[Dialer] Programme indésirable
Fermé
Altäriel
Messages postés
43
Date d'inscription
lundi 17 juillet 2006
Statut
Membre
Dernière intervention
26 octobre 2006
-
24 août 2006 à 10:24
Kristopher Messages postés 3731 Date d'inscription vendredi 18 novembre 2005 Statut Contributeur Dernière intervention 10 juillet 2009 - 18 oct. 2006 à 19:30
Kristopher Messages postés 3731 Date d'inscription vendredi 18 novembre 2005 Statut Contributeur Dernière intervention 10 juillet 2009 - 18 oct. 2006 à 19:30
A voir également:
- [Dialer] Programme indésirable
- Programme demarrage windows 10 - Guide
- Programme démarrage windows 10 - Guide
- Mail indésirable - Guide
- Fichier ouvert dans un autre programme - Guide
- Desinstaller un programme - Guide
20 réponses
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
105
24 août 2006 à 13:33
24 août 2006 à 13:33
Hello
1/ Si tu n'en n'as pas, télécharge absolument un firewall.
Par exemple, Sunbelt Kerio Personal Firewall : https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html
Tutorial là : https://forums.cnetfrance.fr
2/ Télécharge et nettoie ton PC avec CCLEANER :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Utilisation : Dans l'onglet "Nettoyeur" cliquez sur "Analyse". Une fois l'analyse terminée, cliquez sur "Lancer le Nettoyage".
Ensuite, dans l'onglet "Erreurs" cliquez sur "Chercher des erreurs" puis, avant de cliquer sur "Réparer les erreurs sélectionnées" effectuez une sauvegarde de votre registre (comme proposé).
3/ Lance Ewido et mets le logiciel à jour (clique sur "Start update").
Effectue un scan complet du PC (choisis "Complete System Scan").
Copie/colle le rapport
4/ Scanne ton PC avec cet antivirus en ligne :
https://www.bitdefender.com/toolbox/
Clique sur "I Agree" et scanne tout le PC.
Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
Copie/colle le rapport sur le forum.
5/ Remets un nouveau log HijackThis.
Courage, Kristopher
1/ Si tu n'en n'as pas, télécharge absolument un firewall.
Par exemple, Sunbelt Kerio Personal Firewall : https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html
Tutorial là : https://forums.cnetfrance.fr
2/ Télécharge et nettoie ton PC avec CCLEANER :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Utilisation : Dans l'onglet "Nettoyeur" cliquez sur "Analyse". Une fois l'analyse terminée, cliquez sur "Lancer le Nettoyage".
Ensuite, dans l'onglet "Erreurs" cliquez sur "Chercher des erreurs" puis, avant de cliquer sur "Réparer les erreurs sélectionnées" effectuez une sauvegarde de votre registre (comme proposé).
3/ Lance Ewido et mets le logiciel à jour (clique sur "Start update").
Effectue un scan complet du PC (choisis "Complete System Scan").
Copie/colle le rapport
4/ Scanne ton PC avec cet antivirus en ligne :
https://www.bitdefender.com/toolbox/
Clique sur "I Agree" et scanne tout le PC.
Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
Copie/colle le rapport sur le forum.
5/ Remets un nouveau log HijackThis.
Courage, Kristopher
Altäriel
Messages postés
43
Date d'inscription
lundi 17 juillet 2006
Statut
Membre
Dernière intervention
26 octobre 2006
24 août 2006 à 18:06
24 août 2006 à 18:06
Re, voivi les rapport :
Ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 16:56:36 24/08/2006
+ Scan result:
HKU\S-1-5-21-1708537768-1644491937-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1708537768-1644491937-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\aѕsembly\wυauboot.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mmc.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
[2424] C:\Program Files\aѕsembly\wυauboot.exe -> Adware.PurityScan : Error during cleaning.
:mozilla.12:C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.13:C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.9:C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.11:C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\your user name\Cookies\your user name@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
*****
Bit defender :
Statistics
Time
00:58:39
Files
296129
Folders
3962
Boot Sectors
2
Archives
1851
Packed Files
43388
Results
Identified Viruses
21
Infected Files
66
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
64
Engines Info
Virus Definitions
450539
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
39
Unpack plugins
5
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\BOYQFANL\srvagp[1].exe
Infected with: Trojan.PornDialer.K
C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\BOYQFANL\srvagp[1].exe
Disinfection failed
C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\BOYQFANL\srvagp[1].exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075245.dll
Infected with: Trojan.Zlob.AZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075245.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075246.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075246.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075246.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075319.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075319.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075319.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075320.dll
Infected with: Trojan.Zlob.AZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075320.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075680.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075680.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075680.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075681.dll
Infected with: Trojan.Zlob.AZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075681.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076625.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076625.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076625.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076626.dll
Infected with: Trojan.Zlob.AZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076626.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076641.exe
Infected with: Trojan.CLSpring.BD
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076641.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076641.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077624.dll
Infected with: Trojan.Zlob.AZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077624.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077625.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077625.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077625.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077641.dll
Infected with: Trojan.Zlob.AZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077641.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077642.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077642.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077642.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077647.exe
Infected with: Trojan.Zlob.AZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077647.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077647.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077648.exe
Infected with: Trojan.Agent.TC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077648.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077648.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077666.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077666.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077666.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077667.dll
Infected with: Trojan.Downloader.Zlob.ZC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077667.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077667.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077717.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077717.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077717.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077718.dll
Infected with: Trojan.Downloader.Zlob.ZC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077718.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077718.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077731.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077731.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077731.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077732.dll
Infected with: Trojan.Downloader.Zlob.ZC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077732.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077732.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077743.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077743.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077743.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077744.dll
Infected with: Trojan.Downloader.Zlob.ZC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077744.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077744.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077811.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077811.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077811.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077812.dll
Infected with: Trojan.Downloader.Zlob.ZC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077812.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077812.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077974.exe
Infected with: Trojan.Zlob.BA
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077974.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077975.exe
Infected with: Trojan.Downloader.Zlob.ZC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077975.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077975.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077976.dll
Infected with: Trojan.Downloader.Zlob.ZC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077976.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077976.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077981.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077981.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077981.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077982.dll
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077982.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077982.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078001.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078001.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078001.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078002.dll
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078002.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078002.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078009.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078009.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078009.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078010.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078010.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078010.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078011.exe
Infected with: Trojan.Downloader.Zlob.SV
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078011.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078011.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078012.exe
Infected with: Trojan.Downloader.Zlob.SZD
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078012.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078012.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078013.dll
