Rapport hijackthis
KYDO
-
Séb08 Messages postés 18169 Date d'inscription Statut Contributeur Dernière intervention -
Séb08 Messages postés 18169 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour,
j'ai le virus win32.myzor... sur ma machine. j'ai suivi les premières étapes d'une réponse sur le forum. voic donc le rapport de hijackthis, puis de ewido et enfin de bidefender.
Merci pour votre aide
Logfile of HijackThis v1.99.1
Scan saved at 17:57:23, on 13/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\program files\verbatim store n go\verbatim store 'n' go.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Eraser\eraser.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Samuel\LOCALS~1\Temp\Rar$EX00.953\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\Minitel\Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [verbati] c:\program files\verbatim store 'n' go\verbatim.exe sys_auto_run C:\Program Files\Verbatim Store 'n' Go
O4 - HKLM\..\Run: [Verbatim Store 'n' G] c:\program files\verbatim store n go\verbatim store 'n' go.exe sys_auto_run C:\Program Files\Verbatim Store N Go
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe /nogui
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O15 - Trusted Zone: https://navypier.org/
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11731.kit.carpediem.fr/NuePamelaVideo.exe
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - https://live365.com/
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4851/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12B56BEE-735B-40BB-B1AE-1BFD845AC0AC}: NameServer = 86.64.145.141 84.103.237.141
O17 - HKLM\System\CS1\Services\Tcpip\..\{12B56BEE-735B-40BB-B1AE-1BFD845AC0AC}: NameServer = 86.64.145.141 84.103.237.141
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
----------------------------------------------------------------------
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 13:28:45 13/10/2006
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : No action taken.
HKU\S-1-5-21-2787369945-1776269519-765011511-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : No action taken.
HKU\S-1-5-21-2787369945-1776269519-765011511-1006\Software\Internet Security -> Adware.IntCodec : No action taken.
C:\Documents and Settings\Samuel\Application Data\winantiviruspro2006freeinstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\Samuel\Local Settings\Temp\laf10.tmp -> Not-A-Virus.Hoax.Win32.Renos.dv : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.14:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@ad.adnet[1].txt -> TrackingCookie.Adnet : No action taken.
:mozilla.17:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.18:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.7:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.8:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
:mozilla.20:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.16:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : No action taken.
:mozilla.55:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.56:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.57:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : No action taken.
:mozilla.12:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.20:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Estat : No action taken.
:mozilla.35:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@estat[1].txt -> TrackingCookie.Estat : No action taken.
:mozilla.61:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@ehg-neuftelecom.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.58:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.44:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.45:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.46:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.63:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.64:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.65:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.30:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.47:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.31:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.9:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.51:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.52:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.53:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Samuel\Local Settings\Temp\NI.UWA6PV_0001_N91M2107\setup.exe -> Trojan.Fakealert : No action taken.
::Report end
-----------------------------------------------------------------------
BitDefender Online Scanner
Scan report generated at: Fri, Oct 13, 2006 - 16:04:53
Scan path: C:\;D:\;F:\;G:\;H:\;I:\;
Statistics
Time
02:31:59
Files
415754
Folders
4445
Boot Sectors
2
Archives
13722
Packed Files
41818
Results
Identified Viruses
3
Infected Files
7
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
6
Engines Info
Virus Definitions
476089
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\I_view32.exe
Infected with: Trojan.Doly.1.5.0
C:\Program Files\I_view32.exe
Disinfection failed
C:\Program Files\I_view32.exe
Deleted
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP283\A0100492.exe
Infected with: Trojan.Doly.1.5.0
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP283\A0100492.exe
Disinfection failed
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP283\A0100492.exe
Deleted
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0107693.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0107693.exe
Disinfection failed
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0107693.exe
Deleted
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0108714.exe
Infected with: Trojan.Doly.1.5.0
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0108714.exe
Disinfection failed
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0108714.exe
Deleted
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119544.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119544.exe
Disinfection failed
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119544.exe
Deleted
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119573.exe
Infected with: Trojan.Doly.1.5.0
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119573.exe
Disinfection failed
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119573.exe
Deleted
C:\WINDOWS\system32\dpfwu.dll
Infected with: Trojan.FakeAlert.DJ
C:\WINDOWS\system32\dpfwu.dll
Disinfection failed
C:\WINDOWS\system32\dpfwu.dll
Delete failed
j'ai le virus win32.myzor... sur ma machine. j'ai suivi les premières étapes d'une réponse sur le forum. voic donc le rapport de hijackthis, puis de ewido et enfin de bidefender.
