Analyse Hijack + ISTBar indélogeable !!!!
Catherine
-
Catherine -
Catherine -
Bonjour,
J'ai un problème récurrent avec ISTBar que je n'arrive pas à supprimer ni avec Spybot, ni avec a², ni avec ad-aware, ni en supprimant les clés de registre.
Merci de votre aide.
Pourriez-vous également analyser ce log Hi-jack ?
Logfile of HijackThis v1.99.0
Scan saved at 22:54:22, on 27/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\msnservex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\perfont.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\win32ssr.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noos.fr/abonnes.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [System Service] real.exe
O4 - HKLM\..\Run: [Personal Firewall V9] Firewall-UpdateV9.exe
O4 - HKLM\..\Run: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnservex.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [System Service] real.exe
O4 - HKLM\..\RunServices: [Personal Firewall V9] Firewall-UpdateV9.exe
O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnservex.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Personal Firewall V9] Firewall-UpdateV9.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\OFFICE\1036\PHDINTL.DLL/phdContext.htm
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125517162534
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O23 - Service: Canon Camera Access Library 8 - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Evaluation Service - Evalution Customer - C:\Program Files\Fichiers communs\Evalution Customer Shared\Service\Evaluation Service FileName.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: InCD File System Service - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Performance True Type Font - Unknown - C:\WINDOWS\System32\perfont.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Win32Sr - Unknown - C:\WINDOWS\win32ssr.exe
O23 - Service: Windows HWinfo Loader - Unknown - C:\WINDOWS\iexplre.exe (file missing)
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
J'ai un problème récurrent avec ISTBar que je n'arrive pas à supprimer ni avec Spybot, ni avec a², ni avec ad-aware, ni en supprimant les clés de registre.
Merci de votre aide.
Pourriez-vous également analyser ce log Hi-jack ?
Logfile of HijackThis v1.99.0
Scan saved at 22:54:22, on 27/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\msnservex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\perfont.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\win32ssr.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noos.fr/abonnes.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [System Service] real.exe
O4 - HKLM\..\Run: [Personal Firewall V9] Firewall-UpdateV9.exe
O4 - HKLM\..\Run: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnservex.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [System Service] real.exe
O4 - HKLM\..\RunServices: [Personal Firewall V9] Firewall-UpdateV9.exe
O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnservex.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Personal Firewall V9] Firewall-UpdateV9.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\OFFICE\1036\PHDINTL.DLL/phdContext.htm
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125517162534
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O23 - Service: Canon Camera Access Library 8 - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Evaluation Service - Evalution Customer - C:\Program Files\Fichiers communs\Evalution Customer Shared\Service\Evaluation Service FileName.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: InCD File System Service - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Performance True Type Font - Unknown - C:\WINDOWS\System32\perfont.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Win32Sr - Unknown - C:\WINDOWS\win32ssr.exe
O23 - Service: Windows HWinfo Loader - Unknown - C:\WINDOWS\iexplre.exe (file missing)
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
A voir également:
- Analyse Hijack + ISTBar indélogeable !!!!
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Échec de l'analyse antivirus. ✓ - Forum Antivirus
- Analyse et réparation disque dur externe - Guide
7 réponses
Bonsoir Catherine,
Je vois d'emblée que vous n'avez pas la dernière version de HijackThis.
1/ Scanne ton PC avec cet antivirus en ligne :
http://www.bitdefender.com/scan8/ie.html
Clique sur "I Agree" et scanne tout le PC.
Copie/colle le rapport sur le forum.
Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
2/ Télécharge HijackThis : http://www.01net.com/telecharger/windows/Internet/internet_utlitaire/fiches/29061.html
- Installe le dans son propre dossier.
Par exemple, C:\HijackThis
Choisis l'option "do a scan and a logfile", il va te générer un rapport, copie et colle sur le forum.
Regarde la démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Bonne nuit.
Je vois d'emblée que vous n'avez pas la dernière version de HijackThis.
1/ Scanne ton PC avec cet antivirus en ligne :
http://www.bitdefender.com/scan8/ie.html
Clique sur "I Agree" et scanne tout le PC.
Copie/colle le rapport sur le forum.
Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
2/ Télécharge HijackThis : http://www.01net.com/telecharger/windows/Internet/internet_utlitaire/fiches/29061.html
- Installe le dans son propre dossier.
Par exemple, C:\HijackThis
Choisis l'option "do a scan and a logfile", il va te générer un rapport, copie et colle sur le forum.
Regarde la démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Bonne nuit.
hello
attention
2 pare-feu !!
Personal Firewall V9 & Trend Micro Personal Firewall
donc ménage à faire
désactiver pour l analyse
TeaTimer.exe de Spybot
attention
2 pare-feu !!
Personal Firewall V9 & Trend Micro Personal Firewall
donc ménage à faire
désactiver pour l analyse
TeaTimer.exe de Spybot
Salut ara,
Je ne sais pas comme Toi, mais moi je ne vois pas uniquement le problème des deux firewalls installés, il y a également des infections et des mises à jour à effectuer !!
Je n'ai pas regardé son log entièrement, je me suis focalisé spécialement sur le début.
Je pense donc qu'un scan en ligne préliminaire ne fera pas de mal, suivit d'un nouveau log avec la dernière version HijackThis.
Tu as opéré une dernière intervention à 04h46 donc je pense que tu dois encore dormir.
Bonne nuit.
Je ne sais pas comme Toi, mais moi je ne vois pas uniquement le problème des deux firewalls installés, il y a également des infections et des mises à jour à effectuer !!
Je n'ai pas regardé son log entièrement, je me suis focalisé spécialement sur le début.
Je pense donc qu'un scan en ligne préliminaire ne fera pas de mal, suivit d'un nouveau log avec la dernière version HijackThis.
Tu as opéré une dernière intervention à 04h46 donc je pense que tu dois encore dormir.
Bonne nuit.
re kris
ns sommes ok
il faut au préalable nettoyer un max par des solutions simples
avant de s attaquer à l'hijack
oui , ai vu 1.99.0 a.l.d 1.99.1, sa version est obsoléte
suis resté tard cette nuit devant un blem de mémoire ou de dd,voire les 2 ensemble - le gros caca , quoi !
ns sommes ok
il faut au préalable nettoyer un max par des solutions simples
avant de s attaquer à l'hijack
oui , ai vu 1.99.0 a.l.d 1.99.1, sa version est obsoléte
suis resté tard cette nuit devant un blem de mémoire ou de dd,voire les 2 ensemble - le gros caca , quoi !
Bonjour,
Désolée du retard mais j'ai beaucoup de problèmes pour me connecter à Internet.
Voici le rapport Bitdefender (mais j'ai oublié de désactiver l'anti pop-up) :
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:18:55
Files
245189
Folders
3387
Boot Sectors
2
Archives
2868
Packed Files
28948
Results
Identified Viruses
24
Infected Files
32
Suspect Files
1
Warnings
0
Disinfected
0
Deleted Files
29
Engines Info
Virus Definitions
289403
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Infected with: Backdoor.RBot.28AF9287
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Deleted
C:\msnupdatess.exe=>(CAB Sfx r)
Update failed
C:\WINDOWS\SYSTEM32\o
Infected with: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\o
Disinfection failed
C:\WINDOWS\SYSTEM32\o
Delete failed
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
Infected with: Backdoor.SDBot.AMV
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
Disinfection failed
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
Deleted
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
Infected with: Trojan.Mutech.E
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
Disinfection failed
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
Deleted
C:\WINDOWS\SYSTEM32\TFTP1332
Infected with: Backdoor.Sdbot.MA
C:\WINDOWS\SYSTEM32\TFTP1332
Disinfection failed
C:\WINDOWS\SYSTEM32\TFTP1332
Deleted
C:\WINDOWS\SYSTEM32\c.bat
Infected with: Backdoor.BotGet.FtpA.Gen
C:\WINDOWS\SYSTEM32\c.bat
Deleted
C:\WINDOWS\SYSTEM32\.pif
Infected with: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\.pif
Deleted
C:\WINDOWS\SYSTEM32\1.bat
Infected with: Backdoor.BotGet.FtpA.Gen
C:\WINDOWS\SYSTEM32\1.bat
Deleted
C:\WINDOWS\SYSTEM32\i
Suspected of: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\i
Disinfection failed
C:\WINDOWS\SYSTEM32\i
Deleted
C:\WINDOWS\SYSTEM32\mpsys.exe