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078013.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078013.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078155.exe
Infected with: Trojan.Starter.V
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078155.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078155.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078156.exe
Infected with: Trojan.Downloader.Purityscan.CO
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078156.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078156.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078157.dll
Infected with: Trojan.FakeAlert.CO
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078157.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078157.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078185.exe
Infected with: Trojan.Downloader.Purityscan.CO
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078185.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078185.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP301\A0078798.exe
Infected with: Trojan.Downloader.Purityscan.CO
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP301\A0078798.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP301\A0078798.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081198.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081198.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081198.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081199.dll
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081199.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081199.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081203.exe
Infected with: Trojan.Downloader.Zlob.TZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081203.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081203.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081205.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081205.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081205.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081206.dll
Infected with: Trojan.Agent.TH
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081206.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081206.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081207.bat
Detected with: Adware.Safetybar.B
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081207.bat
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081207.bat
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081212.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081212.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081212.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081213.dll
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081213.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081213.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081221.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081221.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081221.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081222.dll
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081222.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081222.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081228.exe
Infected with: Generic.Zlob.268C7CBC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081228.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081228.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081229.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081229.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081229.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081230.exe
Infected with: Trojan.Agent.Zlob.G
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081230.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081230.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081231.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081231.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081231.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081232.dll
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081232.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081232.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP309\A0081296.bat
Detected with: Adware.Safetybar.B
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP309\A0081296.bat
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP309\A0081296.bat
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP316\A0081544.exe
Detected with: Adware.PurityScan.D
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP316\A0081544.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP316\A0081544.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP325\A0084853.exe
Infected with: Trojan.Downloader.Purityscan.CQ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP325\A0084853.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP325\A0084853.exe
Deleted
C:\WINDOWS\Temp\idd5FCE.tmp.exe
Infected with: Trojan.PornDialer.K
C:\WINDOWS\Temp\idd5FCE.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\idd5FCE.tmp.exe
Deleted
C:\WINDOWS\Temp\idd6268.tmp.exe
Infected with: Trojan.PornDialer.K
C:\WINDOWS\Temp\idd6268.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\idd6268.tmp.exe
Delete failed
C:\WINDOWS\Temp\win5FCD.tmp.exe
Infected with: Trojan.PornDialer.K
C:\WINDOWS\Temp\win5FCD.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win5FCD.tmp.exe
Deleted
C:\WINDOWS\Temp\win5FD5.tmp.exe
Infected with: Trojan.Downloader.Agent.XXX
C:\WINDOWS\Temp\win5FD5.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win5FD5.tmp.exe
Deleted
C:\WINDOWS\Temp\win6267.tmp.exe
Infected with: Trojan.PornDialer.K
C:\WINDOWS\Temp\win6267.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win6267.tmp.exe
Delete failed
******
Et Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 18:03:21, on 24/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\??mbols\?hkdsk.exe
C:\WINDOWS\TEMP\win6267.tmp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\your user name\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
O4 - HKCU\..\Run: [Uhepsde] C:\WINDOWS\system32\??mbols\?hkdsk.exe
O4 - Startup: Moniteur & Configuration.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
Voilà, pour le firewall je suis en train de l'installer.
Votre diagnostic docteur ? :s
Merci pour votre aide
A+
Ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 16:56:36 24/08/2006
+ Scan result:
HKU\S-1-5-21-1708537768-1644491937-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1708537768-1644491937-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\aѕsembly\wυauboot.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mmc.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
[2424] C:\Program Files\aѕsembly\wυauboot.exe -> Adware.PurityScan : Error during cleaning.
:mozilla.12:C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.13:C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.9:C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.11:C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\your user name\Cookies\your user name@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
*****
Bit defender :
Statistics
Time
00:58:39
Files
296129
Folders
3962
Boot Sectors
2
Archives
1851
Packed Files
43388
Results
Identified Viruses
21
Infected Files
66
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
64
Engines Info
Virus Definitions
450539
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
39
Unpack plugins
5
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\BOYQFANL\srvagp[1].exe
Infected with: Trojan.PornDialer.K
C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\BOYQFANL\srvagp[1].exe
Disinfection failed
C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\BOYQFANL\srvagp[1].exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075245.dll
Infected with: Trojan.Zlob.AZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075245.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075246.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075246.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075246.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075319.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075319.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075319.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075320.dll
Infected with: Trojan.Zlob.AZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075320.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075680.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075680.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075680.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075681.dll
Infected with: Trojan.Zlob.AZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075681.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076625.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076625.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076625.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076626.dll
Infected with: Trojan.Zlob.AZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076626.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076641.exe
Infected with: Trojan.CLSpring.BD
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076641.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076641.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077624.dll
Infected with: Trojan.Zlob.AZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077624.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077625.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077625.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077625.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077641.dll
Infected with: Trojan.Zlob.AZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077641.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077642.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077642.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077642.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077647.exe
Infected with: Trojan.Zlob.AZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077647.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077647.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077648.exe
Infected with: Trojan.Agent.TC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077648.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077648.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077666.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077666.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077666.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077667.dll
Infected with: Trojan.Downloader.Zlob.ZC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077667.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077667.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077717.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077717.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077717.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077718.dll
Infected with: Trojan.Downloader.Zlob.ZC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077718.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077718.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077731.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077731.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077731.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077732.dll
