Svp, aidez moi, j'ai un virus, je sais pas...
nothing
Messages postés
17
Statut
Membre
-
bernie61 -
bernie61 -
Bonsoir, je crois, même je suis sûr que j'ai un virus, j'étais sur msn tranquillement ou tout d'un coup une petite fenetre en bas s'ouvre en me disant que j'ai un virus le tout en anglais. Ca me marque "your computer is infected....critical system error !......" et un petit icone s'est glissé dans ma barre du menu démarrer à droite, c'est un fauteil roulant vert, et un rond barré rouge, l'image change toutes les secondes à peu pret.
Et ma page de démarrage a changer, et impossible de remettre l'anciennce, j'ai celle ci : http://www.securityuptodate.net/
J'ai passé norton, ad aware, spybot mais toujours le problème.
Voici mon rapport HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 02:03:52, on 04/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
F:\MAX\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SkwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90F40FBD-BEE7-43D4-952A-EF39100E1CA0}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Un énorme merci à ceux qui pourront m'aider.
Et ma page de démarrage a changer, et impossible de remettre l'anciennce, j'ai celle ci : http://www.securityuptodate.net/
J'ai passé norton, ad aware, spybot mais toujours le problème.
Voici mon rapport HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 02:03:52, on 04/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
F:\MAX\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SkwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90F40FBD-BEE7-43D4-952A-EF39100E1CA0}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Un énorme merci à ceux qui pourront m'aider.
A voir également:
- Svp, aidez moi, j'ai un virus, je sais pas...
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
10 réponses
hello
installes et passe ces pgm et copie/colle les rapport ci dessous:
1. Installe ce nettoyeur CCLEANER https://www.ccleaner.com/ ou lien direct là http://www.filehippo.com/download_ccleaner.html (la flèche)
Tutorial là https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
2. Ewido http://users.skynet.be/BernieClub/index.html#antitrojan
3. scan BitDefender en ligne : https://www.bitdefender.com/toolbox/
4. scan Kaspersky en ligne : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
5. SmitfrauFix http://users.skynet.be/BernieClub/txt2.html#frau
6. un hijackthis http://users.skynet.be/BernieClub/index.html#hijackPROC
7. un autre navigateur comme Firefox http://www.mozilla-europe.org/fr/products/firefox/
bon boulot a+
installes et passe ces pgm et copie/colle les rapport ci dessous:
1. Installe ce nettoyeur CCLEANER https://www.ccleaner.com/ ou lien direct là http://www.filehippo.com/download_ccleaner.html (la flèche)
Tutorial là https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
2. Ewido http://users.skynet.be/BernieClub/index.html#antitrojan
3. scan BitDefender en ligne : https://www.bitdefender.com/toolbox/
4. scan Kaspersky en ligne : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
5. SmitfrauFix http://users.skynet.be/BernieClub/txt2.html#frau
6. un hijackthis http://users.skynet.be/BernieClub/index.html#hijackPROC
7. un autre navigateur comme Firefox http://www.mozilla-europe.org/fr/products/firefox/
bon boulot a+
Merci, mais je crains avoir encore ce virus.
