[Virus SOBER] comment le supprimer ?
Résolu
Riwalenn
Messages postés
370
Statut
Membre
-
Riwalenn Messages postés 370 Statut Membre -
Riwalenn Messages postés 370 Statut Membre -
Bonjour,
ces derniers temps je reçois pleins de mails du style "smtp mail failed", "mail delivery failed", "your password", "you visit illegal websites" sur l'adresse postmaster de l'administrateur....
J'ai fait un scandisk avec symantec et il me dit que je suis infectée par Sober, mytob et beagle. J'ai mis les fichiers en quarantaine, je les ai ensuite supprimés. J'ai lançé les fixSober, fixmytob et fixbegle... J'ai lancé ad-aware se et j'ai refat un scan me disant qu'il n'y avait plus rien d'infecté sur le serveur.
Sur le réseau on utilise actuellement outlook office 2003, les règles de messages ne fonctionne pas pour l'adresse postmaster de l'administrator, je veux dire par là que c'est pas automatique et que je suis obligé de les lancer manuellement.
Après tout les scans fait sur le serveur et sur les machines au nombre de 12, je reçois toujours ces mails indésirables... y'a t'il un moyen de s'en débarrasser ?
merci pour votre aide
ces derniers temps je reçois pleins de mails du style "smtp mail failed", "mail delivery failed", "your password", "you visit illegal websites" sur l'adresse postmaster de l'administrateur....
J'ai fait un scandisk avec symantec et il me dit que je suis infectée par Sober, mytob et beagle. J'ai mis les fichiers en quarantaine, je les ai ensuite supprimés. J'ai lançé les fixSober, fixmytob et fixbegle... J'ai lancé ad-aware se et j'ai refat un scan me disant qu'il n'y avait plus rien d'infecté sur le serveur.
Sur le réseau on utilise actuellement outlook office 2003, les règles de messages ne fonctionne pas pour l'adresse postmaster de l'administrator, je veux dire par là que c'est pas automatique et que je suis obligé de les lancer manuellement.
Après tout les scans fait sur le serveur et sur les machines au nombre de 12, je reçois toujours ces mails indésirables... y'a t'il un moyen de s'en débarrasser ?
merci pour votre aide
A voir également:
- [Virus SOBER] comment le supprimer ?
- Supprimer rond bleu whatsapp - Guide
- Comment supprimer une page sur word - Guide
- Comment supprimer fausse alerte virus mcafee - Accueil - Piratage
- Supprimer pub youtube - Accueil - Streaming
- Comment supprimer une application préinstallée sur android - Guide
33 réponses
bsr
oui bien sur
as-tu déjà ton stock d'utilitaires de désinfection ?
http://www.commentcamarche.net/faq/484-Virus-et-Malwares-Le-truc-pour-les-%E9liminer
mais 12 appareils à traiter ici........ouille
oui bien sur
as-tu déjà ton stock d'utilitaires de désinfection ?
http://www.commentcamarche.net/faq/484-Virus-et-Malwares-Le-truc-pour-les-%E9liminer
mais 12 appareils à traiter ici........ouille
oui j'ai tout ce qu'il faut... par exemple ce matin j'suis arrivée au boulot et j'avais à l'écran Symantec qui me disait qu'il avait trouvé un fichier infecté par mytob...
ce qui me parait bizarre c'est que ça fait plus de 4 mois que je suis sur ce serveur et que jusqu'ici je n'avais pas eu de message de ce type...
Sinon j'ai un fixmytob mais apparement ça n'a pas l'air de suffir
ce qui me parait bizarre c'est que ça fait plus de 4 mois que je suis sur ce serveur et que jusqu'ici je n'avais pas eu de message de ce type...