Infected with: Trojan.Downloader.Zlob.ZC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077732.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077732.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077743.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077743.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077743.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077744.dll
Infected with: Trojan.Downloader.Zlob.ZC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077744.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077744.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077811.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077811.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077811.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077812.dll
Infected with: Trojan.Downloader.Zlob.ZC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077812.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077812.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077974.exe
Infected with: Trojan.Zlob.BA
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077974.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077975.exe
Infected with: Trojan.Downloader.Zlob.ZC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077975.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077975.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077976.dll
Infected with: Trojan.Downloader.Zlob.ZC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077976.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077976.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077981.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077981.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077981.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077982.dll
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077982.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077982.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078001.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078001.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078001.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078002.dll
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078002.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078002.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078009.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078009.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078009.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078010.exe
Infected with: Trojan.Downloader.Zlob.QF
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078010.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078010.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078011.exe
Infected with: Trojan.Downloader.Zlob.SV
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078011.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078011.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078012.exe
Infected with: Trojan.Downloader.Zlob.SZD
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078012.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078012.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078013.dll
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078013.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078013.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078155.exe
Infected with: Trojan.Starter.V
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078155.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078155.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078156.exe
Infected with: Trojan.Downloader.Purityscan.CO
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078156.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078156.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078157.dll
Infected with: Trojan.FakeAlert.CO
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078157.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078157.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078185.exe
Infected with: Trojan.Downloader.Purityscan.CO
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078185.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078185.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP301\A0078798.exe
Infected with: Trojan.Downloader.Purityscan.CO
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP301\A0078798.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP301\A0078798.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081198.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081198.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081198.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081199.dll
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081199.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081199.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081203.exe
Infected with: Trojan.Downloader.Zlob.TZ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081203.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081203.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081205.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081205.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081205.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081206.dll
Infected with: Trojan.Agent.TH
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081206.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081206.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081207.bat
Detected with: Adware.Safetybar.B
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081207.bat
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081207.bat
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081212.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081212.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081212.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081213.dll
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081213.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081213.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081221.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081221.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081221.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081222.dll
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081222.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081222.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081228.exe
Infected with: Generic.Zlob.268C7CBC
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081228.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081228.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081229.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081229.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081229.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081230.exe
Infected with: Trojan.Agent.Zlob.G
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081230.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081230.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081231.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081231.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081231.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081232.dll
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081232.dll
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081232.dll
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP309\A0081296.bat
Detected with: Adware.Safetybar.B
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP309\A0081296.bat
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP309\A0081296.bat
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP316\A0081544.exe
Detected with: Adware.PurityScan.D
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP316\A0081544.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP316\A0081544.exe
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP325\A0084853.exe
Infected with: Trojan.Downloader.Purityscan.CQ
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP325\A0084853.exe
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP325\A0084853.exe
Deleted
C:\WINDOWS\Temp\idd5FCE.tmp.exe
Infected with: Trojan.PornDialer.K
C:\WINDOWS\Temp\idd5FCE.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\idd5FCE.tmp.exe
Deleted
C:\WINDOWS\Temp\idd6268.tmp.exe
Infected with: Trojan.PornDialer.K
C:\WINDOWS\Temp\idd6268.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\idd6268.tmp.exe
Delete failed
C:\WINDOWS\Temp\win5FCD.tmp.exe
Infected with: Trojan.PornDialer.K
C:\WINDOWS\Temp\win5FCD.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win5FCD.tmp.exe
Deleted
C:\WINDOWS\Temp\win5FD5.tmp.exe
Infected with: Trojan.Downloader.Agent.XXX
C:\WINDOWS\Temp\win5FD5.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win5FD5.tmp.exe
Deleted
C:\WINDOWS\Temp\win6267.tmp.exe
Infected with: Trojan.PornDialer.K
C:\WINDOWS\Temp\win6267.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win6267.tmp.exe
Delete failed
******
Et Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 18:03:21, on 24/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\??mbols\?hkdsk.exe
C:\WINDOWS\TEMP\win6267.tmp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\your user name\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
O4 - HKCU\..\Run: [Uhepsde] C:\WINDOWS\system32\??mbols\?hkdsk.exe
O4 - Startup: Moniteur & Configuration.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
Voilà, pour le firewall je suis en train de l'installer.
Votre diagnostic docteur ? :s
Merci pour votre aide
A+
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
105
24 août 2006 à 20:10
24 août 2006 à 20:10
Coucou
Malheureusement la désinfection préliminaire n'a pas fonctionné comme prévu à cause de ton manque d'attention.
Je t'ai marqué en effet des manipulations dans un certain ordre qu'il aurait fallu respecté, or tu as ignoré l'étape 1/ et 2/
Si tu veux que ton PC soit désinfecté, il faut que tu fasses ce que je t'écris et dans l'ordre que je t'écris !
Refais la manip depuis le début comme il faut
Allez, bonne chance ;)
a+
Malheureusement la désinfection préliminaire n'a pas fonctionné comme prévu à cause de ton manque d'attention.
Je t'ai marqué en effet des manipulations dans un certain ordre qu'il aurait fallu respecté, or tu as ignoré l'étape 1/ et 2/
Si tu veux que ton PC soit désinfecté, il faut que tu fasses ce que je t'écris et dans l'ordre que je t'écris !
Refais la manip depuis le début comme il faut
Allez, bonne chance ;)
a+
Altäriel
Messages postés
43
Date d'inscription
lundi 17 juillet 2006
Statut
Membre
Dernière intervention
26 octobre 2006
24 août 2006 à 20:24
24 août 2006 à 20:24
Arf, je suis vraiment désolé :s, pour la peine je vais aller me faire fouetter.
Plus sérieusement, j'ai effectivement effectué l'etape 1 en dernier, mais j'avais bel et bien fait un nettoyage avec CCleaner.
Enfin je m'y remet tout de suite, encore désolé;
A+
Plus sérieusement, j'ai effectivement effectué l'etape 1 en dernier, mais j'avais bel et bien fait un nettoyage avec CCleaner.
Enfin je m'y remet tout de suite, encore désolé;
A+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
105
24 août 2006 à 20:30
24 août 2006 à 20:30
he he pas de problèmes ;)
Si tu as des questions n'hésites pas, mais ne doute pas sur l'ordre des manipulations à effectuer mdr
On gagnera du temps, et ton PC devrait être guéri plus rapidement ;)
Bonne soirée, on attend tous les rapports.
Si tu as des questions n'hésites pas, mais ne doute pas sur l'ordre des manipulations à effectuer mdr
On gagnera du temps, et ton PC devrait être guéri plus rapidement ;)
Bonne soirée, on attend tous les rapports.