Voici le rapport Bitdefender :
BitDefender Online Scanner
Scan report generated at: Sun, Jun 04, 2006 - 14:11:10
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;
Statistics
Time
01:00:08
Files
237325
Folders
4748
Boot Sectors
6
Archives
3250
Packed Files
19509
Results
Identified Viruses
6
Infected Files
10
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
16
Engines Info
Virus Definitions
386444
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
40
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4ACB6900.htm=>(Quarantine-2)
Infected with: Exploit.HelpXSite.Gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4ACB6900.htm=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4ACB6900.htm=>(Quarantine-2)
Deleted
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6D144C37.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.ON
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6D144C37.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6D144C37.exe=>(Quarantine-2)
Deleted
C:\RECYCLER\NPROTECT\00034880.htm=>(Quarantine-2)
Infected with: Exploit.HelpXSite.Gen
C:\RECYCLER\NPROTECT\00034880.htm=>(Quarantine-2)
Disinfection failed
C:\RECYCLER\NPROTECT\00034880.htm=>(Quarantine-2)
Deleted
C:\RECYCLER\NPROTECT\00034881.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.ON
C:\RECYCLER\NPROTECT\00034881.exe=>(Quarantine-2)
Disinfection failed
C:\RECYCLER\NPROTECT\00034881.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP106\A0044417.dll
Infected with: Trojan.Fakealert.CE
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP106\A0044417.dll
Disinfection failed
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP106\A0044417.dll
Deleted
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044441.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.ON
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044441.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044441.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe=>(Quarantine-2)=>(ZIP Sfx o)=>run.exe
Infected with: Trojan.Downloader.Small.MM
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe=>(Quarantine-2)=>(ZIP Sfx o)=>run.exe
Disinfection failed
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe=>(Quarantine-2)=>(ZIP Sfx o)=>run.exe
Deleted
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe=>(Quarantine-2)=>(ZIP Sfx o)
Updated
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe=>(Quarantine-2)
Update failed
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040726.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.ON
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040726.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040726.exe=>(Quarantine-2)
Deleted
C:\WINDOWS\system32\1024\ld18C1.tmp
Infected with: Dropped:Trojan.Fakealert.CE
C:\WINDOWS\system32\1024\ld18C1.tmp
Disinfection failed
C:\WINDOWS\system32\1024\ld18C1.tmp
Deleted
C:\WINDOWS\system32\regperf.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\WINDOWS\system32\regperf.exe
Disinfection failed
C:\WINDOWS\system32\regperf.exe
Deleted
Et le rapport HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 14:12:07, on 04/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\MAX\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SkwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O17 - HKLM\System\CCS\Services\Tcpip\..\{90F40FBD-BEE7-43D4-952A-EF39100E1CA0}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Voilà.
Voici le rapport Bitdefender :
BitDefender Online Scanner
Scan report generated at: Sun, Jun 04, 2006 - 14:11:10
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;
Statistics
Time
01:00:08
Files
237325
Folders
4748
Boot Sectors
6
Archives
3250
Packed Files
19509
Results
Identified Viruses
6
Infected Files
10
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
16
Engines Info
Virus Definitions
386444
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
40
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4ACB6900.htm=>(Quarantine-2)
Infected with: Exploit.HelpXSite.Gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4ACB6900.htm=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4ACB6900.htm=>(Quarantine-2)
Deleted
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6D144C37.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.ON
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6D144C37.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6D144C37.exe=>(Quarantine-2)
Deleted
C:\RECYCLER\NPROTECT\00034880.htm=>(Quarantine-2)
Infected with: Exploit.HelpXSite.Gen
C:\RECYCLER\NPROTECT\00034880.htm=>(Quarantine-2)
Disinfection failed
C:\RECYCLER\NPROTECT\00034880.htm=>(Quarantine-2)
Deleted
C:\RECYCLER\NPROTECT\00034881.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.ON
C:\RECYCLER\NPROTECT\00034881.exe=>(Quarantine-2)
Disinfection failed
C:\RECYCLER\NPROTECT\00034881.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP106\A0044417.dll
Infected with: Trojan.Fakealert.CE
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP106\A0044417.dll
Disinfection failed
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP106\A0044417.dll
Deleted
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044441.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.ON
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044441.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044441.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe=>(Quarantine-2)=>(ZIP Sfx o)=>run.exe
Infected with: Trojan.Downloader.Small.MM
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe=>(Quarantine-2)=>(ZIP Sfx o)=>run.exe
Disinfection failed
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe=>(Quarantine-2)=>(ZIP Sfx o)=>run.exe
Deleted
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe=>(Quarantine-2)=>(ZIP Sfx o)
Updated
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe=>(Quarantine-2)
Update failed
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040726.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.ON
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040726.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040726.exe=>(Quarantine-2)
Deleted
C:\WINDOWS\system32\1024\ld18C1.tmp
Infected with: Dropped:Trojan.Fakealert.CE
C:\WINDOWS\system32\1024\ld18C1.tmp
Disinfection failed
C:\WINDOWS\system32\1024\ld18C1.tmp
Deleted
C:\WINDOWS\system32\regperf.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\WINDOWS\system32\regperf.exe
Disinfection failed
C:\WINDOWS\system32\regperf.exe
Deleted
Et le rapport HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 14:12:07, on 04/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\MAX\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SkwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O17 - HKLM\System\CCS\Services\Tcpip\..\{90F40FBD-BEE7-43D4-952A-EF39100E1CA0}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Voilà.
