[virus] ordi redémarre sans raison Fermé

Question

Bonjour à tous,

Depuis 2 ou trois jours mon ordinateur redémarre sans raison.
J'ai donc procédé comme vous le conseillez en fesant ewido, bitdefender et hijackthis et voici les 3 rapports : 

 - ewido :
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:	21:29:33 20/10/2006

 + Scan result:	



HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\awf\LSASS.exe -> Backdoor.Hupigon.hk : Cleaned with backup (quarantined).
C:\Documents and Settings\stephane\Cookies\stephane@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.20:C:\Documents and Settings\stephane\Application Data\Mozilla\Firefox\Profiles\yoyerz9m.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\stephane\Cookies\stephane@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.16:C:\Documents and Settings\stephane\Application Data\Mozilla\Firefox\Profiles\yoyerz9m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.17:C:\Documents and Settings\stephane\Application Data\Mozilla\Firefox\Profiles\yoyerz9m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\Documents and Settings\stephane\Application Data\Mozilla\Firefox\Profiles\yoyerz9m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\stephane\Application Data\Mozilla\Firefox\Profiles\yoyerz9m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.12:C:\Documents and Settings\stephane\Application Data\Mozilla\Firefox\Profiles\yoyerz9m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.13:C:\Documents and Settings\stephane\Application Data\Mozilla\Firefox\Profiles\yoyerz9m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.14:C:\Documents and Settings\stephane\Application Data\Mozilla\Firefox\Profiles\yoyerz9m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.15:C:\Documents and Settings\stephane\Application Data\Mozilla\Firefox\Profiles\yoyerz9m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

 - bitdefender :

BitDefender Online Scanner
  
  
 
Scan report generated at: Fri, Oct 20, 2006 - 23:14:56
 
 
  
  
 
Scan path: A:\;C:\;D:\;E:\;F:\;H:\;
  
  
 
 
  
  
 
Statistics
 
Time
 01:37:05
 
Files
 244669
 
Folders
 4587
 
Boot Sectors
 4
 
Archives
 1931
 
Packed Files
 22586
 
  
  
 
Results
 
Identified Viruses 
 3
 
Infected Files 
 5
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 5
 
  
  
 
Engines Info
 
Virus Definitions
 477837
 
Engine build
 AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
 
Scan plugins
 13
 
Archive plugins
 38
 
Unpack plugins
 6
 
E-mail plugins
 6
 
System plugins
 1
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\4558bc4f.qua
 Detected with: Application.JS.ForcePopup.D
 
C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\4558bc4f.qua
 Disinfection failed
 
C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\4558bc4f.qua
 Deleted
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\Crack.exe=>(ZIP Sfx o)=>archstored:6
 Infected with: Virtool.HiddenRun.B
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\Crack.exe=>(ZIP Sfx o)=>archstored:6
 Disinfection failed
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\Crack.exe=>(ZIP Sfx o)=>archstored:6
 Deleted
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\Crack.exe=>(ZIP Sfx o)
 Update failed
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\Crack.exe=>(ZIP Sfx o)=>archstored:9
 Infected with: Backdoor.Iroffer.B
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\Crack.exe=>(ZIP Sfx o)=>archstored:9
 Disinfection failed
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\Crack.exe=>(ZIP Sfx o)=>archstored:9
 Deleted
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\Crack.exe=>(ZIP Sfx o)
 Update failed
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k.zip=>PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k/Crack.exe=>(ZIP Sfx o)=>archstored:6
 Infected with: Virtool.HiddenRun.B
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k.zip=>PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k/Crack.exe=>(ZIP Sfx o)=>archstored:6
 Disinfection failed
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k.zip=>PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k/Crack.exe=>(ZIP Sfx o)=>archstored:6
 Deleted
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k.zip=>PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k/Crack.exe=>(ZIP Sfx o)
 Update failed
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k.zip=>PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k/Crack.exe=>(ZIP Sfx o)=>archstored:9
 Infected with: Backdoor.Iroffer.B
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k.zip=>PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k/Crack.exe=>(ZIP Sfx o)=>archstored:9
 Disinfection failed
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k.zip=>PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k/Crack.exe=>(ZIP Sfx o)=>archstored:9
 Deleted
 
D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k.zip=>PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k/Crack.exe=>(ZIP Sfx o)
 Update failed
 
  
 
 - hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 23:38:27, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\edonkey2\eMule\emule.exe
C:\desinfection\ewido\ewido anti-spyware 4.0\guard.exe
C:\desinfection\ewido\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\desinfection\hijackthis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!ewido] "C:\desinfection\ewido\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\aim\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id
2&version
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\desinfection\ewido\ewido anti-spyware 4.0\guard.exe

Voilà.
Je vous remercie d'avance de l'aide que vous pourrez m'apporter 
cordialement

steftatane

d0ne · Answer

salut a toi

supprime de ton disque dur ce fichier

D:\edonkey2	elechargement\prog sims\copier\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k\PC GAME - LES SIMS 2 Glamour - no cd CRACK-RELOADED + KEYGEN [TEST OK] ed2k.zip

d0ne · Answer

passe un coup de ccleaner aussi ( dispo a gauche de la page actuelle )

ccleaner permet de virer tous les fichiers temporaires de ton pc. bref de  lui rendre une part de jeunesse

et Fais ce qui suit


A - ad-aware version 1.06
dispo a gauche de la page actuelle

démo
http://pageperso.aol.fr/balltrap34/adwseflash.zip

B - spybot version 1.4
dispo a gauche de la page actuelle
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

steftatane · Answer

Bonjour,

Je vais essayer tout ca et je vous tiens au courant merci beaucoup de votre aide

steftatane

[virus] ordi redémarre sans raison

2&version

3 réponses

Discussions similaires