Altäriel
Messages postés
43
Date d'inscription
lundi 17 juillet 2006
Statut
Membre
Dernière intervention
26 octobre 2006
24 août 2006 à 22:29
24 août 2006 à 22:29
Re, avant que je refasse les scans, je voulais savoir comment régler efficacement Kerio, j'ai lu le tuto que tu as mis en lien mais quand ils disent :
"Si vous êtes perdu à cette étape, testez les lignes une par une et voyez ce qui se passe. Si vous ne pouvez plus vous connecter c'est que cette application doit pouvoir acceder à internet."
C'est pas très evident :)
Voilà, je ne sais pas si j'aurais le tps de faire les manip ce soir, je suis de sortie.
Merci pour ton aide; A+
"Si vous êtes perdu à cette étape, testez les lignes une par une et voyez ce qui se passe. Si vous ne pouvez plus vous connecter c'est que cette application doit pouvoir acceder à internet."
C'est pas très evident :)
Voilà, je ne sais pas si j'aurais le tps de faire les manip ce soir, je suis de sortie.
Merci pour ton aide; A+
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
105
25 août 2006 à 20:28
25 août 2006 à 20:28
Oki ;)
bye bye
bye bye
Altäriel
Messages postés
43
Date d'inscription
lundi 17 juillet 2006
Statut
Membre
Dernière intervention
26 octobre 2006
26 août 2006 à 15:01
26 août 2006 à 15:01
Salut :)
Désolé de n'avoir pas posté hier mais jai eu une grosse journée de boulot et j'avais pas envie de me prendre la tête sur mon ordi toute la soirée.
Enfin bref, je m'y met aujourd'hui,
A toute :)
PS : pour ce qui est de l'etape 2, tu veux un rapport CCleaner ? parce que tu ne l'as pas précisé.
Désolé de n'avoir pas posté hier mais jai eu une grosse journée de boulot et j'avais pas envie de me prendre la tête sur mon ordi toute la soirée.
Enfin bref, je m'y met aujourd'hui,
A toute :)
PS : pour ce qui est de l'etape 2, tu veux un rapport CCleaner ? parce que tu ne l'as pas précisé.
Altäriel
Messages postés
43
Date d'inscription
lundi 17 juillet 2006
Statut
Membre
Dernière intervention
26 octobre 2006
26 août 2006 à 16:49
26 août 2006 à 16:49
Re,
cette fois ci j'ai bien suivi toutes tes instructions à la lettre, voici les rapports :
***
Ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 15:46:27 26/08/2006
+ Scan result:
Nothing found.
::Report end
****
Bitdefender :
Statistics
Time
00:55:23
Files
295978
Folders
3954
Boot Sectors
2
Archives
1856
Packed Files
43384
Results
Identified Viruses
1
Infected Files
4
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
8
Engines Info
Virus Definitions
450834
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
39
Unpack plugins
5
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\Norton AntiVirus\Quarantine\2D070BB4.exe=>(Quarantine-2)
Infected with: DeepScan:Generic.Malware.dld!!.88E7622E
C:\Program Files\Norton AntiVirus\Quarantine\2D070BB4.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\2D070BB4.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\3F962D47.exe=>(Quarantine-2)
Infected with: DeepScan:Generic.Malware.dld!!.88E7622E
C:\Program Files\Norton AntiVirus\Quarantine\3F962D47.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\3F962D47.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085039.exe=>(Quarantine-2)
Infected with: DeepScan:Generic.Malware.dld!!.88E7622E
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085039.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085039.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085040.exe=>(Quarantine-2)
Infected with: DeepScan:Generic.Malware.dld!!.88E7622E
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085040.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085040.exe=>(Quarantine-2)
Deleted
****
HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 16:48:02, on 26/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
C:\WINDOWS\system32\??mbols\?hkdsk.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\your user name\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
O4 - Startup: Moniteur & Configuration.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
Voilà voilà, j'attends tes prochaines instructions :)
A+
cette fois ci j'ai bien suivi toutes tes instructions à la lettre, voici les rapports :
***
Ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 15:46:27 26/08/2006
+ Scan result:
Nothing found.
::Report end
****
Bitdefender :
Statistics
Time
00:55:23
Files
295978
Folders
3954
Boot Sectors
2
Archives
1856
Packed Files
43384
Results
Identified Viruses
1
Infected Files
4
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
8
Engines Info
Virus Definitions
450834
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
39
Unpack plugins
5
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\Norton AntiVirus\Quarantine\2D070BB4.exe=>(Quarantine-2)
Infected with: DeepScan:Generic.Malware.dld!!.88E7622E
C:\Program Files\Norton AntiVirus\Quarantine\2D070BB4.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\2D070BB4.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\3F962D47.exe=>(Quarantine-2)
Infected with: DeepScan:Generic.Malware.dld!!.88E7622E
C:\Program Files\Norton AntiVirus\Quarantine\3F962D47.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\3F962D47.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085039.exe=>(Quarantine-2)
Infected with: DeepScan:Generic.Malware.dld!!.88E7622E
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085039.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085039.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085040.exe=>(Quarantine-2)
Infected with: DeepScan:Generic.Malware.dld!!.88E7622E
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085040.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085040.exe=>(Quarantine-2)
Deleted
****
HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 16:48:02, on 26/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
C:\WINDOWS\system32\??mbols\?hkdsk.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\your user name\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
O4 - Startup: Moniteur & Configuration.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
Voilà voilà, j'attends tes prochaines instructions :)
A+
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
105
26 août 2006 à 18:57
26 août 2006 à 18:57
Coucou Altäriel,
Merci d'avoir enfin tout fais comme il faut :)
Pour le rapport de CCLEANER - pas besoin.
1/ Vide la quarantaine de Norton AntiVirus (s'il reste quelque chose).
2/ Clique droit sur "Poste de travail" -> "Propriétés" -> onglet "Restauration du système" -> tu coches "Désactiver la Restauration du système sur tous les lecteurs" -> "Appliquer" -> "Oui".
Ensuite, tu décoches "Désactiver la Restauration du système sur tous les lecteurs" -> "Appliquer" -> "OK".
3/ Affiche tous les fichiers et dossiers :
Clique sur "démarrer" -> "Panneau de configuration" -> "Outils" (tout en haut) -> "Options des dossiers..." -> "Affichage".
