Analyser mon hijackthis svp, merci
Fermé
theoelliot
Messages postés
329
Date d'inscription
mercredi 11 mai 2005
Statut
Membre
Dernière intervention
21 octobre 2011
-
9 janv. 2006 à 16:18
Utilisateur anonyme - 11 janv. 2006 à 11:49
Utilisateur anonyme - 11 janv. 2006 à 11:49
A voir également:
- Analyser mon hijackthis svp, merci
- Hijackthis windows 10 - Télécharger - Antivirus & Antimalwares
- Analyser performance pc - Guide
- Svp analyse ✓ - Forum Virus / Sécurité
- Disk analyser - Télécharger - Divers Utilitaires
- Sidify impossible d'analyser le contenu de spotify - Forum Audio
27 réponses
tu peux supprimer sans problème le dossier C:\!KillBox, il a été crée par le prog killbox, c'est un dossier de sauvegarde en cas de fausses manips.
Pour les autres fichiers détectés par bitdef dans:
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
Rends visible les fichier cachés et système:
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider
sinon tu ne verra pas le dossier LocalService, ensuite, rends toi jusque dans le dossier Content.IE5 et supprime tous les dossiers qui se trouvent à l'intérieur.
Pour ceux trouvés dans C:\System Volume Information\_restore, il te suffis de désactiver et de réactiver la restauration système, cela supprimera tous les points de sauvegardes dont ceux crées pendant que le pc était infecté.
Désactive la restauration systéme.
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
clic sur ok pour valider
redemarre le pc et réactive là en recochant la case devant "désactiver la restauration système"
a+
Pour les autres fichiers détectés par bitdef dans:
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
Rends visible les fichier cachés et système:
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider
sinon tu ne verra pas le dossier LocalService, ensuite, rends toi jusque dans le dossier Content.IE5 et supprime tous les dossiers qui se trouvent à l'intérieur.
Pour ceux trouvés dans C:\System Volume Information\_restore, il te suffis de désactiver et de réactiver la restauration système, cela supprimera tous les points de sauvegardes dont ceux crées pendant que le pc était infecté.
Désactive la restauration systéme.
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
clic sur ok pour valider
redemarre le pc et réactive là en recochant la case devant "désactiver la restauration système"
a+
theoelliot
Messages postés
329
Date d'inscription
mercredi 11 mai 2005
Statut
Membre
Dernière intervention
21 octobre 2011
12
11 janv. 2006 à 09:51
11 janv. 2006 à 09:51
Bonjour,
J'ai tout fait et voici ce que donnent les rapports :
(en fait Bitdefender me dit que je suis toujours infectée, j'ai le moral qui capote .....)
BitDefender Online Scanner
Scan report generated at: Wed, Jan 11, 2006 - 09:43:52
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:12:40
Files
99798
Folders
1247
Boot Sectors
2
Archives
922
Packed Files
12108
Results
Identified Viruses
1
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
251089
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc10\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc10\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc10\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc10\d[1].exe=>(RAR Sfx o)
Update failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc11\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc11\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc11\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc11\d[1].exe=>(RAR Sfx o)
Update failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc12\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc12\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc12\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc12\d[1].exe=>(RAR Sfx o)
Update failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc6\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc6\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc6\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc6\dnmc10.exe=>(RAR Sfx o)
Update failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc9\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc9\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc9\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc9\d[1].exe=>(RAR Sfx o)
Update failed
Logfile of HijackThis v1.99.1
Scan saved at 09:30:18, on 11/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136924273687
O17 - HKLM\System\CCS\Services\Tcpip\..\{DABCC1E9-25B7-4789-B500-34DB104C3CE8}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
Merci
Elise
J'ai tout fait et voici ce que donnent les rapports :
(en fait Bitdefender me dit que je suis toujours infectée, j'ai le moral qui capote .....)
BitDefender Online Scanner
Scan report generated at: Wed, Jan 11, 2006 - 09:43:52
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:12:40
Files
99798
Folders
1247
Boot Sectors
2
Archives
922
Packed Files
12108
Results
Identified Viruses
1
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
251089
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc10\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc10\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc10\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc10\d[1].exe=>(RAR Sfx o)
Update failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc11\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc11\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc11\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc11\d[1].exe=>(RAR Sfx o)
Update failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc12\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc12\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc12\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc12\d[1].exe=>(RAR Sfx o)
Update failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc6\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc6\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc6\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc6\dnmc10.exe=>(RAR Sfx o)
Update failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc9\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc9\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc9\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc9\d[1].exe=>(RAR Sfx o)
Update failed
Logfile of HijackThis v1.99.1
Scan saved at 09:30:18, on 11/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136924273687
O17 - HKLM\System\CCS\Services\Tcpip\..\{DABCC1E9-25B7-4789-B500-34DB104C3CE8}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
Merci
Elise
Salut Elise
Tu avais vidé la poubelle avant de faire ton scan chez bitdef ?
