Sujet Précédent Sujet Suivant

Infection multiple

Fermé
gerlachus Messages postés 13 Date d'inscription dimanche 14 août 2005 Statut Membre Dernière intervention 20 mai 2006 - 20 mai 2006 à 13:11
 bernie61 - 20 mai 2006 à 19:08
Bonjour,

Quelques malwares ont déclenché une alarme sur ma machine. J’ai effectué les démarches préliminaires. Je joins les rapports de Ewido, Bitdefender et Hijackthis.

Merci de bien vouloir m’aider.


Rapport Ewidoo

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 12:06:02, 20/05/2006
+ Somme de contrôle: C802E513

+ Résultats du scan:

C:\Documents and Settings\Yvonne\Cookies\yvonne@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@adtech[2].txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@advertising[1].txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@adviva[1].txt -> TrackingCookie.Adviva : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@banner.clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@bfast[2].txt -> TrackingCookie.Bfast : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@bilbo.counted[2].txt -> TrackingCookie.Counted : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@blackbox.weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@com[2].txt -> TrackingCookie.Com : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@crbanner.casinopays[1].txt -> TrackingCookie.Casinopays : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@data3.perf.overture[1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@edge.ru4[2].txt -> TrackingCookie.Ru4 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-adidas.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-bestwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-finaref.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-fragrancex.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-francetel.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-nvidia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-ricaud.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-yvesrocher.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@gde.adocean[2].txt -> TrackingCookie.Adocean : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@internetfuel[1].txt -> TrackingCookie.Internetfuel : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@linksynergy[1].txt -> TrackingCookie.Linksynergy : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@media.fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@microsofteup.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@overture[2].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@revenue[2].txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@valueclick[3].txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@wreport.weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@www.etracker[1].txt -> TrackingCookie.Etracker : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@yadro[2].txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@z1.adserver[1].txt -> TrackingCookie.Adserver : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@zedo[1].txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[1].jar/Counter.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[1].jar/VerifierBug.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[1].jar/Worker.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[1].jar/Xeyond.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/Counter.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/VerifierBug.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/web.exe -> Downloader.Small.cdh : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/Worker.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/Xeyond.class -> Trojan.Femad : Nettoyer et sauvegarder


::Fin du rapport




Rapport Bitdefender

BitDefender Online Scanner
Scan report generated at: Sat, May 20, 2006 - 12:56:45

Scan path: A:\;C:\;D:\;E:\;

Statistics
Time 00:45:14
Files 427088
Folders 3784
Boot Sectors 5
Archives 1611
Packed Files 60711

Results
Identified Viruses 1
Infected Files 2
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 2

Engines Info
Virus Definitions 375787
Engine build AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins 13
Archive plugins 40
Unpack plugins 4
E-mail plugins 6
System plugins 1

Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes


Scanned File Status
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\09AZC9UB\df[1].0nr Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\09AZC9UB\df[1].0nr Disinfection failed
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\09AZC9UB\df[1].0nr Deleted
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\KD2705E7\e[1].0nr Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\KD2705E7\e[1].0nr Disinfection failed
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\KD2705E7\e[1].0nr Deleted


Logs Highjackthis

Logfile of HijackThis v1.99.1
Scan saved at 13:02:52, on 20/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\panne200506\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [CorelCorelDRAW10 Reminder] "C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Program Files\Corel\Graphics10\Register\NavLoad.ini"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [PDFSaver] C:\Program Files\Photos de Famille\PdfDrv\Install\PDFSaver.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBFA62BA-875E-490D-AA15-032A54C635CA}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

3 réponses

Réponse 1 / 3
bernie61
20 mai 2006 à 13:15
hello
où en sont tes problèmes? car je ne vois rien de spécial

essaies aussi option 1 de ceci
SmitfrauFix http://users.skynet.be/BernieClub/txt2.html#frau

a+
0
gerlachus Messages postés 13 Date d'inscription dimanche 14 août 2005 Statut Membre Dernière intervention 20 mai 2006
20 mai 2006 à 18:14
Bonjour Bernie,
Après avoir effectué la phase préliminaire il me restait 4 virus détectés par Securitoo, j’ai effectué la procédure que tu m’as envoyée (Smithfraudfix).
Voila les 2 rapports Smith et les logs Highjack.

Merci
JJ

Rapport smith 1

SmitFraudFix v2.45

Rapport fait à 17:54:37,34, 20/05/2006
Executé à partir de C:\panne200506\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Yvonne\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Yvonne\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


Rapport smith 2

SmitFraudFix v2.45

Rapport fait à 18:01:28,07, 20/05/2006
Executé à partir de C:\panne200506\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin


Logs highjack

Logfile of HijackThis v1.99.1
Scan saved at 18:08:49, on 20/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\panne200506\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [CorelCorelDRAW10 Reminder] "C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Program Files\Corel\Graphics10\Register\NavLoad.ini"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [PDFSaver] C:\Program Files\Photos de Famille\PdfDrv\Install\PDFSaver.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBFA62BA-875E-490D-AA15-032A54C635CA}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Merci
0
Réponse 2 / 3
bernie61
20 mai 2006 à 18:35
re
ton antivrus a mis le fichier en quarantaine?
là je vois rien à part peut être ceci qui pourrait être suspect

C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe

à vérifier là http://www.virustotal.com/xhtml/index_en.html ou là https://virusscan.jotti.org/ fichier par fichier Parcourir puis SEND ou SUBMIT lance ce multiple scanneur antivirus)

a+
0
gerlachus Messages postés 13 Date d'inscription dimanche 14 août 2005 Statut Membre Dernière intervention 20 mai 2006
20 mai 2006 à 18:55
Merci Bernie

les virus ont disparu, le dernier scan est vierge.

Bon week-end et encore merci.

JJ
0
Réponse 3 / 3
bernie61
20 mai 2006 à 19:08
re
ok à toi aussi bon w-end et bon surf
a+
0

Discussions similaires

Pari multiple 2/5 explications
alicia 29 -
cha -

14 réponses
[ParionsSport] Paris multiple, une arnaque ?
yassoo26 -
Sekli -

9 réponses
Tableau excel paris sportif multiple
drean7 -
drean7 -

10 réponses
Paris Sportifs Combinés
Alex06 -
Functiona -

4 réponses
Bug sur les posts "multiples photos" uniquement
vanessahoo -
Pseudo... -

2 réponses