[Virus]Win32.Bagle.DG@mm+Trojan.dowloader
Nicomaque75
Messages postés
6
Statut
Membre
-
incognito02 Messages postés 3487 Statut Contributeur -
incognito02 Messages postés 3487 Statut Contributeur -
Bonjour!
j'ai deux virus qui sont Win32.Bagle.DG@mm et Trojan.dowloader.bagle.f
Que faire?
il se cachent, puis réaparaissent, depuis hier soir, et j'ai essayé différents programmes de désinfections, et différents antivirus, seul Bitfender est capable de leur donner un nom, mais il ne peut pas les supprimer. Avast les supprime, mais ils reviennent. ça m'a supprimé tout mon carnet d'adresse, et il semblerait qu'il y en ai un troisièmre mais je ne le vois pas. Il s'agit visiblement de deux fois le même virus...le second serait de nouveau Win 32.
Que faire?
d'avance, merci
j'ai deux virus qui sont Win32.Bagle.DG@mm et Trojan.dowloader.bagle.f
Que faire?
il se cachent, puis réaparaissent, depuis hier soir, et j'ai essayé différents programmes de désinfections, et différents antivirus, seul Bitfender est capable de leur donner un nom, mais il ne peut pas les supprimer. Avast les supprime, mais ils reviennent. ça m'a supprimé tout mon carnet d'adresse, et il semblerait qu'il y en ai un troisièmre mais je ne le vois pas. Il s'agit visiblement de deux fois le même virus...le second serait de nouveau Win 32.
Que faire?
d'avance, merci
A voir également:
- [Virus]Win32.Bagle.DG@mm+Trojan.dowloader
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
8 réponses
Il s'agit en fait de TROJ_GALAPOPER.J
J'ai essayé de le virer du registre, mais je doute qu'il soit pour autant définitivement mort...
J'ai essayé de le virer du registre, mais je doute qu'il soit pour autant définitivement mort...
Voici le rapport de Bit Defender:
BitDefender Online Scanner
Scan report generated at: Wed, Dec 28, 2005 - 15:42:05
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
02:01:36
Files
102646
Folders
1528
Boot Sectors
3
Archives
4981
Packed Files
9769
Results
Identified Viruses
5
Infected Files
6
Suspect Files
1
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
248733
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip=>20_price.exe
Infected with: Win32.Bagle.DG@mm
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip=>20_price.exe
Deleted
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\vinou.dbx=>(message 93)
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\vinou.dbx
Update failed
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip=>1.exe
Infected with: Trojan.Downloader.Bagle.F
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip=>1.exe
Disinfection failed
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip=>1.exe
Deleted
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\Éléments supprimés (2).dbx=>(message 4)
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\Éléments supprimés (2).dbx
Update failed
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\vinou.dbx=>(message 18)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip=>20_price.exe
Infected with: Win32.Bagle.DG@mm
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\vinou.dbx=>(message 18)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip=>20_price.exe
Deleted
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\vinou.dbx=>(message 18)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\vinou.dbx=>(message 18)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\vinou.dbx=>(message 18)
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\vinou.dbx
Update failed
C:\WINDOWS\system32\paytime.exe
Suspected of: BehavesLike:Trojan.StartPage
C:\WINDOWS\system32\paytime.exe
Disinfection failed
C:\WINDOWS\system32\paytime.exe
Delete failed
C:\WINDOWS\system32\sywsvcs.exe
Infected with: Trojan.Galapoper.A
C:\WINDOWS\system32\sywsvcs.exe
Disinfection failed
C:\WINDOWS\system32\sywsvcs.exe
Delete failed
D:\Outlook Express\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip=>20_price.exe
Infected with: Win32.Bagle.DG@mm
D:\Outlook Express\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip=>20_price.exe
Deleted
D:\Outlook Express\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip
Updated
D:\Outlook Express\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)
Updated
D:\Outlook Express\vinou.dbx=>(message 93)
Updated
D:\Outlook Express\vinou.dbx
Update failed
D:\Outlook Express\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip=>1.exe
Infected with: Trojan.Downloader.Bagle.F
D:\Outlook Express\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip=>1.exe