Sinon j'ai un fixmytob mais apparement ça n'a pas l'air de suffir
bjr
le mieux est sans doute que tu post ici un log hijackthis pour que quelqu'un puisse l'examiner
http://telechargement.zebulon.fr/license-1-138.html
le mieux est sans doute que tu post ici un log hijackthis pour que quelqu'un puisse l'examiner
http://telechargement.zebulon.fr/license-1-138.html
C'est bien de ceci dont tu as besoin?
Logfile of HijackThis v1.99.1
Scan saved at 11:07:29, on 30/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\program files\Nav\defwatch.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\cba\pds.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\sfmsvc.exe
C:\WINNT\System32\sfmprint.exe
D:\Program Files\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe
e:\PROGRA~1\MICROS~1\MSSQL$~1\binn\sqlservr.exe
D:\program files\Nav\rtvscan.exe
C:\Program Files\SSC\NSCTOP.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RsFsa.exe
C:\WINNT\system32\RsSub.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\system32\ams_ii\hndlrsvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\ams_ii\iao.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\System32\modemshr.exe
C:\WINNT\System32\msdtc.exe
D:\Program Files\Exchsrvr\bin\exmgmt.exe
D:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
D:\Program Files\Microsoft Shared Fax\Bin\FXSSVC.exe
C:\WINNT\System32\svchost.exe
D:\Program Files\Exchsrvr\bin\store.exe
D:\Program Files\Exchsrvr\bin\emsmta.exe
C:\WINNT\Explorer.EXE
D:\PROGRA~1\Nav\vptray.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\RsEng.exe
C:\WINNT\System32\mdm.exe
D:\Program Files\Microsoft ISA Server\mspadmin.exe
D:\Program Files\Microsoft ISA Server\w3proxy.exe
D:\Program Files\Microsoft ISA Server\W3Prefch.exe
C:\WINNT\system32\wuauclt.exe
D:\Program Files\Microsoft ISA Server\wspsrv.exe
E:\company shared folders\TransfertRiwalenn\anti-virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://2estockfrance/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = WSSERVE:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Acrobat Reader 6\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\Nav\vptray.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {B43D3361-D975-4BE2-87FE-438AB8E74394} (PTLauncher Class) - file://E:\2e-stock\Invoice-Print\BrochureMachine.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{02F7283B-F8A6-4E46-B5BC-4CC636EE2FF3}: NameServer = 10.0.1.2,127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{085A5A22-A86E-4D62-8CA4-1A04E0F40826}: NameServer = 10.0.0.2,127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{02F7283B-F8A6-4E46-B5BC-4CC636EE2FF3}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{02F7283B-F8A6-4E46-B5BC-4CC636EE2FF3}: NameServer = 10.0.1.2,127.0.0.1
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{02F7283B-F8A6-4E46-B5BC-4CC636EE2FF3}: NameServer = 10.0.1.2,127.0.0.1
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - D:\program files\Nav\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing)
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINNT\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel Corporation - C:\WINNT\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: Microsoft Connector for POP3 Mailboxes (MSPOP3Connector) - Unknown owner - D:\Program Files\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe" /SERVICE (file missing)
O23 - Service: Norton AntiVirus Server - Symantec Corporation - D:\program files\Nav\rtvscan.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 11:07:29, on 30/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\program files\Nav\defwatch.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\cba\pds.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\sfmsvc.exe
C:\WINNT\System32\sfmprint.exe
D:\Program Files\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe
e:\PROGRA~1\MICROS~1\MSSQL$~1\binn\sqlservr.exe