Sunday, June 04, 2006 7:42:34 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 4/06/2006
Kaspersky Anti-Virus database records: 186545
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 60888
Number of viruses found 3
Number of infected objects 26
Number of suspicious objects 0
Duration of the scan process 00:46:28
Infected Object Name Virus Name Last Action
C:\RECYCLER\NPROTECT\00033583.exe Infected: Trojan-Downloader.Win32.Zlob.qz skipped
C:\RECYCLER\NPROTECT\00034889.exe Infected: Trojan-Downloader.Win32.Zlob.qz skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044445.exe/run.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044445.exe/run.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044445.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.qz skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044445.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044445.exe CryptFF: infected - 3 skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe/run.exe Infected: Trojan-Downloader.Win32.Small.ckj skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe CryptFF: infected - 1 skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040727.dll Infected: Trojan-Downloader.Win32.Zlob.lt skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040728.dll Infected: Trojan-Downloader.Win32.Zlob.lt skipped
F:\RECYCLER\NPROTECT\00000374.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
F:\RECYCLER\NPROTECT\00000374.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
F:\RECYCLER\NPROTECT\00000374.exe NSIS: infected - 2 skipped
F:\RECYCLER\NPROTECT\00000374.exe UPX: infected - 2 skipped
F:\RECYCLER\NPROTECT\00000374.exe PE_Patch.UPX: infected - 2 skipped
F:\RECYCLER\NPROTECT\00000377.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
F:\RECYCLER\NPROTECT\00000377.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
F:\RECYCLER\NPROTECT\00000377.exe NSIS: infected - 2 skipped
F:\RECYCLER\NPROTECT\00000377.exe UPX: infected - 2 skipped
F:\RECYCLER\NPROTECT\00000377.exe PE_Patch.UPX: infected - 2 skipped
F:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP106\A0044412.exe/run.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
F:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP106\A0044412.exe/run.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
F:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP106\A0044412.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.qz skipped
F:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP106\A0044412.exe ZIP: infected - 3 skipped
Scan process completed.
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 4/06/2006
Kaspersky Anti-Virus database records: 186545
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 60888
Number of viruses found 3
Number of infected objects 26
Number of suspicious objects 0
Duration of the scan process 00:46:28
Infected Object Name Virus Name Last Action
C:\RECYCLER\NPROTECT\00033583.exe Infected: Trojan-Downloader.Win32.Zlob.qz skipped
C:\RECYCLER\NPROTECT\00034889.exe Infected: Trojan-Downloader.Win32.Zlob.qz skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044445.exe/run.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044445.exe/run.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044445.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.qz skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044445.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP107\A0044445.exe CryptFF: infected - 3 skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe/run.exe Infected: Trojan-Downloader.Win32.Small.ckj skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040724.exe CryptFF: infected - 1 skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040727.dll Infected: Trojan-Downloader.Win32.Zlob.lt skipped
C:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP90\A0040728.dll Infected: Trojan-Downloader.Win32.Zlob.lt skipped
F:\RECYCLER\NPROTECT\00000374.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
F:\RECYCLER\NPROTECT\00000374.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
F:\RECYCLER\NPROTECT\00000374.exe NSIS: infected - 2 skipped
F:\RECYCLER\NPROTECT\00000374.exe UPX: infected - 2 skipped
F:\RECYCLER\NPROTECT\00000374.exe PE_Patch.UPX: infected - 2 skipped
F:\RECYCLER\NPROTECT\00000377.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
F:\RECYCLER\NPROTECT\00000377.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
F:\RECYCLER\NPROTECT\00000377.exe NSIS: infected - 2 skipped
F:\RECYCLER\NPROTECT\00000377.exe UPX: infected - 2 skipped
F:\RECYCLER\NPROTECT\00000377.exe PE_Patch.UPX: infected - 2 skipped
F:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP106\A0044412.exe/run.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
F:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP106\A0044412.exe/run.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.qz skipped
F:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP106\A0044412.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.qz skipped
F:\System Volume Information\_restore{A13F9970-710E-45D9-A81E-01224A79A73F}\RP106\A0044412.exe ZIP: infected - 3 skipped
Scan process completed.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Et l'autre rapport :
SmitFraudFix v2.53
Rapport fait à 19:53:08,76, 04/06/2006
Executé à partir de F:\MAX\Mes documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\dcomcfg.exe PRESENT !