Merci pour votre aide
Logfile of HijackThis v1.99.1
Scan saved at 17:57:23, on 13/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\program files\verbatim store n go\verbatim store 'n' go.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Eraser\eraser.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Samuel\LOCALS~1\Temp\Rar$EX00.953\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\Minitel\Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [verbati] c:\program files\verbatim store 'n' go\verbatim.exe sys_auto_run C:\Program Files\Verbatim Store 'n' Go
O4 - HKLM\..\Run: [Verbatim Store 'n' G] c:\program files\verbatim store n go\verbatim store 'n' go.exe sys_auto_run C:\Program Files\Verbatim Store N Go
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe /nogui
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O15 - Trusted Zone: https://navypier.org/
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11731.kit.carpediem.fr/NuePamelaVideo.exe
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - https://live365.com/
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4851/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12B56BEE-735B-40BB-B1AE-1BFD845AC0AC}: NameServer = 86.64.145.141 84.103.237.141
O17 - HKLM\System\CS1\Services\Tcpip\..\{12B56BEE-735B-40BB-B1AE-1BFD845AC0AC}: NameServer = 86.64.145.141 84.103.237.141
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
----------------------------------------------------------------------
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 13:28:45 13/10/2006
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : No action taken.
HKU\S-1-5-21-2787369945-1776269519-765011511-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : No action taken.
HKU\S-1-5-21-2787369945-1776269519-765011511-1006\Software\Internet Security -> Adware.IntCodec : No action taken.
C:\Documents and Settings\Samuel\Application Data\winantiviruspro2006freeinstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\Samuel\Local Settings\Temp\laf10.tmp -> Not-A-Virus.Hoax.Win32.Renos.dv : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.14:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@ad.adnet[1].txt -> TrackingCookie.Adnet : No action taken.
:mozilla.17:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.18:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.7:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.8:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
:mozilla.20:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.16:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : No action taken.
:mozilla.55:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.56:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.57:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : No action taken.
:mozilla.12:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.20:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Estat : No action taken.
:mozilla.35:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@estat[1].txt -> TrackingCookie.Estat : No action taken.
:mozilla.61:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@ehg-neuftelecom.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.58:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.44:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.45:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.46:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.63:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.64:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.65:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.30:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.47:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.31:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.9:C:\Documents and Settings\Roxana\Application Data\Mozilla\Firefox\Profiles\p07ha9lh.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Roxana\Cookies\roxana@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.51:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.52:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.53:C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\83qgltf0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Samuel\Local Settings\Temp\NI.UWA6PV_0001_N91M2107\setup.exe -> Trojan.Fakealert : No action taken.
::Report end
-----------------------------------------------------------------------
BitDefender Online Scanner
Scan report generated at: Fri, Oct 13, 2006 - 16:04:53
Scan path: C:\;D:\;F:\;G:\;H:\;I:\;
Statistics
Time
02:31:59
Files
415754
Folders
4445
Boot Sectors
2
Archives
13722
Packed Files
41818
Results
Identified Viruses
3
Infected Files
7
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
6
Engines Info
Virus Definitions
476089
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\I_view32.exe
Infected with: Trojan.Doly.1.5.0
C:\Program Files\I_view32.exe
Disinfection failed
C:\Program Files\I_view32.exe
Deleted
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP283\A0100492.exe
Infected with: Trojan.Doly.1.5.0
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP283\A0100492.exe
Disinfection failed
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP283\A0100492.exe
Deleted
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0107693.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0107693.exe
Disinfection failed
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0107693.exe
Deleted
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0108714.exe
Infected with: Trojan.Doly.1.5.0
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0108714.exe
Disinfection failed
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP285\A0108714.exe
Deleted
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119544.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119544.exe
Disinfection failed
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119544.exe
Deleted
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119573.exe
Infected with: Trojan.Doly.1.5.0
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119573.exe
Disinfection failed
C:\System Volume Information\_restore{3AC77A30-6F92-4DCE-8913-5DE82600FE90}\RP294\A0119573.exe
Deleted
C:\WINDOWS\system32\dpfwu.dll
Infected with: Trojan.FakeAlert.DJ
C:\WINDOWS\system32\dpfwu.dll
Disinfection failed
C:\WINDOWS\system32\dpfwu.dll
Delete failed
A voir également:
- Rapport hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Rapport de crash windows - Guide
- Impression rapport de stage ✓ - Forum Word
- Modifier rapport d'échelle pdf xchange viewer ✓ - Forum PDF
4 réponses
Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique
C:\Program Files\MMediaCodec <--- à virer
Ensuite refait un scan Ewido car celui que tu as fait n'a servi à rien ...
Le no action taken que tu peux voir signifie que tu n'as rien nettoyé du tout donc relance le et "delete" (supprime) tout ce qu'il te trouve et colle le rapport.
a+
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique
C:\Program Files\MMediaCodec <--- à virer
Ensuite refait un scan Ewido car celui que tu as fait n'a servi à rien ...
Le no action taken que tu peux voir signifie que tu n'as rien nettoyé du tout donc relance le et "delete" (supprime) tout ce qu'il te trouve et colle le rapport.
a+
Je m'étais rendu compte entre-temps que je n'avais rien deleté sur ewido!
voici le nouveau rapport.
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:15:11 14/10/2006
+ Scan result:
C:\Documents and Settings\Samuel\Cookies\samuel@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Samuel\Cookies\samuel@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Samuel\Cookies\samuel@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Samuel\Cookies\samuel@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
::Report end
-------------------------------------------------------