    tu vas là et effaces tout le répertoire
    C:\Program Files\NewDotNet\

    tu désactives la restauration, tu redémarres puis réactive la restauration
    tu refais un scan, si pas de détection crée un point de restauration
    sinon fais un HT
    Tu charges HijackThis là et enregistre le dans un répertoire spécifique:
    HijackThis direct download: http://209.133.47.12/~merijn/files/HijackThis.exe
    http://www.spywareinfo.com/~merijn/downloads.html
    Ou là
    http://www.spychecker.com/download/download_hijackthis.html
    tu le lances « Do a system scan and save log » et sauves le fichier hijackthis.log ou tu copie/colle avec cliq droit de la souris ici
    a+
    0
    1. robi
       
      re,
      j'ai fais rechercher : C:\Program Files\NewDotNet\
      cela m'affiche: -- newdotnet6_38.dll
      -- readme htlm
      --uninstall6_38

      ou se trouve le repertoire a effacer
      a++
      0
  3. Utilisateur anonyme
     
    salut robi
    télécharge HijackThis ici:
    http://www.hijackthis.de/downloads/hijackthis_199.zip

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (merci à balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage

    A+
    0
    1. robi
       
      bonjour,
      voici mon log

      Logfile of HijackThis v1.99.1
      Scan saved at 21:35:34, on 04/11/2005
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\Program Files\Logitech\iTouch\iTouch.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\WINDOWS\System32\RUNDLL32.EXE
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
      C:\WINDOWS\System32\rundll32.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\Logitech\SetPoint\KEM.exe
      C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\BJC\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
      O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
      O4 - HKLM\..\Run: [adiras] adiras.exe
      O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.cegetel.net/templates/static/ocx/AFAutoConfig.ocx
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B1F2588A-2ED1-4D1A-8751-830A54C97B65}: NameServer = 217.19.192.132 217.19.192.131
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

      merci

      a++
      0
  4. Utilisateur anonyme
     
    re,
    dans ajout/suppression de programme, desinstalle ceci:
    new dot net

    puis redemarre ton pc et remet un log

    a+
    0
    1. robi
       
      re,
      dans ajout/suppression de programme je ne trouve pas new dot net .
      avant ta reponse j'avais lancer spybot qui a detectés newdotnet mais n'a pu corrigés tout les "fichiers"
      a+
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    salut
    reverifie
    NEWDOT
    new net
    new not net

    et remet un log

    a+
    0
    1. robi
       
      bonjour,
      -NEWDOT
      -new net
      -new not net
      aucun de ces programmes n'est dans" ajout/supression de programme"

      a+
      0
  7. Utilisateur anonyme
     
    re
    remet un hijack this...

    a+
    0
  8. robi
     
    bonjour ,
    voici mon dernier scan d'hier et mon log d'aujourd'hui

    BitDefender Online Scanner

    Scan report generated at: Mon, Nov 07, 2005 - 22:40:57

    Scan path: A:\;C:\;D:\;

    Statistics

    Time
    00:25:43

    Files
    152010

    Folders
    2971

    Boot Sectors
    2

    Archives
    1475

    Packed Files
    15635

    Results

    Identified Viruses
    3

    Infected Files
    5

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    5

    Engines Info

    Virus Definitions
    232777

    Engine build
    AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

    Scan plugins
    13

    Archive plugins
    39

    Unpack plugins
    4

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0020
    Detected with: Application.Adware.NewDotNet.B.Dropper

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0020
    Deleted

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe
    Update failed

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023
    Infected with: Trojan.Muldrop.1869.A

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023
    Disinfection failed

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023
    Deleted

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe
    Update failed

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0020
    Detected with: Application.Adware.NewDotNet.B.Dropper

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0020
    Deleted

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe
    Update failed

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0023
    Infected with: Trojan.Muldrop.1869.A

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0023
    Disinfection failed

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0023
    Deleted

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe
    Update failed

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006684.dll
    Detected with: Application.Adware.NewDotNet.B

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006684.dll
    Disinfection failed

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006684.dll
    Deleted

    Logfile of HijackThis v1.99.1
    Scan saved at 23:01:56, on 08/11/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\BJC\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis_199.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.cegetel.net/templates/static/ocx/AFAutoConfig.ocx
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B1F2588A-2ED1-4D1A-8751-830A54C97B65}: NameServer = 217.19.192.132 217.19.192.131
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    merci pour l'aide apporté a tous les novices de l'informatique que nous sommes
    a+
    0
  9. Utilisateur anonyme
     
    salut
    ou en sont tes soucis

    a+
    0
  10. robi
     
    bonjour,
    ma question est :
    que pense tu du log du post 12 et pourquoi bitdefender me retrouve mes trojens a chaque fois si il les a éliminé au scan d'avant ?
    voici le scan d'aujourd'hui

    BitDefender Online Scanner

    Scan report generated at: Wed, Nov 09, 2005 - 20:34:38

    Scan path: A:\;C:\;D:\;

    Statistics

    Time
    00:33:32

    Files
    210945

    Folders
    3104

    Boot Sectors
    2

    Archives
    7350

    Packed Files
    21119

    Results

    Identified Viruses
    2

    Infected Files
    4

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    4

    Engines Info

    Virus Definitions
    232948

    Engine build
    AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

    Scan plugins
    13

    Archive plugins
    39

    Unpack plugins
    4

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0020
    Detected with: Application.Adware.NewDotNet.B.Dropper

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0020
    Deleted

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe
    Update failed

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023
    Infected with: Trojan.Muldrop.1869.A

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023
    Disinfection failed

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023
    Deleted

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe
    Update failed

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0020
    Detected with: Application.Adware.NewDotNet.B.Dropper

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0020
    Deleted

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe
    Update failed

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0023
    Infected with: Trojan.Muldrop.1869.A

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0023
    Disinfection failed

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0023
    Deleted

    C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe
    Update failed

    je n'ai pas retrouvé les programmes :
    -NEWDOT
    -new net
    -new not net
    aucun de ces programmes n'est dans" ajout/supression de programme"

    alors ?

    apparament je ne ressent pas de problème pour le moment mais j'essaye de comprendre le pourquoi du comment .
    a+
    0
  11. Utilisateur anonyme
     
    salut

    Tes virus se trouvent dans un point de restauration système infecté.
    Il faut que tu la désactive, ce qui a pour effet de supprimer les points de restau système, ensuite il faut que tu la réactive.

    Désactive la restauration systéme.
    Clic droit sur poste de travail > propriétés > onglet restauration système
    puis cocher "désactiver la restauration système".
    clic sur ok pour valider

    redemarre ton pc et reactive là :
    Clic droit sur poste de travail > propriétés > onglet restauration système
    puis décocher "désactiver la restauration système".

    Puis refais un scan de controle avec ton av

    a+
    0
  12. robi 37
     
    re,
    ok tout a l'air clin après le scan en ligne bitdefender.

    C:\System Volume Information\_restore: est le point de restauration, si j'ai bien compris

    sans vos conseils et vos solutions nous serions dans la .... au bonheur des dépanneurs
    merci à vous tous

    a+ robi 37
    0