Infection multiple
gerlachus
Messages postés
13
Statut
Membre
-
bernie61 -
bernie61 -
Bonjour,
Quelques malwares ont déclenché une alarme sur ma machine. J’ai effectué les démarches préliminaires. Je joins les rapports de Ewido, Bitdefender et Hijackthis.
Merci de bien vouloir m’aider.
Rapport Ewidoo
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 12:06:02, 20/05/2006
+ Somme de contrôle: C802E513
+ Résultats du scan:
C:\Documents and Settings\Yvonne\Cookies\yvonne@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@adtech[2].txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@advertising[1].txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@adviva[1].txt -> TrackingCookie.Adviva : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@banner.clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@bfast[2].txt -> TrackingCookie.Bfast : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@bilbo.counted[2].txt -> TrackingCookie.Counted : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@blackbox.weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@com[2].txt -> TrackingCookie.Com : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@crbanner.casinopays[1].txt -> TrackingCookie.Casinopays : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@data3.perf.overture[1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@edge.ru4[2].txt -> TrackingCookie.Ru4 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-adidas.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-bestwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-finaref.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-fragrancex.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-francetel.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-nvidia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-ricaud.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-yvesrocher.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@gde.adocean[2].txt -> TrackingCookie.Adocean : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@internetfuel[1].txt -> TrackingCookie.Internetfuel : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@linksynergy[1].txt -> TrackingCookie.Linksynergy : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@media.fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@microsofteup.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@overture[2].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@revenue[2].txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@valueclick[3].txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@wreport.weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@www.etracker[1].txt -> TrackingCookie.Etracker : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@yadro[2].txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@z1.adserver[1].txt -> TrackingCookie.Adserver : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@zedo[1].txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[1].jar/Counter.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[1].jar/VerifierBug.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[1].jar/Worker.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[1].jar/Xeyond.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/Counter.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/VerifierBug.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/web.exe -> Downloader.Small.cdh : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/Worker.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/Xeyond.class -> Trojan.Femad : Nettoyer et sauvegarder
::Fin du rapport
Rapport Bitdefender
BitDefender Online Scanner
Scan report generated at: Sat, May 20, 2006 - 12:56:45
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time 00:45:14
Files 427088
Folders 3784
Boot Sectors 5
Archives 1611
Packed Files 60711
Results
Identified Viruses 1
Infected Files 2
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 2
Engines Info
Virus Definitions 375787
Engine build AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins 13
Archive plugins 40
Unpack plugins 4
E-mail plugins 6
System plugins 1
Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes
Scanned File Status
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\09AZC9UB\df[1].0nr Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\09AZC9UB\df[1].0nr Disinfection failed
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\09AZC9UB\df[1].0nr Deleted
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\KD2705E7\e[1].0nr Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\KD2705E7\e[1].0nr Disinfection failed
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\KD2705E7\e[1].0nr Deleted
Logs Highjackthis
Logfile of HijackThis v1.99.1
Scan saved at 13:02:52, on 20/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\panne200506\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [CorelCorelDRAW10 Reminder] "C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Program Files\Corel\Graphics10\Register\NavLoad.ini"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [PDFSaver] C:\Program Files\Photos de Famille\PdfDrv\Install\PDFSaver.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBFA62BA-875E-490D-AA15-032A54C635CA}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Quelques malwares ont déclenché une alarme sur ma machine. J’ai effectué les démarches préliminaires. Je joins les rapports de Ewido, Bitdefender et Hijackthis.
Merci de bien vouloir m’aider.