D:\program files\Nav\rtvscan.exe
C:\Program Files\SSC\NSCTOP.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RsFsa.exe
C:\WINNT\system32\RsSub.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\system32\ams_ii\hndlrsvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\ams_ii\iao.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\System32\modemshr.exe
C:\WINNT\System32\msdtc.exe
D:\Program Files\Exchsrvr\bin\exmgmt.exe
D:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
D:\Program Files\Microsoft Shared Fax\Bin\FXSSVC.exe
C:\WINNT\System32\svchost.exe
D:\Program Files\Exchsrvr\bin\store.exe
D:\Program Files\Exchsrvr\bin\emsmta.exe
C:\WINNT\Explorer.EXE
D:\PROGRA~1\Nav\vptray.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\RsEng.exe
C:\WINNT\System32\mdm.exe
D:\Program Files\Microsoft ISA Server\mspadmin.exe
D:\Program Files\Microsoft ISA Server\w3proxy.exe
D:\Program Files\Microsoft ISA Server\W3Prefch.exe
C:\WINNT\system32\wuauclt.exe
D:\Program Files\Microsoft ISA Server\wspsrv.exe
E:\company shared folders\TransfertRiwalenn\anti-virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://2estockfrance/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = WSSERVE:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Acrobat Reader 6\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\Nav\vptray.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {B43D3361-D975-4BE2-87FE-438AB8E74394} (PTLauncher Class) - file://E:\2e-stock\Invoice-Print\BrochureMachine.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{02F7283B-F8A6-4E46-B5BC-4CC636EE2FF3}: NameServer = 10.0.1.2,127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{085A5A22-A86E-4D62-8CA4-1A04E0F40826}: NameServer = 10.0.0.2,127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{02F7283B-F8A6-4E46-B5BC-4CC636EE2FF3}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{02F7283B-F8A6-4E46-B5BC-4CC636EE2FF3}: NameServer = 10.0.1.2,127.0.0.1
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{02F7283B-F8A6-4E46-B5BC-4CC636EE2FF3}: NameServer = 10.0.1.2,127.0.0.1
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - D:\program files\Nav\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing)
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINNT\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel Corporation - C:\WINNT\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: Microsoft Connector for POP3 Mailboxes (MSPOP3Connector) - Unknown owner - D:\Program Files\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe" /SERVICE (file missing)
O23 - Service: Norton AntiVirus Server - Symantec Corporation - D:\program files\Nav\rtvscan.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bsr
passe un coup d'ewido
http://www.ewido.net/fr/
et fais online avec
http://www.bitdefender.fr/bd/site/search.php#
et
http://fr.trendmicro-europe.com/consumer/housecall/housecall_launch.php
au fait je viens de relire ton post original : tu n'as pas d'anti spam ?
passe un coup d'ewido
http://www.ewido.net/fr/
et fais online avec
http://www.bitdefender.fr/bd/site/search.php#
et
http://fr.trendmicro-europe.com/consumer/housecall/housecall_launch.php
au fait je viens de relire ton post original : tu n'as pas d'anti spam ?
J'ai passé Ewido, il n'a remarqué aucun virus sur le serveur. Puis j'ai passé l'anti-virus avira et là problème, depuis ce moment là le "update" de Norton ne fonctionne plus !!! Quelqu'un à déjà eu ce problème ?
ci-dessous le rapport ewido après scan sur mon pc et non sur le serveur. (cela prend trop de ressource pour le moment sur le serveur) ayant un mail pop3 indépendant du serveur exchange et voyant que je reçois une centaine de mails failure chaque jours, je pense que j'ai le même virus que sur le serveur... maintenant à savoir lesquel mais surtout comment le supprimer puisque rien n'a fonctionner jusqu'à aujourd'hui !