Coche :
"afficher les fichiers et dossiers cachés"
Décoche les cases :
"masquer les fichiers protégés du système d'exploitation (recommandé)"
"masquer les extensions dont le type est connu"
Clique sur "Appliquer", puis "Ok"
4/ Rends toi sur http://www.virustotal.com/flash/index_en.html
Clique sur "Parcourir..." et cherche le fichier en gras :
C:\WINDOWS\system32\??mbols\?hkdsk.exe
Attends que le rectangle soit vert (à droite) et clique sur "Send".
Une fois le scan terminé, copie/colle le rapport sur le forum.
5/ Télécharge LopXP :
http://pageperso.aol.fr/balltrap34/lopxp.zip (Merci à Moe31 et Balltrap34).
Dézippe-le (clic droit dessus > extraire tout) et lance lopxp.bat
copie/colle le rapport sur le forum
Courage, on progresse bien ;)
Merci d'avoir enfin tout fais comme il faut :)
Pour le rapport de CCLEANER - pas besoin.
1/ Vide la quarantaine de Norton AntiVirus (s'il reste quelque chose).
2/ Clique droit sur "Poste de travail" -> "Propriétés" -> onglet "Restauration du système" -> tu coches "Désactiver la Restauration du système sur tous les lecteurs" -> "Appliquer" -> "Oui".
Ensuite, tu décoches "Désactiver la Restauration du système sur tous les lecteurs" -> "Appliquer" -> "OK".
3/ Affiche tous les fichiers et dossiers :
Clique sur "démarrer" -> "Panneau de configuration" -> "Outils" (tout en haut) -> "Options des dossiers..." -> "Affichage".
Coche :
"afficher les fichiers et dossiers cachés"
Décoche les cases :
"masquer les fichiers protégés du système d'exploitation (recommandé)"
"masquer les extensions dont le type est connu"
Clique sur "Appliquer", puis "Ok"
4/ Rends toi sur http://www.virustotal.com/flash/index_en.html
Clique sur "Parcourir..." et cherche le fichier en gras :
C:\WINDOWS\system32\??mbols\?hkdsk.exe
Attends que le rectangle soit vert (à droite) et clique sur "Send".
Une fois le scan terminé, copie/colle le rapport sur le forum.
5/ Télécharge LopXP :
http://pageperso.aol.fr/balltrap34/lopxp.zip (Merci à Moe31 et Balltrap34).
Dézippe-le (clic droit dessus > extraire tout) et lance lopxp.bat
copie/colle le rapport sur le forum
Courage, on progresse bien ;)
Altäriel
Messages postés
43
Date d'inscription
lundi 17 juillet 2006
Statut
Membre
Dernière intervention
26 octobre 2006
26 août 2006 à 20:20
26 août 2006 à 20:20
Re, juste une précision, "Désactiver la Restauration du système lecteur" se nomme "Désactiver la Restauration du système", c'est la même chose ? :)
Et je n'ai pas "Désactiver la Restauration du système sur tous les lecteurs", est-ce du au fait que je n'ai qu'un seul lecteur ?
Merci pour ton aide, a tte.
Et je n'ai pas "Désactiver la Restauration du système sur tous les lecteurs", est-ce du au fait que je n'ai qu'un seul lecteur ?
Merci pour ton aide, a tte.
Altäriel
Messages postés
43
Date d'inscription
lundi 17 juillet 2006
Statut
Membre
Dernière intervention
26 octobre 2006
26 août 2006 à 20:36
26 août 2006 à 20:36
Voilà, j'ai bien procédé comme indiqué ( à part la question que j'ai soulevée dans mon post précédent :) ).
Voici les rapports :
Celui de virus total :
Complete scanning result of "_hkdsk.exe", received in VirusTotal at 08.26.2006, 20:29:45 (CET).
Antivirus Version Update Result
AntiVir n - no virus found
Authentium n - no virus found
Avast n - no virus found
AVG n - no virus found
BitDefender n - no virus found
CAT-QuickHeal n - no virus found
ClamAV n - no virus found
DrWeb n - no virus found
eTrust-InoculateIT n - no virus found
eTrust-Vet n - no virus found
Ewido n - no virus found
Fortinet n - no virus found
F-Prot n - no virus found
F-Prot4 n - no virus found
Ikarus n - no virus found
Kaspersky n - no virus found
McAfee n - no virus found
Microsoft n - no virus found
NOD32v2 n - no virus found
Norman n - no virus found
Panda n - no virus found
Sophos n - no virus found
Symantec n - no virus found
TheHacker n - no virus found
UNA n - no virus found
VBA32 n - no virus found
VirusBuster n - no virus found
Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
****
Et celui de LopXP :
Rapport fait à 20:33:47,32 le 26/08/2006
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 98A9-7CBA
R‚pertoire de C:\Documents and Settings\All Users\Application Data
17/07/2006 15:46 <REP> Spybot - Search & Destroy
15/07/2006 11:02 <REP> Windows Genuine Advantage
20/12/2005 19:11 <REP> Skype
21/08/2005 12:53 <REP> Symantec
26/07/2005 17:30 <REP> CyberLink
26/07/2005 17:18 <REP> Ahead
26/07/2005 11:22 62 desktop.ini
26/07/2005 11:22 <REP> Microsoft
26/07/2005 11:22 <REP> ..
26/07/2005 11:22 <REP> .
24/05/2003 21:30 <REP> nView_Profiles
1 fichier(s) 62 octets
10 R‚p(s) 34155872256 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 98A9-7CBA
R‚pertoire de C:\Documents and Settings\Default User\Application Data
26/07/2005 11:22 62 desktop.ini
26/07/2005 11:22 <REP> ..
26/07/2005 11:22 <REP> Microsoft
26/07/2005 11:22 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 34155872256 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 98A9-7CBA
R‚pertoire de C:\Documents and Settings\your user name\Application Data
15/07/2006 00:04 <REP> Lavasoft
02/06/2006 19:47 <REP> Xfire
13/04/2006 18:11 <REP> La Bataille pour la Terre du Milieu T II
02/11/2005 11:59 <REP> Help
01/09/2005 14:12 <REP> Ahead
23/08/2005 11:33 <REP> InterTrust
21/08/2005 12:54 <REP> Symantec
21/08/2005 12:36 <REP> Sun
06/08/2005 22:21 <REP> teamspeak2
01/08/2005 20:26 <REP> vlc
01/08/2005 19:28 <REP> CyberLink
31/07/2005 19:17 <REP> Adobe
29/07/2005 22:34 <REP> Macromedia
29/07/2005 17:20 <REP> .bittorrent
29/07/2005 11:20 <REP> Mozilla
28/07/2005 20:44 <REP> La Bataille pour la Terre du Milieu
28/07/2005 19:04 <REP> Ideazon
28/07/2005 14:37 <REP> Skype
26/07/2005 17:28 <REP> Creative
26/07/2005 10:39 <REP> Identities
26/07/2005 10:39 62 desktop.ini
26/07/2005 10:39 <REP> ..
