Virus, trojan winantivir,
Fermé
shaymae
Messages postés
55
Statut
Membre
-
BmV Messages postés 98692 Date d'inscription Statut Modérateur Dernière intervention -
BmV Messages postés 98692 Date d'inscription Statut Modérateur Dernière intervention -
bonjour,
mon pc est infecté, je n'arrive pas à éliminer ces virus, j'ai scanné sur Bitdefender en ligne:
BitDefender Online Scanner - Real Time Virus Report
Generated at: Sun, Sep 17, 2006 - 17:44:54
--------------------------------------------------------------------------------
Scan Info
Scanned Files
246944
Infected Files
51
Virus Detected
IRC-Worm.Randon.T
1
Trojan.Downloader.Winfixer.O
10
Trojan.Irc.Flood.DV
1
DeepScan:Generic.Malware.dld!!.8AE173EA
14
Trojan.QHosts.W
1
Trojan.Dialer.FU
1
Trojan.Downloader.Small.74
1
Trojan.Flood.22016
3
Generic.Qhost.37E0608F
1
Application.HideWindow.B
1
Backdoor.Mosucker.06.1
1
Generic.Sdbot.A980B636
1
Trojan.Downloader.Adload.BK
13
Backdoor.IRC.F
1
Backdoor.Rbot.EZT
1
merci de m'aider
mon pc est infecté, je n'arrive pas à éliminer ces virus, j'ai scanné sur Bitdefender en ligne:
BitDefender Online Scanner - Real Time Virus Report
Generated at: Sun, Sep 17, 2006 - 17:44:54
--------------------------------------------------------------------------------
Scan Info
Scanned Files
246944
Infected Files
51
Virus Detected
IRC-Worm.Randon.T
1
Trojan.Downloader.Winfixer.O
10
Trojan.Irc.Flood.DV
1
DeepScan:Generic.Malware.dld!!.8AE173EA
14
Trojan.QHosts.W
1
Trojan.Dialer.FU
1
Trojan.Downloader.Small.74
1
Trojan.Flood.22016
3
Generic.Qhost.37E0608F
1
Application.HideWindow.B
1
Backdoor.Mosucker.06.1
1
Generic.Sdbot.A980B636
1
Trojan.Downloader.Adload.BK
13
Backdoor.IRC.F
1
Backdoor.Rbot.EZT
1
merci de m'aider
A voir également:
- Virus, trojan winantivir,
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Artemis virus - Forum Virus
- Trojan sms-par google ✓ - Forum Virus
- Virus informatique - Guide
3 réponses
bonjour shaymae,
télecharges et installes Ewido si tu l'as pas déjà:
http://perso.orange.fr/entraide-hijackthis/Ewido/
1°) Clic sur « update » fais les mises à jour
ensuite clic sur « scanner » => « complete scan system » => "Deleted" tout ce qu'il te trouve. sauvegarde le rapport
(Tuto pour la version 4 d’Ewido :
https://www.malekal.com/tutorial-et-guide-ewido-v4/)
2°)télécharges Hijackthis si tu ne l'as pas déjà:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
clic d sur le fichier => "exécute" =>"do a scan and save a logfile". une fois fini tu vas avoir le "rapport.txt"
3°) postes les 2 rapports générés
@++
**(montres-moi la direction et je trouverai le chemin tout seul.)**
télecharges et installes Ewido si tu l'as pas déjà:
http://perso.orange.fr/entraide-hijackthis/Ewido/
1°) Clic sur « update » fais les mises à jour
ensuite clic sur « scanner » => « complete scan system » => "Deleted" tout ce qu'il te trouve. sauvegarde le rapport
(Tuto pour la version 4 d’Ewido :
https://www.malekal.com/tutorial-et-guide-ewido-v4/)
2°)télécharges Hijackthis si tu ne l'as pas déjà:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
clic d sur le fichier => "exécute" =>"do a scan and save a logfile". une fois fini tu vas avoir le "rapport.txt"
3°) postes les 2 rapports générés
@++
**(montres-moi la direction et je trouverai le chemin tout seul.)**
bonsoir,
j'ai donc scanné avec ewido et Hijack, voici ce que ça donne:
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:34:08 17/09/2006
+ Scan result:
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001671.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001672.dll -> Adware.SearchBand : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001667.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001668.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001669.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001670.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\brome.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\Documents and Settings\nordine\Local Settings\Temp\ICD1.tmp\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\Documents and Settings\nordine\Local Settings\Temp\ICD2.tmp\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\Documents and Settings\nordine\Local Settings\Temp\ICD3.tmp\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\Documents and Settings\nordine\Local Settings\Temp\ICD5.tmp\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\Documents and Settings\nordine\Local Settings\Temporary Internet Files\Content.IE5\4PIR0D6F\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\Documents and Settings\nordine\Local Settings\Temp\_avast4_\unp20410935.tmp -> Not-A-Virus.PSWTool.Win32.Dialupass.f : Ignored.
C:\Documents and Settings\nordine\Local Settings\Temp\_avast4_\unp77637190.tmp -> Not-A-Virus.PSWTool.Win32.MailPassView.130 : Ignored.
C:\Documents and Settings\nordine\Cookies\nordine@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\nordine\Cookies\nordine@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\nordine\Cookies\nordine@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001661.EXE -> Trojan.Agent.za : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001662.EXE -> Trojan.Agent.za : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001663.exe -> Trojan.Agent.za : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001664.exe -> Trojan.Agent.za : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001665.exe -> Trojan.Agent.za : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001666.exe -> Trojan.Agent.za : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001660.exe/demo.xt -> Trojan.Irc.flood.dv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\etc\Hosts -> Trojan.Qhost.hl : Cleaned with backup (quarantined).