C:\WINDOWS\system32\hp???.tmp PRESENT !
C:\WINDOWS\system32\hp????.tmp PRESENT !
C:\WINDOWS\system32\ld????.tmp PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\simpole.tlb PRESENT !
C:\WINDOWS\system32\stdole3.tlb PRESENT !
C:\WINDOWS\system32\1024\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MAX\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MAX\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.53
Rapport fait à 19:53:08,76, 04/06/2006
Executé à partir de F:\MAX\Mes documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\dcomcfg.exe PRESENT !
C:\WINDOWS\system32\hp???.tmp PRESENT !
C:\WINDOWS\system32\hp????.tmp PRESENT !
C:\WINDOWS\system32\ld????.tmp PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\simpole.tlb PRESENT !
C:\WINDOWS\system32\stdole3.tlb PRESENT !
C:\WINDOWS\system32\1024\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MAX\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MAX\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
re
ok courage... smitfrau maintenant
option 1 en mode normal
puis option 2 en mode sans échec
colles LES 2 rapports
a+
ok courage... smitfrau maintenant
option 1 en mode normal
puis option 2 en mode sans échec
colles LES 2 rapports
a+
SmitFraudFix v2.53
Rapport fait à 19:57:40,01, 04/06/2006
Executé à partir de F:\MAX\Mes documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\system32\dcomcfg.exe supprimé
C:\WINDOWS\system32\hp???.tmp supprimé
C:\WINDOWS\system32\ld????.tmp supprimé
C:\WINDOWS\system32\ot.ico supprimé
C:\WINDOWS\system32\simpole.tlb supprimé
C:\WINDOWS\system32\stdole3.tlb supprimé
C:\WINDOWS\system32\1024\ supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Et un ENORME MERCI à toi bernie61, je peux maintenant changer ma page de démarrage ;-)
Rapport fait à 19:57:40,01, 04/06/2006
Executé à partir de F:\MAX\Mes documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\system32\dcomcfg.exe supprimé
C:\WINDOWS\system32\hp???.tmp supprimé
C:\WINDOWS\system32\ld????.tmp supprimé
C:\WINDOWS\system32\ot.ico supprimé
C:\WINDOWS\system32\simpole.tlb supprimé
C:\WINDOWS\system32\stdole3.tlb supprimé
C:\WINDOWS\system32\1024\ supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Et un ENORME MERCI à toi bernie61, je peux maintenant changer ma page de démarrage ;-)
Logfile of HijackThis v1.99.1
Scan saved at 20:39:39, on 04/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Valve\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\MAX\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SkwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O17 - HKLM\System\CCS\Services\Tcpip\..\{90F40FBD-BEE7-43D4-952A-EF39100E1CA0}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Scan saved at 20:39:39, on 04/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Valve\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\MAX\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SkwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O17 - HKLM\System\CCS\Services\Tcpip\..\{90F40FBD-BEE7-43D4-952A-EF39100E1CA0}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
re
Relances Hijackthis et coche (puis FIX)
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
voilà je crois que c'est tout bon
tu peux désactiver la restauration, redémarrer, réactiver la restauration et créer un nouveau point de restauration
http://www.libellules.ch/desactiver_restauration.php
a+ et bon surf
Relances Hijackthis et coche (puis FIX)
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
voilà je crois que c'est tout bon
tu peux désactiver la restauration, redémarrer, réactiver la restauration et créer un nouveau point de restauration
http://www.libellules.ch/desactiver_restauration.php
a+ et bon surf