26/07/2005 10:39 <REP> .
26/07/2005 10:39 <REP> Microsoft
1 fichier(s) 62 octets
23 R‚p(s) 34155872256 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 98A9-7CBA
R‚pertoire de C:\WINDOWS\Tasks
21/08/2005 12:55 382 Symantec NetDetect.job
26/07/2005 10:35 6 SA.DAT
26/07/2005 10:30 65 desktop.ini
26/07/2005 10:30 <REP> ..
26/07/2005 10:30 <REP> .
3 fichier(s) 453 octets
2 R‚p(s) 34ÿ155ÿ859ÿ968 octets libres
******************************************
Recherche dans Program files
Le dossier C:\Program Files\C2Media n'existe pas
*************** Fin du rapport *****************
Voilou, j'attends pour la suite des hostilités ^_^ .
A toute.
Voici les rapports :
Celui de virus total :
Complete scanning result of "_hkdsk.exe", received in VirusTotal at 08.26.2006, 20:29:45 (CET).
Antivirus Version Update Result
AntiVir n - no virus found
Authentium n - no virus found
Avast n - no virus found
AVG n - no virus found
BitDefender n - no virus found
CAT-QuickHeal n - no virus found
ClamAV n - no virus found
DrWeb n - no virus found
eTrust-InoculateIT n - no virus found
eTrust-Vet n - no virus found
Ewido n - no virus found
Fortinet n - no virus found
F-Prot n - no virus found
F-Prot4 n - no virus found
Ikarus n - no virus found
Kaspersky n - no virus found
McAfee n - no virus found
Microsoft n - no virus found
NOD32v2 n - no virus found
Norman n - no virus found
Panda n - no virus found
Sophos n - no virus found
Symantec n - no virus found
TheHacker n - no virus found
UNA n - no virus found
VBA32 n - no virus found
VirusBuster n - no virus found
Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
****
Et celui de LopXP :
Rapport fait à 20:33:47,32 le 26/08/2006
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 98A9-7CBA
R‚pertoire de C:\Documents and Settings\All Users\Application Data
17/07/2006 15:46 <REP> Spybot - Search & Destroy
15/07/2006 11:02 <REP> Windows Genuine Advantage
20/12/2005 19:11 <REP> Skype
21/08/2005 12:53 <REP> Symantec
26/07/2005 17:30 <REP> CyberLink
26/07/2005 17:18 <REP> Ahead
26/07/2005 11:22 62 desktop.ini
26/07/2005 11:22 <REP> Microsoft
26/07/2005 11:22 <REP> ..
26/07/2005 11:22 <REP> .
24/05/2003 21:30 <REP> nView_Profiles
1 fichier(s) 62 octets
10 R‚p(s) 34155872256 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 98A9-7CBA
R‚pertoire de C:\Documents and Settings\Default User\Application Data
26/07/2005 11:22 62 desktop.ini
26/07/2005 11:22 <REP> ..
26/07/2005 11:22 <REP> Microsoft
26/07/2005 11:22 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 34155872256 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 98A9-7CBA
R‚pertoire de C:\Documents and Settings\your user name\Application Data
15/07/2006 00:04 <REP> Lavasoft
02/06/2006 19:47 <REP> Xfire
13/04/2006 18:11 <REP> La Bataille pour la Terre du Milieu T II
02/11/2005 11:59 <REP> Help
01/09/2005 14:12 <REP> Ahead
23/08/2005 11:33 <REP> InterTrust
21/08/2005 12:54 <REP> Symantec
21/08/2005 12:36 <REP> Sun
06/08/2005 22:21 <REP> teamspeak2
01/08/2005 20:26 <REP> vlc
01/08/2005 19:28 <REP> CyberLink
31/07/2005 19:17 <REP> Adobe
29/07/2005 22:34 <REP> Macromedia
29/07/2005 17:20 <REP> .bittorrent
29/07/2005 11:20 <REP> Mozilla
28/07/2005 20:44 <REP> La Bataille pour la Terre du Milieu
28/07/2005 19:04 <REP> Ideazon
28/07/2005 14:37 <REP> Skype
26/07/2005 17:28 <REP> Creative
26/07/2005 10:39 <REP> Identities
26/07/2005 10:39 62 desktop.ini
26/07/2005 10:39 <REP> ..
26/07/2005 10:39 <REP> .
26/07/2005 10:39 <REP> Microsoft
1 fichier(s) 62 octets
23 R‚p(s) 34155872256 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 98A9-7CBA
R‚pertoire de C:\WINDOWS\Tasks
21/08/2005 12:55 382 Symantec NetDetect.job
26/07/2005 10:35 6 SA.DAT
26/07/2005 10:30 65 desktop.ini
26/07/2005 10:30 <REP> ..
26/07/2005 10:30 <REP> .
3 fichier(s) 453 octets
2 R‚p(s) 34ÿ155ÿ859ÿ968 octets libres
******************************************
Recherche dans Program files
Le dossier C:\Program Files\C2Media n'existe pas
*************** Fin du rapport *****************
Voilou, j'attends pour la suite des hostilités ^_^ .
A toute.
Altäriel
Messages postés
43
Date d'inscription
lundi 17 juillet 2006
Statut
Membre
Dernière intervention
26 octobre 2006
27 août 2006 à 20:38
27 août 2006 à 20:38
Salut :)
Que dois-je faire à présent ? J'ai bien remarqué que le programme ne se lancait plus, mais est-ce que les opérations sont terminées ?
Merci de ton aide,
a+
Que dois-je faire à présent ? J'ai bien remarqué que le programme ne se lancait plus, mais est-ce que les opérations sont terminées ?