__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________
Name: Spyware.Cookie.247realmedia
Path: C:\Documents and Settings\administrator.EUROSOURCEFRANC\Cookies\administrator@247realmedia[1].txt
Risk: Medium
Name: Spyware.Cookie.Atdmt
Path: C:\Documents and Settings\administrator.EUROSOURCEFRANC\Cookies\administrator@atdmt[2].txt
Risk: Medium
Name: Spyware.Alexa
Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: High
Name: Not-A-Virus.Monitor.Hooker.d
Path: C:\BackUp\Program Files\Golden Eye\KBHOOK.DLL
Risk: High
Name: Downloader.IstBar.ja
Path: C:\data
Risk: High
Name: Spyware.Cookie.Smartadserver
Path: C:\Documents and Settings\carmenj\Cookies\carmenj@www.smartadserver[1].txt
Risk: Medium
Name: Spyware.Cookie.Bluestreak
Path: C:\Documents and Settings\doloresp\Cookies\doloresp@bluestreak[2].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\doloresp\Cookies\doloresp@doubleclick[1].txt
Risk: Medium
Name: Spyware.Cookie.Adviva
Path: C:\Documents and Settings\elodiebr\Cookies\elodiebr@adviva[1].txt
Risk: Medium
Name: Spyware.Cookie.Atdmt
Path: C:\Documents and Settings\elodiebr\Cookies\elodiebr@atdmt[1].txt
Risk: Medium
Name: Spyware.Cookie.Bluestreak
Path: C:\Documents and Settings\elodiebr\Cookies\elodiebr@bluestreak[1].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\elodiebr\Cookies\elodiebr@doubleclick[1].txt
Risk: Medium
Name: Spyware.Cookie.Estat
Path: C:\Documents and Settings\elodiebr\Cookies\elodiebr@estat[1].txt
Risk: Medium
Name: Spyware.Cookie.Qksrv
Path: C:\Documents and Settings\elodiebr\Cookies\elodiebr@qksrv[1].txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: C:\Documents and Settings\elodiebr\Cookies\elodiebr@www.smartadserver[1].txt
Risk: Medium
Name: Spyware.Cookie.Atdmt
Path: C:\Documents and Settings\marketing\Cookies\marketing@atdmt[2].txt
Risk: Medium
Name: Spyware.Cookie.Bluestreak
Path: C:\Documents and Settings\marketing\Cookies\marketing@bluestreak[2].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\marketing\Cookies\marketing@doubleclick[2].txt
Risk: Medium
Name: Spyware.Cookie.Estat
Path: C:\Documents and Settings\marketing\Cookies\marketing@estat[1].txt
Risk: Medium
Name: Spyware.Cookie.Mediaplex
Path: C:\Documents and Settings\marketing\Cookies\marketing@mediaplex[1].txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: C:\Documents and Settings\marketing\Cookies\marketing@www.smartadserver[1].txt
Risk: Medium
Name: Spyware.Cookie.Bluestreak
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@bluestreak[2].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@doubleclick[1].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@doubleclick[2].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@doubleclick[3].txt
Risk: Medium
Name: Spyware.Cookie.Questionmarket
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@questionmarket[1].txt
Risk: Medium
Name: Spyware.Cookie.Tradedoubler
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@tradedoubler[2].txt
Risk: Medium
Name: Spyware.Cookie.Weborama
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@weborama[2].txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@www.smartadserver[1].txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@www.smartadserver[2].txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: :mozilla.10:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: :mozilla.11:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: :mozilla.12:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: :mozilla.13:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.15:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.16:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.17:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.18:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Tribalfusion
Path: :mozilla.19:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.247realmedia
Path: :mozilla.20:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Spylog
Path: :mozilla.21:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Estat
Path: :mozilla.27:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Tradedoubler
Path: :mozilla.31:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Tradedoubler
Path: :mozilla.32:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Webtrendslive