::Report end
==========================================
Logfile of HijackThis v1.99.1
Scan saved at 21:36:10, on 17/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd.exe
C:\Updater.exe
C:\WINDOWS\smss.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {800BAD21-D982-4C37-E6EE-BDD433FE57B9} - C:\WINDOWS\Cqkdfefk.dll (file missing)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\qomjklm.dll
O2 - BHO: (no name) - {3B27223A-305B-4B22-8262-48FB2257C551} - (no file)
O2 - BHO: (no name) - {5086C05C-25E2-4E16-B839-747A26A8B7E2} - C:\WINDOWS\System32\ljhff.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {675A4869-5D66-46C1-BE4C-6C1964A00901} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A2D2C79-0367-484F-AAAA-5265F6BF612C} - (no file)
O2 - BHO: (no name) - {84FDF4D4-481B-725E-A597-D866CAD8B91C} - C:\WINDOWS\Cqkdfefk.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A03233B8-8798-4282-8719-674B1144897E} - (no file)
O2 - BHO: (no name) - {C89E0A1D-1C71-4594-85C7-C0893F4418CF} - C:\WINDOWS\System32\byxyw.dll
O3 - Toolbar: Search - {30778372-3ED8-D3D6-C5CE-652A5B6E8C24} - C:\WINDOWS\Cqkdfefk.dll (file missing)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D11C2D3-BAA1-4C4C-962B-0B242AEF1AFC} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_f...
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/Bridge-c139.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0....
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/be/fr/importer/MypixUploader.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://qassiminou.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win...
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/cab/fr/SysWebTelecomInt.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: byxyw - C:\WINDOWS\System32\byxyw.dll
O20 - Winlogon Notify: qomjklm - C:\WINDOWS\SYSTEM32\qomjklm.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
j'ai donc scanné avec ewido et Hijack, voici ce que ça donne:
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:34:08 17/09/2006
+ Scan result:
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001671.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001672.dll -> Adware.SearchBand : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001667.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001668.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001669.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001670.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\brome.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\Documents and Settings\nordine\Local Settings\Temp\ICD1.tmp\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\Documents and Settings\nordine\Local Settings\Temp\ICD2.tmp\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\Documents and Settings\nordine\Local Settings\Temp\ICD3.tmp\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\Documents and Settings\nordine\Local Settings\Temp\ICD5.tmp\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\Documents and Settings\nordine\Local Settings\Temporary Internet Files\Content.IE5\4PIR0D6F\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\Documents and Settings\nordine\Local Settings\Temp\_avast4_\unp20410935.tmp -> Not-A-Virus.PSWTool.Win32.Dialupass.f : Ignored.
C:\Documents and Settings\nordine\Local Settings\Temp\_avast4_\unp77637190.tmp -> Not-A-Virus.PSWTool.Win32.MailPassView.130 : Ignored.
C:\Documents and Settings\nordine\Cookies\nordine@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\nordine\Cookies\nordine@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\nordine\Cookies\nordine@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001661.EXE -> Trojan.Agent.za : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001662.EXE -> Trojan.Agent.za : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001663.exe -> Trojan.Agent.za : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001664.exe -> Trojan.Agent.za : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001665.exe -> Trojan.Agent.za : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001666.exe -> Trojan.Agent.za : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C99399C-5A75-4FB7-A4FE-D779B9C6E8B2}\RP7\A0001660.exe/demo.xt -> Trojan.Irc.flood.dv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\etc\Hosts -> Trojan.Qhost.hl : Cleaned with backup (quarantined).
::Report end
==========================================
Logfile of HijackThis v1.99.1
Scan saved at 21:36:10, on 17/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd.exe
C:\Updater.exe
C:\WINDOWS\smss.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {800BAD21-D982-4C37-E6EE-BDD433FE57B9} - C:\WINDOWS\Cqkdfefk.dll (file missing)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\qomjklm.dll
O2 - BHO: (no name) - {3B27223A-305B-4B22-8262-48FB2257C551} - (no file)
O2 - BHO: (no name) - {5086C05C-25E2-4E16-B839-747A26A8B7E2} - C:\WINDOWS\System32\ljhff.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {675A4869-5D66-46C1-BE4C-6C1964A00901} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A2D2C79-0367-484F-AAAA-5265F6BF612C} - (no file)
O2 - BHO: (no name) - {84FDF4D4-481B-725E-A597-D866CAD8B91C} - C:\WINDOWS\Cqkdfefk.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A03233B8-8798-4282-8719-674B1144897E} - (no file)
O2 - BHO: (no name) - {C89E0A1D-1C71-4594-85C7-C0893F4418CF} - C:\WINDOWS\System32\byxyw.dll
O3 - Toolbar: Search - {30778372-3ED8-D3D6-C5CE-652A5B6E8C24} - C:\WINDOWS\Cqkdfefk.dll (file missing)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D11C2D3-BAA1-4C4C-962B-0B242AEF1AFC} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_f...
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/Bridge-c139.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0....
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/be/fr/importer/MypixUploader.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://qassiminou.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win...
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/cab/fr/SysWebTelecomInt.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: byxyw - C:\WINDOWS\System32\byxyw.dll
O20 - Winlogon Notify: qomjklm - C:\WINDOWS\SYSTEM32\qomjklm.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