Merci de ton aide,
a+
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
105
28 août 2006 à 19:59
28 août 2006 à 19:59
Salut,
Tu es sûre d'avoir scanné le fichier "?hkdsk.exe" car dans le rapport je lis "_hkdsk.exe" avec un "_" et non un "?" (or c'est très important).
Ensuite, je vois que tu es toujours infectée, remets un nouveau log HT.
a+
Tu es sûre d'avoir scanné le fichier "?hkdsk.exe" car dans le rapport je lis "_hkdsk.exe" avec un "_" et non un "?" (or c'est très important).
Ensuite, je vois que tu es toujours infectée, remets un nouveau log HT.
a+
Altäriel
Messages postés
43
Date d'inscription
lundi 17 juillet 2006
Statut
Membre
Dernière intervention
26 octobre 2006
30 août 2006 à 16:08
30 août 2006 à 16:08
Salut, désolé pour mon absence.
Pour ce qui est du fichier "?hkdsk.exe", je pense effectivement avoir plutôt scanné "_hkdsk.exe", pour la simple raison que je trouvé pas le fichier avec le " ? " à cette adresse C:\WINDOWS\system32\??mbols\?hkdsk.exe .
( pas de dossier " ??mbols " , mais un dossier "symbols" )
Voici le log HT :
Logfile of HijackThis v1.99.1
Scan saved at 16:07:18, on 30/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\?ppPatch\??xplore.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\your user name\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
O4 - HKCU\..\Run: [Wekk] C:\WINDOWS\?ppPatch\??xplore.exe
O4 - Startup: Moniteur & Configuration.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
Merci :)
A+
Pour ce qui est du fichier "?hkdsk.exe", je pense effectivement avoir plutôt scanné "_hkdsk.exe", pour la simple raison que je trouvé pas le fichier avec le " ? " à cette adresse C:\WINDOWS\system32\??mbols\?hkdsk.exe .
( pas de dossier " ??mbols " , mais un dossier "symbols" )
Voici le log HT :
Logfile of HijackThis v1.99.1
Scan saved at 16:07:18, on 30/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\?ppPatch\??xplore.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\your user name\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
O4 - HKCU\..\Run: [Wekk] C:\WINDOWS\?ppPatch\??xplore.exe
O4 - Startup: Moniteur & Configuration.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
Merci :)
A+
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
105
1 sept. 2006 à 12:23
1 sept. 2006 à 12:23
Re ;)
1/ Relance HT et fixe ces lignes :
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
O4 - HKCU\..\Run: [Wekk] C:\WINDOWS\?ppPatch\??xplore.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
2/ - Télécharge Pocket Killbox ici :
http://www.downloads.subratam.org/KillBox.exe
Déconnecte toi du net.
Double clic sur killbox.exe (Pocket Killbox)
- Coche : "Delete on reboot"
- Dans "Full Path of File to Delete"
copie et colle ceci :
C:\WINDOWS\SYSTEM32\winjyp32.dll
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation : clique sur "YES"
- une seconde fenêtre te demande si tu veux redémarrer : clique sur "YES"
Laisse le PC redémarrer.
Si tu as le message suivant : "pending file rename operations registry data has been removed by external process.", ignore-le et redémarre ton PC manuellement.
En image : http://tinypic.com/images/goodbye.jpg
3/ Scanne ton PC avec cet antivirus en ligne :
https://www.kaspersky.fr/downloads
- Choisis "Kaspersky Online Scanner"
- Clique sur "Accept" -> "Next" -> "My computer"
- Laisse le scan se faire et copie/colle le rapport ici (si infecté)
4/ Remets un nouveau log HijackThis.
Courage, Kristopher
1/ Relance HT et fixe ces lignes :
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
O4 - HKCU\..\Run: [Wekk] C:\WINDOWS\?ppPatch\??xplore.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
2/ - Télécharge Pocket Killbox ici :
http://www.downloads.subratam.org/KillBox.exe
Déconnecte toi du net.
Double clic sur killbox.exe (Pocket Killbox)
- Coche : "Delete on reboot"
- Dans "Full Path of File to Delete"
copie et colle ceci :
C:\WINDOWS\SYSTEM32\winjyp32.dll
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation : clique sur "YES"
- une seconde fenêtre te demande si tu veux redémarrer : clique sur "YES"
Laisse le PC redémarrer.
Si tu as le message suivant : "pending file rename operations registry data has been removed by external process.", ignore-le et redémarre ton PC manuellement.
En image : http://tinypic.com/images/goodbye.jpg
3/ Scanne ton PC avec cet antivirus en ligne :
https://www.kaspersky.fr/downloads
- Choisis "Kaspersky Online Scanner"
- Clique sur "Accept" -> "Next" -> "My computer"
- Laisse le scan se faire et copie/colle le rapport ici (si infecté)
4/ Remets un nouveau log HijackThis.
Courage, Kristopher
Altäriel
Messages postés
43
Date d'inscription
lundi 17 juillet 2006
Statut
Membre
Dernière intervention
26 octobre 2006
2 sept. 2006 à 21:48
2 sept. 2006 à 21:48
Re, j'ai bien procédé comme tu me l'as indiqué, j'obtiens ceci :
Rapport Kaspersky :
KASPERSKY ONLINE SCANNER REPORT
Saturday, September 02, 2006 9:44:59 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/09/2006
Kaspersky Anti-Virus database records: 207479
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 60954
Number of viruses found 2
Number of infected objects 3 / 0
Number of suspicious objects 0
Duration of the scan process 00:46:06
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\history.dat Object is locked skipped
C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\parent.lock Object is locked skipped
C:\Documents and Settings\your user name\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\your user name\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\your user name\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\your user name\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\your user name\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\7GJ1JNEA\!update-4295[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\your user name\Mes documents\ѕecurity\rundll.exe Infected: Trojan-Downloader.Win32.PurityScan.dg skipped
C:\Documents and Settings\your user name\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\your user name\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd3933.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000005-00000000-00000007-00001102-00000004-20021102}.CDF Object is locked skipped
Scan process completed.
Et le log HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 21:48:18, on 02/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\?ppPatch\??xplore.exe
C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
C:\Documents and Settings\your user name\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {DFB6AA6F-4DD7-1807-A2D9-6D1332AE6DE6} - C:\WINDOWS\system32\dqng.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DFB6AA6F-4DD7-1807-A2D9-6D1332AE6DE6} - C:\WINDOWS\system32\dqng.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
O4 - Startup: Moniteur & Configuration.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
Voilà, que dois-je faire a présent ?