Infected with: Trojan.Dropper.Juntador.E
C:\WINDOWS\SYSTEM32\mpsys.exe
Deleted
C:\WINDOWS\SYSTEM32\.a
Infected with: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\.a
Deleted
C:\WINDOWS\SYSTEM32\SVKP.sys
Infected with: Backdoor.Rbot.CBD
C:\WINDOWS\SYSTEM32\SVKP.sys
Disinfection failed
C:\WINDOWS\SYSTEM32\SVKP.sys
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Infected with: Virtool.HiddenRun.C
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Infected with: Trojan.Flood.22016
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Detected with: Application.SlimFTP.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Infected with: Virtool.Xscan.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Infected with: MemScan:Virtool.HiddenRun.B
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Detected with: Application.Sniffer.DaSniff
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Infected with: Virtool.Xscan.Plugin
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Infected with: Trojan.Mirc.Flood.J
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Infected with: IRC-Worm.Randon.T
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ntvdmn.exe
Infected with: Backdoor.SDBot.838A8352
C:\WINDOWS\SYSTEM32\ntvdmn.exe
Deleted
C:\WINDOWS\SYSTEM32\perfont.exe
Infected with: Trojan.Mutech.E
C:\WINDOWS\SYSTEM32\perfont.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\perfont.exe
Delete failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Infected with: Backdoor.RBot.1ED74066
C:\WINDOWS\SYSTEM32\msnservex.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Delete failed
C:\WINDOWS\SYSTEM32\down.com
Infected with: Trojan.Dropper.Dos.Rute.D
C:\WINDOWS\SYSTEM32\down.com
Disinfection failed
C:\WINDOWS\SYSTEM32\down.com
Deleted
C:\WINDOWS\win32ssr.exe
Infected with: Backdoor.SDBot.AMV
C:\WINDOWS\win32ssr.exe
Disinfection failed
C:\WINDOWS\win32ssr.exe
Delete failed
C:\WINDOWS\HELP\Tours\van32.exe
Infected with: Virtool.HiddenRun.C
C:\WINDOWS\HELP\Tours\van32.exe
Disinfection failed
C:\WINDOWS\HELP\Tours\van32.exe
Deleted
C:\WINDOWS\HELP\Tours\dat\nt_user.dic
Infected with: Trojan.Mirc.Flood.J
C:\WINDOWS\HELP\Tours\dat\nt_user.dic
Disinfection failed
C:\WINDOWS\HELP\Tours\dat\nt_user.dic
Deleted
C:\U.exe
Infected with: Trojan.Mutech.E
C:\U.exe
Disinfection failed
C:\U.exe
Deleted
C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
Infected with: Trojan.Win95.Flashkiller
C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
Disinfection failed
C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.EI
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Backdoor.RBot.3DFE4021
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.DU
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Disinfection failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
Et voici le log Hijack :
Logfile of HijackThis v1.99.1
Scan saved at 22:07:12, on 01/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\msnservex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\perfont.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\win32ssr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP Client autorisé\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noos.fr/abonnes.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [System Service] real.exe
O4 - HKLM\..\Run: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnservex.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [System Service] real.exe
O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnservex.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\OFFICE\1036\PHDINTL.DLL/phdContext.htm
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125517162534
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Evaluation Service - Evalution Customer - C:\Program Files\Fichiers communs\Evalution Customer Shared\Service\Evaluation Service FileName.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe
O23 - Service: Windows HWinfo Loader - Unknown owner - C:\WINDOWS\iexplre.exe (file missing)
Merci de votre aide.
Désolée du retard mais j'ai beaucoup de problèmes pour me connecter à Internet.