Path: :mozilla.34:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Falkag
Path: :mozilla.41:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Falkag
Path: :mozilla.42:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Falkag
Path: :mozilla.43:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Falkag
Path: :mozilla.44:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Weborama
Path: :mozilla.45:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Bluestreak
Path: :mozilla.46:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Weborama
Path: :mozilla.47:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Atdmt
Path: :mozilla.50:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.247realmedia
Path: C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Cookies\riwalenn@247realmedia[1].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Cookies\riwalenn@doubleclick[1].txt
Risk: Medium
Name: Spyware.Cookie.Liveperson
Path: C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Cookies\riwalenn@server.iad.liveperson[1].txt
Risk: Medium
Name: Downloader.INService.h
Path: C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\1B4R40AI\download_plugin[1].exe
Risk: High
Name: Not-A-Virus.RemoteAdmin.Win32.WinVNC.4
Path: C:\Program Files\RealVNC\VNC4\vncconfig.exe
Risk: High
__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________
Name: Spyware.Cookie.247realmedia
Path: C:\Documents and Settings\administrator.EUROSOURCEFRANC\Cookies\administrator@247realmedia[1].txt
Risk: Medium
Name: Spyware.Cookie.Atdmt
Path: C:\Documents and Settings\administrator.EUROSOURCEFRANC\Cookies\administrator@atdmt[2].txt
Risk: Medium
Name: Spyware.Alexa
Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: High
Name: Not-A-Virus.Monitor.Hooker.d
Path: C:\BackUp\Program Files\Golden Eye\KBHOOK.DLL
Risk: High
Name: Downloader.IstBar.ja
Path: C:\data
Risk: High
Name: Spyware.Cookie.Smartadserver
Path: C:\Documents and Settings\carmenj\Cookies\carmenj@www.smartadserver[1].txt
Risk: Medium
Name: Spyware.Cookie.Bluestreak
Path: C:\Documents and Settings\doloresp\Cookies\doloresp@bluestreak[2].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\doloresp\Cookies\doloresp@doubleclick[1].txt
Risk: Medium
Name: Spyware.Cookie.Adviva
Path: C:\Documents and Settings\elodiebr\Cookies\elodiebr@adviva[1].txt
Risk: Medium
Name: Spyware.Cookie.Atdmt
Path: C:\Documents and Settings\elodiebr\Cookies\elodiebr@atdmt[1].txt
Risk: Medium
Name: Spyware.Cookie.Bluestreak
Path: C:\Documents and Settings\elodiebr\Cookies\elodiebr@bluestreak[1].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\elodiebr\Cookies\elodiebr@doubleclick[1].txt
Risk: Medium
Name: Spyware.Cookie.Estat
Path: C:\Documents and Settings\elodiebr\Cookies\elodiebr@estat[1].txt
Risk: Medium
Name: Spyware.Cookie.Qksrv
Path: C:\Documents and Settings\elodiebr\Cookies\elodiebr@qksrv[1].txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: C:\Documents and Settings\elodiebr\Cookies\elodiebr@www.smartadserver[1].txt
Risk: Medium
Name: Spyware.Cookie.Atdmt
Path: C:\Documents and Settings\marketing\Cookies\marketing@atdmt[2].txt
Risk: Medium
Name: Spyware.Cookie.Bluestreak
Path: C:\Documents and Settings\marketing\Cookies\marketing@bluestreak[2].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\marketing\Cookies\marketing@doubleclick[2].txt
Risk: Medium
Name: Spyware.Cookie.Estat
Path: C:\Documents and Settings\marketing\Cookies\marketing@estat[1].txt
Risk: Medium
Name: Spyware.Cookie.Mediaplex
Path: C:\Documents and Settings\marketing\Cookies\marketing@mediaplex[1].txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: C:\Documents and Settings\marketing\Cookies\marketing@www.smartadserver[1].txt
Risk: Medium
Name: Spyware.Cookie.Bluestreak
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@bluestreak[2].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@doubleclick[1].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@doubleclick[2].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@doubleclick[3].txt
Risk: Medium
Name: Spyware.Cookie.Questionmarket
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@questionmarket[1].txt
Risk: Medium
Name: Spyware.Cookie.Tradedoubler
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@tradedoubler[2].txt
Risk: Medium
Name: Spyware.Cookie.Weborama
