Sujet Précédent Sujet Suivant

Rapport hijackthis

Fermé
KYDO - 13 oct. 2006 à 18:17
Séb08 Messages postés 16503 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 - 14 oct. 2006 à 18:05
Bonjour,

j'ai le virus win32.myzor... sur ma machine. j'ai suivi les premières étapes d'une réponse sur le forum. voic donc le rapport de hijackthis, puis de ewido et enfin de bidefender.

Merci pour votre aide


Logfile of HijackThis v1.99.1
Scan saved at 17:57:23, on 13/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\program files\verbatim store n go\verbatim store 'n' go.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Eraser\eraser.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Samuel\LOCALS~1\Temp\Rar$EX00.953\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\Minitel\Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [verbati] c:\program files\verbatim store 'n' go\verbatim.exe sys_auto_run C:\Program Files\Verbatim Store 'n' Go
O4 - HKLM\..\Run: [Verbatim Store 'n' G] c:\program files\verbatim store n go\verbatim store 'n' go.exe sys_auto_run C:\Program Files\Verbatim Store N Go
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe /nogui
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O15 - Trusted Zone: https://navypier.org/
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11731.kit.carpediem.fr/NuePamelaVideo.exe
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - https://live365.com/
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4851/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12B56BEE-735B-40BB-B1AE-1BFD845AC0AC}: NameServer = 86.64.145.141 84.103.237.141
O17 - HKLM\System\CS1\Services\Tcpip\..\{12B56BEE-735B-40BB-B1AE-1BFD845AC0AC}: NameServer = 86.64.145.141 84.103.237.141
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

----------------------------------------------------------------------

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:28:45 13/10/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : No action taken.
HKU\S-1-5-21-2787369945-1776269519-765011511-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : No action taken.
HKU\S-1-5-21-2787369945-1776269519-765011511-1006\Software\Internet Security -> Adware.IntCodec : No action taken.
C:\Documents and Settings\Samuel\Application Data\winantiviruspro2006freeinstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\Samuel\Local Settings\Temp\laf10.tmp -> Not-A-Virus.Hoax.Win32.Renos.dv : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.14:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@ad.adnet[1].txt -> TrackingCookie.Adnet : No action taken.
:mozilla.17:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.18:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.7:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.8:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
:mozilla.20:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.16:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : No action taken.
:mozilla.55:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.56:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.57:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : No action taken.
:mozilla.12:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.20:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Estat : No action taken.
:mozilla.35:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@estat[1].txt -> TrackingCookie.Estat : No action taken.
:mozilla.61:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@ehg-neuftelecom.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.58:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.44:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.45:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.46:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.63:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.64:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.65:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.30:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.47:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.31:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.9:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.51:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.52:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.53:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Samuel\Local Settings\Temp\NI.UWA6PV_0001_N91M2107\setup.exe -> Trojan.Fakealert : No action taken.


::Report end

-----------------------------------------------------------------------

BitDefender Online Scanner







Scan report generated at: Fri, Oct 13, 2006 - 16:04:53









Scan path: C:\;D:\;F:\;G:\;H:\;I:\;















Statistics

Time


02:31:59

Files


415754

Folders


4445

Boot Sectors


2

Archives


13722

Packed Files


41818







Results

Identified Viruses


3

Infected Files


7

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


6







Engines Info

Virus Definitions


476089

Engine build


AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins


13

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Program Files\I_view32.exe


Infected with: Trojan.Doly.1.5.0

C:\Program Files\I_view32.exe


Disinfection failed

C:\Program Files\I_view32.exe


Deleted

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP283\A0100492.exe


Infected with: Trojan.Doly.1.5.0

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP283\A0100492.exe


Disinfection failed

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP283\A0100492.exe


Deleted

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0107693.exe


Infected with: Trojan.Downloader.Winfixer.O

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0107693.exe


Disinfection failed

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0107693.exe


Deleted

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0108714.exe


Infected with: Trojan.Doly.1.5.0

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0108714.exe


Disinfection failed

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0108714.exe


Deleted

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119544.exe


Infected with: Trojan.Downloader.Winfixer.O

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119544.exe


Disinfection failed

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119544.exe


Deleted

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119573.exe


Infected with: Trojan.Doly.1.5.0

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119573.exe


Disinfection failed

C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119573.exe


Deleted

C:\WINDOWS\system32\dpfwu.dll


Infected with: Trojan.FakeAlert.DJ

C:\WINDOWS\system32\dpfwu.dll


Disinfection failed

C:\WINDOWS\system32\dpfwu.dll


Delete failed

4 réponses

Réponse 1 / 4
Séb08 Messages postés 16503 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 430
14 oct. 2006 à 05:13
Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique


C:\Program Files\MMediaCodec <--- à virer

Ensuite refait un scan Ewido car celui que tu as fait n'a servi à rien ...
Le no action taken que tu peux voir signifie que tu n'as rien nettoyé du tout donc relance le et "delete" (supprime) tout ce qu'il te trouve et colle le rapport.


a+
0
KYDO
14 oct. 2006 à 12:20
Merci beaucoup pour tes conseils Seb.

Je m'étais rendu compte entre-temps que je n'avais rien deleté sur ewido!

voici le nouveau rapport.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:15:11 14/10/2006

+ Scan result:



C:\Documents and Settings\Samuel\Cookies\samuel@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Samuel\Cookies\samuel@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Samuel\Cookies\samuel@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Samuel\Cookies\samuel@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.


::Report end

-------------------------------------------------------
0
Réponse 2 / 4
Séb08 Messages postés 16503 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 430
14 oct. 2006 à 14:39
Ou en sont tes probs ?

a+
0
Réponse 3 / 4
Kydo
14 oct. 2006 à 16:48
J'ai passé un coup de smitfraudfix, et maintenant tout me semble Ok.

dois je remodifier les paramètres "restauration système " ?

A+
0
Réponse 4 / 4
Séb08 Messages postés 16503 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 430
14 oct. 2006 à 18:05
Remet un log Hijack pour controle .

On créera un point de resto propre après .

a+
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Accés au cloud
Dadou1968 -
loisou17 -

3 réponses