C:\Recycler, c'est le dossier qui correspond à la poubelle...
a+
Tu avais vidé la poubelle avant de faire ton scan chez bitdef ?
C:\Recycler, c'est le dossier qui correspond à la poubelle...
a+
Salut Elise
Tu avais vidé la poubelle avant de faire ton scan chez bitdef ?
C:\Recycler, c'est le dossier qui correspond à la poubelle...
a+
Oups ! desolé pour le doublon
Tu avais vidé la poubelle avant de faire ton scan chez bitdef ?
C:\Recycler, c'est le dossier qui correspond à la poubelle...
a+
Oups ! desolé pour le doublon
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
theoelliot
Messages postés
329
Date d'inscription
mercredi 11 mai 2005
Statut
Membre
Dernière intervention
21 octobre 2011
12
11 janv. 2006 à 10:05
11 janv. 2006 à 10:05
Oups...........;
Je recommence big boss
Je recommence big boss
theoelliot
Messages postés
329
Date d'inscription
mercredi 11 mai 2005
Statut
Membre
Dernière intervention
21 octobre 2011
12
11 janv. 2006 à 11:27
11 janv. 2006 à 11:27
Je me suis contentée de vider ma corbeille et de refaire un scan chez Bitdefender et de refaire un Hitjackthis. je ne sais pas si cela aura suffit.........
Help!!!!!!!!!!!!!!!
Merci à vous tous
Elise
BitDefender Online Scanner
Scan report generated at: Wed, Jan 11, 2006 - 11:15:07
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:34:08
Files
243669
Folders
1612
Boot Sectors
2
Archives
1360
Packed Files
13450
Results
Identified Viruses
1
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
251089
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000009.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000009.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000009.exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000009.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000010.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000010.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000010.exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000010.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000013.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000013.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000013.exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000013.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000015.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000015.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000015.exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000015.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000017.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000017.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000017.exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000017.exe=>(RAR Sfx o)
Update failed
Logfile of HijackThis v1.99.1
Scan saved at 11:23:41, on 11/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136924273687
O17 - HKLM\System\CCS\Services\Tcpip\..\{DABCC1E9-25B7-4789-B500-34DB104C3CE8}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
Help!!!!!!!!!!!!!!!
Merci à vous tous
Elise
BitDefender Online Scanner
Scan report generated at: Wed, Jan 11, 2006 - 11:15:07
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:34:08
Files
243669
Folders
1612
Boot Sectors
2
Archives
1360
Packed Files
13450
Results
Identified Viruses
1
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
251089
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000009.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000009.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000009.exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000009.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000010.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000010.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000010.exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000010.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000013.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000013.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000013.exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000013.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000015.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000015.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000015.exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000015.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000017.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000017.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000017.exe=>(RAR Sfx o)=>tr.exe
Deleted
C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000017.exe=>(RAR Sfx o)
Update failed
Logfile of HijackThis v1.99.1
Scan saved at 11:23:41, on 11/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136924273687
O17 - HKLM\System\CCS\Services\Tcpip\..\{DABCC1E9-25B7-4789-B500-34DB104C3CE8}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
T'inquiètes, c'est la dernière ligne droite, lol
Désactive et réactive la restauration système, bitdef ne trouve que des points de restau infectés.
Désactive la restauration systéme.
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
clic sur ok pour valider
redemarre ton pc, refais un dernier scan chez bitdef et s'il ne trouve plus rien, à ce moment là, tu la reactive:
Clic droit sur poste de travail > propriétés > onglet restauration système
puis décocher "désactiver la restauration système".
a+
Désactive et réactive la restauration système, bitdef ne trouve que des points de restau infectés.
Désactive la restauration systéme.
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
clic sur ok pour valider
redemarre ton pc, refais un dernier scan chez bitdef et s'il ne trouve plus rien, à ce moment là, tu la reactive:
Clic droit sur poste de travail > propriétés > onglet restauration système
puis décocher "désactiver la restauration système".
a+
10 janv. 2006 à 23:15
J'essaie de voir si yen a qui ont le mm pb que moi, et je lisais tes conseils concernant les virus sur le systeme volume ci dessus..
penses tu que je devrais resactiver et reactiver la restauration également? (post sur virus trojan je sais plus quoi faire)
merci de ta réponse ;)