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@weborama[2].txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@www.smartadserver[1].txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: C:\Documents and Settings\myriamg\Cookies\myriamg@www.smartadserver[2].txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: :mozilla.10:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: :mozilla.11:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: :mozilla.12:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Smartadserver
Path: :mozilla.13:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.15:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.16:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.17:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.18:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Tribalfusion
Path: :mozilla.19:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.247realmedia
Path: :mozilla.20:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Spylog
Path: :mozilla.21:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Estat
Path: :mozilla.27:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Tradedoubler
Path: :mozilla.31:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Tradedoubler
Path: :mozilla.32:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Webtrendslive
Path: :mozilla.34:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Falkag
Path: :mozilla.41:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Falkag
Path: :mozilla.42:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Falkag
Path: :mozilla.43:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Falkag
Path: :mozilla.44:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Weborama
Path: :mozilla.45:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Bluestreak
Path: :mozilla.46:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Weborama
Path: :mozilla.47:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.Atdmt
Path: :mozilla.50:C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Application Data\Mozilla\Firefox\Profiles\eoojsv49.default\cookies.txt
Risk: Medium
Name: Spyware.Cookie.247realmedia
Path: C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Cookies\riwalenn@247realmedia[1].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Cookies\riwalenn@doubleclick[1].txt
Risk: Medium
Name: Spyware.Cookie.Liveperson
Path: C:\Documents and Settings\Riwalenn.EUROSOURCEFRANC\Cookies\riwalenn@server.iad.liveperson[1].txt
Risk: Medium
Name: Downloader.INService.h
Path: C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\1B4R40AI\download_plugin[1].exe
Risk: High
Name: Not-A-Virus.RemoteAdmin.Win32.WinVNC.4
Path: C:\Program Files\RealVNC\VNC4\vncconfig.exe
Risk: High
bjr
ben t'es sacrément pourri
tout cela est à détruire bien sur
______
faire ceci
Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
ben t'es sacrément pourri
tout cela est à détruire bien sur
______
faire ceci
Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
premier rapport suite à l'option 1 :
SmitFraudFix v2.11
Rapport fait à 15:43:47,14 le 05/01/2006
Executé à partir de C:\Documents and Settings\administrator.EUROSOURCEFRANC\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\administrator.EUROSOURCEFRANC\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
ci-après le rapport n°2 après l'option n°2 (il m'a juste demandé si je voulais nettoyer la base de registre)
SmitFraudFix v2.11
Rapport fait à 15:48:53,17 le 05/01/2006
Executé à partir de C:\Documents and Settings\administrator.EUROSOURCEFRANC\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
SmitFraudFix v2.11
Rapport fait à 15:43:47,14 le 05/01/2006
Executé à partir de C:\Documents and Settings\administrator.EUROSOURCEFRANC\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\administrator.EUROSOURCEFRANC\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
ci-après le rapport n°2 après l'option n°2 (il m'a juste demandé si je voulais nettoyer la base de registre)
SmitFraudFix v2.11
Rapport fait à 15:48:53,17 le 05/01/2006
Executé à partir de C:\Documents and Settings\administrator.EUROSOURCEFRANC\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
impossible d'utiliser bitdefender, il n'a pas réussi à mettre à jour sa liste de virus et il n'a pas pu faire le scan !