Disinfection failed
D:\Outlook Express\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip=>1.exe
Deleted
D:\Outlook Express\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip
Updated
D:\Outlook Express\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)
Updated
D:\Outlook Express\Éléments supprimés (2).dbx=>(message 4)
Updated
D:\Outlook Express\Éléments supprimés (2).dbx
Update failed
BitDefender Online Scanner
Scan report generated at: Wed, Dec 28, 2005 - 15:42:05
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
02:01:36
Files
102646
Folders
1528
Boot Sectors
3
Archives
4981
Packed Files
9769
Results
Identified Viruses
5
Infected Files
6
Suspect Files
1
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
248733
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip=>20_price.exe
Infected with: Win32.Bagle.DG@mm
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip=>20_price.exe
Deleted
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\vinou.dbx=>(message 93)
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\vinou.dbx
Update failed
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip=>1.exe
Infected with: Trojan.Downloader.Bagle.F
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip=>1.exe
Disinfection failed
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip=>1.exe
Deleted
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\Éléments supprimés (2).dbx=>(message 4)
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\test\Éléments supprimés (2).dbx
Update failed
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\vinou.dbx=>(message 18)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip=>20_price.exe
Infected with: Win32.Bagle.DG@mm
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\vinou.dbx=>(message 18)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip=>20_price.exe
Deleted
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\vinou.dbx=>(message 18)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\vinou.dbx=>(message 18)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\vinou.dbx=>(message 18)
Updated
C:\Documents and Settings\Gerard\Local Settings\Application Data\Identities\{304A7642-BD80-4715-A639-B289FF10603E}\Microsoft\Outlook Express\vinou.dbx
Update failed
C:\WINDOWS\system32\paytime.exe
Suspected of: BehavesLike:Trojan.StartPage
C:\WINDOWS\system32\paytime.exe
Disinfection failed
C:\WINDOWS\system32\paytime.exe
Delete failed
C:\WINDOWS\system32\sywsvcs.exe
Infected with: Trojan.Galapoper.A
C:\WINDOWS\system32\sywsvcs.exe
Disinfection failed
C:\WINDOWS\system32\sywsvcs.exe
Delete failed
D:\Outlook Express\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip=>20_price.exe
Infected with: Win32.Bagle.DG@mm
D:\Outlook Express\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip=>20_price.exe
Deleted
D:\Outlook Express\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)=>newprice.zip
Updated
D:\Outlook Express\vinou.dbx=>(message 93)=>[Subject: ][Date: Tue, 20 Sep 2005 16:21:15 +0000]=>(MIME part)
Updated
D:\Outlook Express\vinou.dbx=>(message 93)
Updated
D:\Outlook Express\vinou.dbx
Update failed
D:\Outlook Express\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip=>1.exe
Infected with: Trojan.Downloader.Bagle.F
D:\Outlook Express\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip=>1.exe
Disinfection failed
D:\Outlook Express\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip=>1.exe
Deleted
D:\Outlook Express\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)=>Sindony.zip
Updated
D:\Outlook Express\Éléments supprimés (2).dbx=>(message 4)=>[Subject: Martha][Date: Wed, 23 Nov 2005 18:17:45 +0300]=>(MIME part)
Updated
D:\Outlook Express\Éléments supprimés (2).dbx=>(message 4)
Updated
D:\Outlook Express\Éléments supprimés (2).dbx
Update failed
salut
nettoie ton ordi avec ceci
logiciel CCLEANER là http://www.ccleaner.com/
Et tutorial là http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ensuite relance un antivirus en mode sans échec ou mode VGA
a+
nettoie ton ordi avec ceci
logiciel CCLEANER là http://www.ccleaner.com/
Et tutorial là http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ensuite relance un antivirus en mode sans échec ou mode VGA
a+
Merci.J'ai installé le logiciel, et j'ai fait un nettoyage, et j'ai bloqué le processus du virus, dans la barre de tâche, mais pour le moment, je ne suis pas sûr qu'il soit supprimé. Je ne sais pas comment on démarre avast en mode sans échec, pouvez vous m'expliquer svp?