Merci, A+
PS : Reprise des cours Lundi, ce qui signifie donc que je ne pourrais répondre à tes message qu'en fin de semaine ( je suis en internat :s ).
Voilà ^^
Rapport Kaspersky :
KASPERSKY ONLINE SCANNER REPORT
Saturday, September 02, 2006 9:44:59 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/09/2006
Kaspersky Anti-Virus database records: 207479
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 60954
Number of viruses found 2
Number of infected objects 3 / 0
Number of suspicious objects 0
Duration of the scan process 00:46:06
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\history.dat Object is locked skipped
C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\parent.lock Object is locked skipped
C:\Documents and Settings\your user name\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\your user name\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\your user name\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\your user name\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\your user name\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\7GJ1JNEA\!update-4295[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\your user name\Mes documents\ѕecurity\rundll.exe Infected: Trojan-Downloader.Win32.PurityScan.dg skipped
C:\Documents and Settings\your user name\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\your user name\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd3933.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000005-00000000-00000007-00001102-00000004-20021102}.CDF Object is locked skipped
Scan process completed.
Et le log HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 21:48:18, on 02/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\?ppPatch\??xplore.exe
C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
C:\Documents and Settings\your user name\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {DFB6AA6F-4DD7-1807-A2D9-6D1332AE6DE6} - C:\WINDOWS\system32\dqng.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DFB6AA6F-4DD7-1807-A2D9-6D1332AE6DE6} - C:\WINDOWS\system32\dqng.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
O4 - Startup: Moniteur & Configuration.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
Voilà, que dois-je faire a présent ?
Merci, A+
PS : Reprise des cours Lundi, ce qui signifie donc que je ne pourrais répondre à tes message qu'en fin de semaine ( je suis en internat :s ).
Voilà ^^
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
105
5 sept. 2006 à 21:06
5 sept. 2006 à 21:06
Salut,
C'est bientôt fini... Enfin ça va dépendre de Toi en fait.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche "Run this program as a task"
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique [OK]
* Il se relancera après les 10 secondes, puis clique sur le bouton "Scan for L2M"; les icônes de ton Bureau vont disparaître : c'est normal !
* Lorsque le scan termine, clique sur le bouton "Remove L2M"
* Un message "Done Scanning" apparaîtra, clique [OK].
* Un nouveau message s'affichera : "Done removing infected files! Look2Me-Destroyer will now shutdown your computer"; clique [OK].
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.
##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte !
###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-dessous, et place-le dans le dossier C:\Windows\System32
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
a+
C'est bientôt fini... Enfin ça va dépendre de Toi en fait.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche "Run this program as a task"
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique [OK]
* Il se relancera après les 10 secondes, puis clique sur le bouton "Scan for L2M"; les icônes de ton Bureau vont disparaître : c'est normal !
* Lorsque le scan termine, clique sur le bouton "Remove L2M"
* Un message "Done Scanning" apparaîtra, clique [OK].
* Un nouveau message s'affichera : "Done removing infected files! Look2Me-Destroyer will now shutdown your computer"; clique [OK].
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.
##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte !
###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-dessous, et place-le dans le dossier C:\Windows\System32
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
a+
Altäriel
Messages postés
43
Date d'inscription
lundi 17 juillet 2006
Statut
Membre
Dernière intervention
26 octobre 2006
23 sept. 2006 à 14:36
23 sept. 2006 à 14:36
Salut,
je suis désolé de n'avoir pas pu poster avant aujourd'hui, mais la reprise des cours a été difficile et j'ai eu très peu de temps a consacrer a mon ordi :'( .Enfin me revoici et j'espère que tu voudras bien m'aider à nouveau après mon absence.
Enfin voilà, j'ai fait ce que tu avais demandé dans ton dernier message.
Voici le rapport Look2Me-Destroyer :
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 23/09/2006 14:24:08
Attempting to delete infected files...
Making registry repairs.
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
Et le rapport HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 14:33:31, on 23/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
C:\WINDOWS\system32\?racle\w?aclt.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\your user name\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {DB8896D0-2139-75EC-1C75-57F00CBA3FE5} - C:\WINDOWS\system32\efwp.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DB8896D0-2139-75EC-1C75-57F00CBA3FE5} - C:\WINDOWS\system32\efwp.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
O4 - HKCU\..\Run: [Rhhckzn] C:\WINDOWS\system32\?racle\w?aclt.exe
O4 - Startup: Moniteur & Configuration.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
Voilà :), merci d'avance, a bientôt, Altä.
Ps : j'ai noté qu'un dossier nommé "security" s'était créé dans le dossier "Mes documents", il contient un dossier "ECURIT~1" et "rundll.exe" .
je suis désolé de n'avoir pas pu poster avant aujourd'hui, mais la reprise des cours a été difficile et j'ai eu très peu de temps a consacrer a mon ordi :'( .Enfin me revoici et j'espère que tu voudras bien m'aider à nouveau après mon absence.
Enfin voilà, j'ai fait ce que tu avais demandé dans ton dernier message.
Voici le rapport Look2Me-Destroyer :
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 23/09/2006 14:24:08
Attempting to delete infected files...
Making registry repairs.
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
Et le rapport HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 14:33:31, on 23/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
C:\WINDOWS\system32\?racle\w?aclt.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\your user name\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {DB8896D0-2139-75EC-1C75-57F00CBA3FE5} - C:\WINDOWS\system32\efwp.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DB8896D0-2139-75EC-1C75-57F00CBA3FE5} - C:\WINDOWS\system32\efwp.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
O4 - HKCU\..\Run: [Rhhckzn] C:\WINDOWS\system32\?racle\w?aclt.exe
O4 - Startup: Moniteur & Configuration.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
Voilà :), merci d'avance, a bientôt, Altä.
Ps : j'ai noté qu'un dossier nommé "security" s'était créé dans le dossier "Mes documents", il contient un dossier "ECURIT~1" et "rundll.exe" .
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
105
18 oct. 2006 à 19:30
18 oct. 2006 à 19:30
Bonsoir,
Encore des soucis ?
Encore des soucis ?