re
de toute fcon tu as d'autres choix ici
http://assiste.free.fr/p/antivirus_gratuits_en_ligne/antivirus_en_ligne.php
il est tjrs bon d'avoir plusieurs réponses d'organismes différents
de toute fcon tu as d'autres choix ici
http://assiste.free.fr/p/antivirus_gratuits_en_ligne/antivirus_en_ligne.php
il est tjrs bon d'avoir plusieurs réponses d'organismes différents
J'ai fait un scan avec Hijackthis, je sais pas si cela sert à quelque chose mais voici le rapport :
Logfile of HijackThis v1.99.1
Scan saved at 14:08:50, on 06/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://WSSERVE:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124697583078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124697695937
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\Software\..\Telephony: DomainName = eurosourcefrance.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 14:08:50, on 06/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://WSSERVE:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124697583078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124697695937
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\Software\..\Telephony: DomainName = eurosourcefrance.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
bjr
fixe ces lignes
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124697583078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124697695937
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
fixe ces lignes
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124697583078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124697695937
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
Quelqu'un peut me dire ce que je peux fixer dans ce rapport hijackthis ? Merci
Logfile of HijackThis v1.99.1
Scan saved at 11:26:05, on 25/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
\Wsserve\goldmine\gmw6.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://WSSERVE:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [syslogwin] C:\WINDOWS\System32\sysrunservice.exe
O4 - HKLM\..\Run: [spoolrunx] C:\WINDOWS\System32\spool.exe %srun%
O4 - HKLM\..\Run: [Jammer2nd] C:\WINDOWS\Jammer2nd.exe
O4 - HKLM\..\Run: [External Dependencies] External.exe
O4 - HKLM\..\RunServices: [External Dependencies] External.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [diagwin] C:\WINDOWS\System32\sysrunservice.exe
O4 - HKCU\..\Run: [loghostrunx] C:\WINDOWS\System32\spool.exe %srun%
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128438448234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128438440859
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\Software\..\Telephony: DomainName = eurosourcefrance.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 11:26:05, on 25/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
\Wsserve\goldmine\gmw6.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://WSSERVE:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [syslogwin] C:\WINDOWS\System32\sysrunservice.exe
O4 - HKLM\..\Run: [spoolrunx] C:\WINDOWS\System32\spool.exe %srun%
O4 - HKLM\..\Run: [Jammer2nd] C:\WINDOWS\Jammer2nd.exe
O4 - HKLM\..\Run: [External Dependencies] External.exe
O4 - HKLM\..\RunServices: [External Dependencies] External.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [diagwin] C:\WINDOWS\System32\sysrunservice.exe
O4 - HKCU\..\Run: [loghostrunx] C:\WINDOWS\System32\spool.exe %srun%
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128438448234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128438440859
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\Software\..\Telephony: DomainName = eurosourcefrance.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eurosourcefrance.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
bjr
tu fixes
O4 - HKLM\..\Run: [Jammer2nd] C:\WINDOWS\Jammer2nd.exe
+
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128438448234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128438440859
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
------------
tu colles un rapport d'ewido ici
ewido (dowload)
http://www.ewido.net/fr/download/
------------
tu colles un rapport de bitdef ici
http://www.bitdefender.fr/bd/site/search.php#
------------
tu fixes
O4 - HKLM\..\Run: [Jammer2nd] C:\WINDOWS\Jammer2nd.exe
+
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128438448234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128438440859
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
------------
tu colles un rapport d'ewido ici
ewido (dowload)
http://www.ewido.net/fr/download/
------------
tu colles un rapport de bitdef ici
http://www.bitdefender.fr/bd/site/search.php#
------------
Rapport ewido ci-dessous : ^^
__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________
Name: Not-A-Virus.RemoteAdmin.Win32.WinVNC.4
Path: C:\Program Files\RealVNC\VNC4\vncconfig.exe
Risk: High
Name: Not-A-Virus.RemoteAdmin.Win32.WinVNC.4
Path: C:\Program Files\RealVNC\VNC4\vncviewer.exe
Risk: High
rien de bien passionnant, surtout que j'utilise vnc en entreprise pour éviter de me déplacer ^^ dès que l'utilisatrice du pc n'est plus à son poste, je fais un scan bitdefender et je le poste...
__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________
Name: Not-A-Virus.RemoteAdmin.Win32.WinVNC.4
Path: C:\Program Files\RealVNC\VNC4\vncconfig.exe
Risk: High
Name: Not-A-Virus.RemoteAdmin.Win32.WinVNC.4
Path: C:\Program Files\RealVNC\VNC4\vncviewer.exe
Risk: High
rien de bien passionnant, surtout que j'utilise vnc en entreprise pour éviter de me déplacer ^^ dès que l'utilisatrice du pc n'est plus à son poste, je fais un scan bitdefender et je le poste...
