Virus détecté "infostealer.bancos"

Bonjour,

En fait jeai le mm prob qu'Isa. Infostealer virus.
Jai fait komm ta demander et copier le log file comme suit.
Merci de b1 vouloir te donner 7 pein.
Kissou

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:48 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\WINNT\System32\drivers\appnnode.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\CAPRPCSK.EXE
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAPPSWK.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CAPON] C:\WINNT\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Fenêtre d'état Canon LBP-810.LNK = C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAPPSWK.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {093501CE-D290-11D3-A3D6-00C04FA32518} - http://pgtseu11.poceur1/pub/jinit.exe
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Premiershipping.dj
O17 - HKLM\Software\..\Telephony: DomainName = Premiershipping.dj
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A075262-95FB-4CAC-B180-95F9D0109C6A}: NameServer = 216.245.108.66,193.251.143.162
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Premiershipping.dj
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = premiershipping.dj
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A075262-95FB-4CAC-B180-95F9D0109C6A}: NameServer = 216.245.108.66,193.251.143.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = premiershipping.dj
O23 - Service: AppnNode - Unknown owner - C:\WINNT\System32\drivers\appnnode.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINNT\System32\drivers\trcboot.exe
O23 - Service: Quest Resource Updating Agent (Vmover.exe) - Quest Software - C:\WINNT\System32\Vmover.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

Bjr Regis,
je reviens à la charge avec ce que tu m'as demandé... J'y ai presque passé la nuit (je n'ai presque plus de cheveux sur la tête à cause des démarrages sans echec que j'ai souvent du relancer faute de dextérité... Bref!).
A priori pas de pb au démarrage de mon ordinateur ce matin.
Merci infiniment!

Ci-dessous les retours demandés :
1/ "Rend toi ici:
demarer < poste de travail < c < windows < systeme32 < drivers < etc, ouvre host avec le bloc note"
MA REPONSE => LE FICHIER BLOC NOTE DE ‘hosts’ EST VIDE

2/ "Lancer et exécuter Ewido pour un scan complet et enregistre le afide pouvoir me copier/coller le rapport sur le forum"
---------------------------------------------------------
MA REPONSE=>ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 01:01:40 25/08/2006
+ Scan result:



C:\Program Files\Media Access -> Adware.MediaAccess : No action taken.
C:\Program Files\Media Access\MediaAccess.exe -> Adware.MediaAccess : No action taken.
C:\Documents and Settings\Da cunt\Local Settings\Temp\nsp2.tmp\remover.dll -> Adware.PurityScan : No action taken.
C:\Documents and Settings\Da cunt\mt-uninstaller.exe -> Adware.PurityScan : No action taken.
C:\WINNT\system32\mt-uninstaller.exe -> Adware.PurityScan : No action taken.
C:\Documents and Settings\Da cunt\Local Settings\Temp\ICD1.tmp\MediaAccX.dll -> Adware.WinAD : No action taken.
C:\Documents and Settings\Da cunt\Local Settings\Temporary Internet Files\Content.IE5\KLO1AFOX\MediaAccess[1].exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\Da cunt\Local Settings\Temporary Internet Files\Content.IE5\Y9WF69M5\bridge-c5[1].cab/MediaAccX.dll -> Adware.WinAD : No action taken.
C:\WINNT\system32\syshost.exe -> Backdoor.Delf.abc : No action taken.
C:\Recycled\Dc146.exe -> Dropper.Agent.mm : No action taken.
C:\WINNT\system32\qxozz.exe -> Dropper.Agent.mm : No action taken.
C:\Documents and Settings\Da cunt\Local Settings\Temp\installer.exe -> Dropper.PurityScan.q : No action taken.
C:\WINNT\Temp\installer.exe -> Dropper.PurityScan.q : No action taken.
C:\Recycled\Dc133.4(KeyLoggerAndMore)_SerialByDeeOhGee\SpyAnyTime PC Spy v2.4 + Serial By DeeOhGee\sapcspy.exe -> Logger.SpyAnyTime.b : No action taken.
C:\Recycled\Dc134.zip/SpyAnyTime PC Spy v2.4 + Serial By DeeOhGee/sapcspy.exe -> Logger.SpyAnyTime.b : No action taken.
C:\Recycled\Dc148.exe -> Logger.SpyAnyTime.d : No action taken.
C:\WINNT\system32\KEYBHOOK.DLL -> Not-A-Virus.Monitor.Win32.Hooker.d : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@247realmedia[3].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@247realmedia[4].txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.89:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@112.2o7[3].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@2o7[3].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@advertising[4].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.25:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@atdmt[3].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.80:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@bluestreak[3].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@bluestreak[5].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@iv2.bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.74:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.75:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.76:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@com[2].txt -> TrackingCookie.Com : No action taken.
:mozilla.69:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.70:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.71:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : No action taken.
:mozilla.62:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@doubleclick[3].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.46:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@estat[2].txt -> TrackingCookie.Estat : No action taken.
:mozilla.22:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.23:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.24:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.26:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.27:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@as1.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@media.fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@ehg-foxmovies.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@ehg-interlifeform.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@hitbox[4].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.77:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@pro-market[2].txt -> TrackingCookie.Pro-market : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@web4.realtracker[1].txt -> TrackingCookie.Realtracker : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
:mozilla.81:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.82:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.83:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.84:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@serving-sys[4].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.59:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.60:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.61:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@www.smartadserver[3].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@www.smartadserver[5].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@starware[2].txt -> TrackingCookie.Starware : No action taken.
:mozilla.47:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@tacoda[3].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.56:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@tradedoubler[4].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@tribalfusion[4].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.57:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.58:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@weborama[4].txt -> TrackingCookie.Weborama : No action taken.
:mozilla.8:C:\Documents and Settings\Da cunt\Application Data\Mozilla\Firefox\Profiles\um6piqig.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@statse.webtrendslive[4].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Da cunt\Cookies\da cunt@zedo[3].txt -> TrackingCookie.Zedo : No action taken.