Rapport Ewidoo
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 12:06:02, 20/05/2006
+ Somme de contrôle: C802E513
+ Résultats du scan:
C:\Documents and Settings\Yvonne\Cookies\yvonne@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@adtech[2].txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@advertising[1].txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@adviva[1].txt -> TrackingCookie.Adviva : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@banner.clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@bfast[2].txt -> TrackingCookie.Bfast : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@bilbo.counted[2].txt -> TrackingCookie.Counted : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@blackbox.weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@com[2].txt -> TrackingCookie.Com : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@crbanner.casinopays[1].txt -> TrackingCookie.Casinopays : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@data3.perf.overture[1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@edge.ru4[2].txt -> TrackingCookie.Ru4 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-adidas.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-bestwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-finaref.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-fragrancex.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-francetel.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-nvidia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-ricaud.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@ehg-yvesrocher.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@gde.adocean[2].txt -> TrackingCookie.Adocean : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@internetfuel[1].txt -> TrackingCookie.Internetfuel : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@linksynergy[1].txt -> TrackingCookie.Linksynergy : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@media.fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@microsofteup.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@overture[2].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@revenue[2].txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@valueclick[3].txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@wreport.weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@www.etracker[1].txt -> TrackingCookie.Etracker : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@yadro[2].txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@z1.adserver[1].txt -> TrackingCookie.Adserver : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Cookies\yvonne@zedo[1].txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[1].jar/Counter.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[1].jar/VerifierBug.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[1].jar/Worker.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[1].jar/Xeyond.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/Counter.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/VerifierBug.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/web.exe -> Downloader.Small.cdh : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/Worker.class -> Trojan.Femad : Nettoyer et sauvegarder
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\XCDI551B\jar[2].jar/Xeyond.class -> Trojan.Femad : Nettoyer et sauvegarder
::Fin du rapport
Rapport Bitdefender
BitDefender Online Scanner
Scan report generated at: Sat, May 20, 2006 - 12:56:45
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time 00:45:14
Files 427088
Folders 3784
Boot Sectors 5
Archives 1611
Packed Files 60711
Results
Identified Viruses 1
Infected Files 2
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 2
Engines Info
Virus Definitions 375787
Engine build AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins 13
Archive plugins 40
Unpack plugins 4
E-mail plugins 6
System plugins 1
Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes
Scanned File Status
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\09AZC9UB\df[1].0nr Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\09AZC9UB\df[1].0nr Disinfection failed
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\09AZC9UB\df[1].0nr Deleted
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\KD2705E7\e[1].0nr Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\KD2705E7\e[1].0nr Disinfection failed
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\KD2705E7\e[1].0nr Deleted
Logs Highjackthis
Logfile of HijackThis v1.99.1
Scan saved at 13:02:52, on 20/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\panne200506\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [CorelCorelDRAW10 Reminder] "C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Program Files\Corel\Graphics10\Register\NavLoad.ini"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [PDFSaver] C:\Program Files\Photos de Famille\PdfDrv\Install\PDFSaver.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBFA62BA-875E-490D-AA15-032A54C635CA}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
A voir également:
- Infection multiple
- Ecran multiple pc - Guide
- Excel cellule choix multiple - Guide
- Copier coller multiple - Guide
- Publication multiple instagram format - Guide
- Envoi sms multiple - Forum Samsung
3 réponses
hello
où en sont tes problèmes? car je ne vois rien de spécial
essaies aussi option 1 de ceci
SmitfrauFix http://users.skynet.be/BernieClub/txt2.html#frau
a+
où en sont tes problèmes? car je ne vois rien de spécial
essaies aussi option 1 de ceci
SmitfrauFix http://users.skynet.be/BernieClub/txt2.html#frau
a+
re
ton antivrus a mis le fichier en quarantaine?
là je vois rien à part peut être ceci qui pourrait être suspect
C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
à vérifier là http://www.virustotal.com/xhtml/index_en.html ou là https://virusscan.jotti.org/ fichier par fichier Parcourir puis SEND ou SUBMIT lance ce multiple scanneur antivirus)
a+
ton antivrus a mis le fichier en quarantaine?
là je vois rien à part peut être ceci qui pourrait être suspect
C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
à vérifier là http://www.virustotal.com/xhtml/index_en.html ou là https://virusscan.jotti.org/ fichier par fichier Parcourir puis SEND ou SUBMIT lance ce multiple scanneur antivirus)
a+
Après avoir effectué la phase préliminaire il me restait 4 virus détectés par Securitoo, j’ai effectué la procédure que tu m’as envoyée (Smithfraudfix).
Voila les 2 rapports Smith et les logs Highjack.
Merci
JJ
Rapport smith 1
SmitFraudFix v2.45
Rapport fait à 17:54:37,34, 20/05/2006
Executé à partir de C:\panne200506\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Yvonne\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Yvonne\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport smith 2
SmitFraudFix v2.45
Rapport fait à 18:01:28,07, 20/05/2006
Executé à partir de C:\panne200506\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Logs highjack
Logfile of HijackThis v1.99.1
Scan saved at 18:08:49, on 20/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\panne200506\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [CorelCorelDRAW10 Reminder] "C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Program Files\Corel\Graphics10\Register\NavLoad.ini"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [PDFSaver] C:\Program Files\Photos de Famille\PdfDrv\Install\PDFSaver.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBFA62BA-875E-490D-AA15-032A54C635CA}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Merci