Voici le rapport Bitdefender (mais j'ai oublié de désactiver l'anti pop-up) :
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:18:55
Files
245189
Folders
3387
Boot Sectors
2
Archives
2868
Packed Files
28948
Results
Identified Viruses
24
Infected Files
32
Suspect Files
1
Warnings
0
Disinfected
0
Deleted Files
29
Engines Info
Virus Definitions
289403
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Infected with: Backdoor.RBot.28AF9287
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Deleted
C:\msnupdatess.exe=>(CAB Sfx r)
Update failed
C:\WINDOWS\SYSTEM32\o
Infected with: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\o
Disinfection failed
C:\WINDOWS\SYSTEM32\o
Delete failed
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
Infected with: Backdoor.SDBot.AMV
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
Disinfection failed
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
Deleted
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
Infected with: Trojan.Mutech.E
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
Disinfection failed
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
Deleted
C:\WINDOWS\SYSTEM32\TFTP1332
Infected with: Backdoor.Sdbot.MA
C:\WINDOWS\SYSTEM32\TFTP1332
Disinfection failed
C:\WINDOWS\SYSTEM32\TFTP1332
Deleted
C:\WINDOWS\SYSTEM32\c.bat
Infected with: Backdoor.BotGet.FtpA.Gen
C:\WINDOWS\SYSTEM32\c.bat
Deleted
C:\WINDOWS\SYSTEM32\.pif
Infected with: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\.pif
Deleted
C:\WINDOWS\SYSTEM32\1.bat
Infected with: Backdoor.BotGet.FtpA.Gen
C:\WINDOWS\SYSTEM32\1.bat
Deleted
C:\WINDOWS\SYSTEM32\i
Suspected of: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\i
Disinfection failed
C:\WINDOWS\SYSTEM32\i
Deleted
C:\WINDOWS\SYSTEM32\mpsys.exe
Infected with: Trojan.Dropper.Juntador.E
C:\WINDOWS\SYSTEM32\mpsys.exe
Deleted
C:\WINDOWS\SYSTEM32\.a
Infected with: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\.a
Deleted
C:\WINDOWS\SYSTEM32\SVKP.sys
Infected with: Backdoor.Rbot.CBD
C:\WINDOWS\SYSTEM32\SVKP.sys
Disinfection failed
C:\WINDOWS\SYSTEM32\SVKP.sys
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Infected with: Virtool.HiddenRun.C
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Infected with: Trojan.Flood.22016
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Detected with: Application.SlimFTP.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Infected with: Virtool.Xscan.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Infected with: MemScan:Virtool.HiddenRun.B
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Detected with: Application.Sniffer.DaSniff
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Infected with: Virtool.Xscan.Plugin
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Infected with: Trojan.Mirc.Flood.J
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Infected with: IRC-Worm.Randon.T
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ntvdmn.exe
Infected with: Backdoor.SDBot.838A8352
C:\WINDOWS\SYSTEM32\ntvdmn.exe
Deleted
C:\WINDOWS\SYSTEM32\perfont.exe
Infected with: Trojan.Mutech.E
C:\WINDOWS\SYSTEM32\perfont.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\perfont.exe
Delete failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Infected with: Backdoor.RBot.1ED74066
C:\WINDOWS\SYSTEM32\msnservex.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Delete failed
C:\WINDOWS\SYSTEM32\down.com
Infected with: Trojan.Dropper.Dos.Rute.D
C:\WINDOWS\SYSTEM32\down.com
Disinfection failed
C:\WINDOWS\SYSTEM32\down.com
Deleted
C:\WINDOWS\win32ssr.exe
Infected with: Backdoor.SDBot.AMV
C:\WINDOWS\win32ssr.exe
Disinfection failed
C:\WINDOWS\win32ssr.exe
Delete failed
C:\WINDOWS\HELP\Tours\van32.exe
Infected with: Virtool.HiddenRun.C
C:\WINDOWS\HELP\Tours\van32.exe
Disinfection failed
C:\WINDOWS\HELP\Tours\van32.exe
Deleted
C:\WINDOWS\HELP\Tours\dat\nt_user.dic
Infected with: Trojan.Mirc.Flood.J
C:\WINDOWS\HELP\Tours\dat\nt_user.dic
Disinfection failed
C:\WINDOWS\HELP\Tours\dat\nt_user.dic
Deleted
C:\U.exe
Infected with: Trojan.Mutech.E
C:\U.exe
Disinfection failed
C:\U.exe
Deleted
C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
Infected with: Trojan.Win95.Flashkiller
C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
Disinfection failed
C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.EI
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Backdoor.RBot.3DFE4021
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.DU
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Disinfection failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
Et voici le log Hijack :
Logfile of HijackThis v1.99.1
Scan saved at 22:07:12, on 01/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\msnservex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\perfont.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\win32ssr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP Client autorisé\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noos.fr/abonnes.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [System Service] real.exe
O4 - HKLM\..\Run: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnservex.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [System Service] real.exe