::Report end

3/ "Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum. Ajoute le rapport de ewido, ainsi que le fichier word"
MA REPONSE=>

Logfile of HijackThis v1.99.1
Scan saved at 12:09:15, on 25/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\Da cunt\Bureau\EDWIDO\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Documents and Settings\Da cunt\Bureau\EDWIDO\ewido anti-spyware 4.0\ewido.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Download\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Da cunt\Bureau\EDWIDO\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Documents and Settings\Da cunt\Bureau\EDWIDO\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

Bonjour Régis, je rencontre le meme problème qu'isa càd que je suis infecté par le virus infostealer.bancos et je voulais savoir si je dois effectuer les memes manipulations pour me permettre de la supprimer de mon ordi ??
J'attend ta réponse, merci d'avance !!!

Re bonjour, merci pour ton aide, voici le bloc note :

Banker/Banload-Fix 1.0

Fix exécuté le 16/02/2007 - 21:57:06,86
mode normal

************************ Recherche les fichiers

C:\WINDOWS\system32\icpldrvx.exe Présent !!!
C:\WINDOWS\system32\service\navupdt2.exe Absent
C:\WINDOWS\system32\service\services.exe Absent
C:\WINDOWS\system32\icpldrvx.js Absent
C:\WINDOWS\rqqsnd.exe Absent
C:\WINDOWS\system32\dllvirtual.exe Absent
C:\WINDOWS\system32\dllvirtual.dll Absent
C:\WINDOWS\system32\dllvirtual.js Absent

************************ Recherche les dossiers

C:\WINDOWS\system32\service Absent




------------------------------------------------------------------------
Auteur: Regis59 Contact: http://ww25.lyonnais92.aceboard.com/
------------------------------------------------------------------------

--------------------------------------------- FIN ---------------------------------------------

Salut,

qd je démarre en mode sans echec, je ne retrouve pas le fichier Banker_BanloadFix.bat préalablement enregistré sur le bureau snif, HELP

merci beaucoup

jerem

Salut,

voici le rapport en mode sans échec :

Banker/Banload-Fix 1.0

Fix exécuté le 17/02/2007 - 18:53:45,07
mode sans échec

************************ Recherche les fichiers

C:\WINDOWS\system32\icpldrvx.exe Présent !!!
C:\WINDOWS\system32\service\navupdt2.exe Absent
C:\WINDOWS\system32\service\services.exe Absent
C:\WINDOWS\system32\icpldrvx.js Absent
C:\WINDOWS\rqqsnd.exe Absent
C:\WINDOWS\system32\dllvirtual.exe Absent
C:\WINDOWS\system32\dllvirtual.dll Absent
C:\WINDOWS\system32\dllvirtual.js Absent

************************ Recherche les dossiers

C:\WINDOWS\system32\service Absent




------------------------------------------------------------------------
Auteur: Regis59 Contact: http://ww25.lyonnais92.aceboard.com/
------------------------------------------------------------------------


Merci A+

Salut Regis59,

J'ai donc fait N et...
Banker/Banload-Fix 1.0

Fix exécuté le 19/02/2007 - 18:03:59,47
mode sans échec

************************ Recherche les fichiers

C:\WINDOWS\system32\icpldrvx.exe Absent
C:\WINDOWS\system32\service\navupdt2.exe Absent
C:\WINDOWS\system32\service\services.exe Absent
C:\WINDOWS\system32\icpldrvx.js Absent
C:\WINDOWS\rqqsnd.exe Absent
C:\WINDOWS\system32\dllvirtual.exe Absent
C:\WINDOWS\system32\dllvirtual.dll Absent
C:\WINDOWS\system32\dllvirtual.js Absent

************************ Recherche les dossiers

C:\WINDOWS\system32\service Absent

Dois-je en conclure que le virus est détruit? Plus d'alerte de Norton. Dois je conserver les fichier créé sur le bureau par Banker/Banload-Fix 1.0 (fichier, net, rapport...)?

Merci pour ton aide, c'est genial de trouver des gens comme toi sur le net!

A +