Rapport Ewido/ Bitdefender/Hijackthis

Fermé
danslamouise - 26 juil. 2006 à 22:13
 Utilisateur anonyme - 27 juil. 2006 à 13:39
Salut à tous,

tout d'abord, merci à tous ceux qui contribuent au site et qui prennent un peu de temps à aider ceux qui galere un peu...
Voila mon petit pb, j ai un pop up qui s affiche en bas de mon ecran, genre "virus alert, computer infected et cie"
Donc j ai suivi la procedure
"Méthode préliminaire de désinfection " que j ai trouvé sur le site histoire de me debarrasser de tout parasite et j ai généré les fichiers codes.

voila donc les 3 logs

Un enorme merci à celui ou celle qui pourra m aider

bonne soirée à tous

Pierre

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:41:37 26/07/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{5753791b-f607-48ca-814e-91c14d081f9e} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ee2975b6-e8d5-405e-8448-8fe9590f6cfb} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5753791b-f607-48ca-814e-91c14d081f9e} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1606980848-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5753791B-F607-48CA-814E-91C14D081F9E} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Adverts\uninst.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\moi\Mes documents\Amaury Squattage\Mes documents\Mes fichiers reçus\Messenger Plus! - Setup.exe/70000011.exe -> Downloader.Swizzor.af : Cleaned with backup (quarantined).
C:\Documents and Settings\moi\Local Settings\Temp\tmp21D.tmp -> Not-A-Virus.Hoax.Win32.Renos.dw : Ignored.
C:\WINDOWS\system32\__delete_on_reboot__m_z_o_e_u_t_._d_l_l_ -> Not-A-Virus.Hoax.Win32.Renos.dw : Ignored.
[1832] C:\WINDOWS\system32\mzoeut.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Ignored.
:mozilla.23:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\moi\Cookies\moi@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.45:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\moi\Cookies\moi@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\S-1-5-21-1606980848-162531612-725345543-1003\Dc61.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.18:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.6:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.37:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.38:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.39:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.40:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.41:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.44:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.46:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.20:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.21:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.22:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\moi\Cookies\moi@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\S-1-5-21-1606980848-162531612-725345543-1003\Dc66.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.16:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.17:C:\Documents and Settings\moi\Application Data\Mozilla\Firefox\Profiles\m12ket6h.Amaury\cookies.txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\moi\Cookies\moi@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.


::Report end

BitDefender Online Scanner - Real Time Virus Report



Generated at: Wed, Jul 26, 2006 - 20:07:59


--------------------------------------------------------------------------------





Scan Info



Scanned Files
412866

Infected Files
92








Virus Detected



Exploit.Html.MhtRedir.Gen
1

Trojan.Downloader.Delf.KS
4

Exploit.Win32.WMF-PFV
1

Win32.Bagle.Z@mm
6

Trojan.Flooder.Vb.X
1

Win32.Netsky.Y@mm
1

Win32.Netsky.D@mm
51

Win32.Netsky.AC@mm
18

Trojan.FakeAlert.CO
2

Win32.Plexus.B@mm
1

Win32.Netsky.P@mm
3

Win32.Bagle.AA@mm
1

Win32.Mydoom.M@mm
1

Win32.Bagle.Bd@mm.Dam.1
1










--------------------------------------------------------------------------------



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world

Logfile of HijackThis v1.99.1
Scan saved at 20:58:02, on 26/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Documents and Settings\moi\Mes documents\NetWatcherPro(pour controler les gens sur son partage)\NetWatcherPro.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://cache.rez-gif.supelec.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .rez-gif.supelec.fr;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\WDM\stacmon.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NetWatcherPro] C:\Documents and Settings\moi\Mes documents\NetWatcherPro(pour controler les gens sur son partage)\NetWatcherPro.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Efface Historique 2.0] C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE -s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
A voir également:

3 réponses

Utilisateur anonyme
27 juil. 2006 à 10:54
Bonjour !

les rapports générés sont d'une très grande utilité et nous allons pouvoir passer directement à la désinfection mais avant, il faudrait invalider Norton qui est inefficace et installer un bon parefeu.


Voici quelques liens : securite proteger un ordinateur contre les malwares d internet

Maintenant, relance une analyse avec Ewido et cliquer sur "delete all"

Installer Smifraudfix (mise à jur régulière) : http://siri.urz.free.fr/Fix/ScreenShot.php (Merci Régis59 !)

Refaire la méthode de désinfection et coller les 3 rapports afin qu'il ne reste absolument plus rien

Au travail et à +++

Bonne journée !



0
merci beaucoup, je me met au travail dés maintenant !

bye

Pierre
0
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
27 juil. 2006 à 11:44
Salut

Petit complément qui me permettra de suivre la conversation:

Le lien de telechargement de smifraudfix est celui ci:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Choisir l option 1 et copier coller le rapport sur le forum

A+
;-)
0
Utilisateur anonyme
27 juil. 2006 à 13:39
Ci-après, un lien qui te perettra de comprende un HJT :
http://entraide.aceboard.fr/
N'oublie pas de t'inscrire et nous serons là pour aider tout le monde, y compris les débutants (comme moi)

Surtout, suis bien les cours et zou, ça roule !

Ceci exposé, tu peux avoir une totale confiance en Régis !
0