Voici le rapport de hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:13:29, on 28/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\sywsvcs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW09.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gerard\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis_199[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [HcTSC] C:\WINDOWS\TSC.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07E1C33C-C3D3-4105-9E12-0F00249A0A3E}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{07E1C33C-C3D3-4105-9E12-0F00249A0A3E}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Gerard\LOCALS~1\Temp\hpdj.exe (file missing)
Voici le rapport de hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:13:29, on 28/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\sywsvcs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW09.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gerard\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis_199[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [HcTSC] C:\WINDOWS\TSC.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07E1C33C-C3D3-4105-9E12-0F00249A0A3E}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{07E1C33C-C3D3-4105-9E12-0F00249A0A3E}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Gerard\LOCALS~1\Temp\hpdj.exe (file missing)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir,
telecharge SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
Relance hijackthis et colle un nouveau log ici.
Bonne nuit.
A+
telecharge SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
Relance hijackthis et colle un nouveau log ici.
Bonne nuit.
A+
SmitFraudFix v2.10
Rapport fait à 23:14:25,11 le 28/12/2005
Executé à partir de C:\Documents and Settings\Gerard\Local Settings\Temporary Internet Files\Content.IE5\IKK7ID87\SmitfraudFix[1]\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\
C:\secure32.html PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS
C:\WINDOWS\kl.exe PRESENT !
C:\WINDOWS\secure32.html PRESENT !
C:\WINDOWS\tool1.exe PRESENT !
C:\WINDOWS\tool4.exe PRESENT !
C:\WINDOWS\tool5.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
C:\WINDOWS\system32\sywsvcs.exe PRESENT !
C:\WINDOWS\system32\zlbw.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Gerard\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files
C:\Program Files\SpySheriff\ PRESENT!
»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
Rapport fait à 23:14:25,11 le 28/12/2005
Executé à partir de C:\Documents and Settings\Gerard\Local Settings\Temporary Internet Files\Content.IE5\IKK7ID87\SmitfraudFix[1]\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\
C:\secure32.html PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS
C:\WINDOWS\kl.exe PRESENT !
C:\WINDOWS\secure32.html PRESENT !
C:\WINDOWS\tool1.exe PRESENT !
C:\WINDOWS\tool4.exe PRESENT !
C:\WINDOWS\tool5.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
C:\WINDOWS\system32\sywsvcs.exe PRESENT !
C:\WINDOWS\system32\zlbw.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Gerard\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files
C:\Program Files\SpySheriff\ PRESENT!
»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
SmitFraudFix v2.10
Rapport fait à 0:22:55,99 le 29/12/2005
Executé à partir de C:\Documents and Settings\Gerard\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\secure32.html supprimé
C:\WINDOWS\kl.exe supprimé
C:\WINDOWS\secure32.html supprimé
C:\WINDOWS\tool1.exe supprimé
C:\WINDOWS\tool4.exe supprimé
C:\WINDOWS\tool5.exe supprimé
C:\WINDOWS\system32\sywsvcs.exe supprimé
C:\WINDOWS\system32\zlbw.dll supprimé
C:\Program Files\SpySheriff\ supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
Logfile of HijackThis v1.99.1
Scan saved at 22:13:29, on 28/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\sywsvcs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW09.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gerard\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis_199[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [HcTSC] C:\WINDOWS\TSC.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07E1C33C-C3D3-4105-9E12-0F00249A0A3E}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{07E1C33C-C3D3-4105-9E12-0F00249A0A3E}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Gerard\LOCALS~1\Temp\hpdj.exe (file missing)
Rapport fait à 0:22:55,99 le 29/12/2005
Executé à partir de C:\Documents and Settings\Gerard\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\secure32.html supprimé
C:\WINDOWS\kl.exe supprimé
C:\WINDOWS\secure32.html supprimé
C:\WINDOWS\tool1.exe supprimé
C:\WINDOWS\tool4.exe supprimé
C:\WINDOWS\tool5.exe supprimé
C:\WINDOWS\system32\sywsvcs.exe supprimé
C:\WINDOWS\system32\zlbw.dll supprimé
C:\Program Files\SpySheriff\ supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
Logfile of HijackThis v1.99.1
Scan saved at 22:13:29, on 28/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\sywsvcs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW09.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gerard\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis_199[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [HcTSC] C:\WINDOWS\TSC.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07E1C33C-C3D3-4105-9E12-0F00249A0A3E}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{07E1C33C-C3D3-4105-9E12-0F00249A0A3E}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Gerard\LOCALS~1\Temp\hpdj.exe (file missing)