O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnservex.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\OFFICE\1036\PHDINTL.DLL/phdContext.htm
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125517162534
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Evaluation Service - Evalution Customer - C:\Program Files\Fichiers communs\Evalution Customer Shared\Service\Evaluation Service FileName.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe
O23 - Service: Windows HWinfo Loader - Unknown owner - C:\WINDOWS\iexplre.exe (file missing)
Merci de votre aide.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
re
1/ IE est à màj via WindowsUpdate - ta version est obsoléte
2/fixe ces lignes
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125517162534
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
3/ démar+exécuter+tape services.msc+ok
dans le menu déroulant tu cherches
"Win32Sr"
"Windows HWinfo Loader "
tu désactives ces 2 programmes
4/poursuite de l audit aprés bouffer
1/ IE est à màj via WindowsUpdate - ta version est obsoléte
2/fixe ces lignes
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125517162534
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
3/ démar+exécuter+tape services.msc+ok
dans le menu déroulant tu cherches
"Win32Sr"
"Windows HWinfo Loader "
tu désactives ces 2 programmes
4/poursuite de l audit aprés bouffer
refais
http://www.bitdefender.fr/bd/site/search.php#
que je sache ce qui reste à enlever
colle rapport bien sur
http://www.bitdefender.fr/bd/site/search.php#
que je sache ce qui reste à enlever
colle rapport bien sur
Bonsoir,
Voici le rapport Bitdefender :
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:15:14
Files
245632
Folders
3398
Boot Sectors
2
Archives
2891
Packed Files
28973
Results
Identified Viruses
15
Infected Files
15
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
15
Engines Info
Virus Definitions
292665
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Infected with: Backdoor.RBot.28AF9287
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Deleted
C:\msnupdatess.exe=>(CAB Sfx r)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Infected with: Virtool.HiddenRun.C
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Infected with: Trojan.Flood.22016
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Detected with: Application.SlimFTP.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Infected with: Virtool.Xscan.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Infected with: MemScan:Virtool.HiddenRun.B
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Detected with: Application.Sniffer.DaSniff
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Infected with: Virtool.Xscan.Plugin
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Infected with: Trojan.Mirc.Flood.J
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Infected with: IRC-Worm.Randon.T
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Infected with: Backdoor.RBot.1ED74066
C:\WINDOWS\SYSTEM32\msnservex.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Delete failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
Infected with: Backdoor.SDBot.AMV
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.EI
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Backdoor.RBot.3DFE4021
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.DU
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Disinfection failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
Voici le rapport Bitdefender :
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:15:14
Files
245632
Folders
3398
Boot Sectors
2
Archives
2891
Packed Files
28973
Results
Identified Viruses
15
Infected Files
15
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
15
Engines Info
Virus Definitions
292665
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Infected with: Backdoor.RBot.28AF9287
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Deleted
C:\msnupdatess.exe=>(CAB Sfx r)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Infected with: Virtool.HiddenRun.C
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Infected with: Trojan.Flood.22016
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Detected with: Application.SlimFTP.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Infected with: Virtool.Xscan.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Infected with: MemScan:Virtool.HiddenRun.B
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Detected with: Application.Sniffer.DaSniff
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Infected with: Virtool.Xscan.Plugin
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Infected with: Trojan.Mirc.Flood.J
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Infected with: IRC-Worm.Randon.T
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Infected with: Backdoor.RBot.1ED74066
C:\WINDOWS\SYSTEM32\msnservex.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Delete failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
Infected with: Backdoor.SDBot.AMV
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.EI
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Backdoor.RBot.3DFE4021
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.DU
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Disinfection failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
