Problème internet explorer ; virus ??
dodo1965
Messages postés
21
Statut
Membre
-
dodo1965 Messages postés 21 Statut Membre -
dodo1965 Messages postés 21 Statut Membre -
Bonjour,
Depuis trois jours internet rame et j'ai sans arret des messages me disant qu'internet explorer a rencontré un problème et doit être fermé. Voici mon rapport hijack, merci d'avance pour votre aide.
Logfile of HijackThis v1.99.1
Scan saved at 23:33:47, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\INCRED~2\bin\IMApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\daasmeri.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {99C51580-583E-46B5-A982-07FB0856BE42} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\Run: [SvcManager] mdme7.exe
O4 - HKLM\..\Run: [svcmon] C:\Program Files\PI\PIN\svcmon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [_mzu_stonedrv8] C:\WINDOWS\system32\_mzu_stonedrv8.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~2\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\system32\svshost.dll
O21 - SSODL: DCOM Server 2240 - {2C1CD3D7-86AC-4068-93BC-A02304BB2240} - C:\WINDOWS\system32\mpgeey.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
et voilà le rapport bitdefender :
BitDefender Online Scanner
Scan report generated at: Wed, Oct 25, 2006 - 20:03:09
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;
Statistics
Time
00:58:42
Files
488585
Folders
5209
Boot Sectors
3
Archives
16557
Packed Files
54780
Results
Identified Viruses
14
Infected Files
15
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
13
Engines Info
Virus Definitions
478756
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\$VAULT$.AVG\05436281.FIL
Infected with: Exploit.Win32.WMF-PFV.C
C:\$VAULT$.AVG\05436281.FIL
Disinfection failed
C:\$VAULT$.AVG\05436281.FIL
Deleted
C:\$VAULT$.AVG\05472140.FIL
Infected with: Exploit.Win32.WMF-PFV.B
C:\$VAULT$.AVG\05472140.FIL
Disinfection failed
C:\$VAULT$.AVG\05472140.FIL
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>GetAccess.class
Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>GetAccess.class
Disinfection failed
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>GetAccess.class
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip
Updated
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>Installer.class
Infected with: Trojan.Downloader.Java.Openconnection.AJ
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>Installer.class
Disinfection failed
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>Installer.class
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip
Updated
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>NewSecurityClassLoader.class
Infected with: Trojan.Exploit.Byteverify.G
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>NewSecurityClassLoader.class
Disinfection failed
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>NewSecurityClassLoader.class
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip
Updated
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>NewURLClassLoader.class
Infected with: Trojan.Java.Byteverify.Exploit.C
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>NewURLClassLoader.class
Disinfection failed
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>NewURLClassLoader.class
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip
Updated
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Matrix.class
Infected with: Java.Trojan.Downloader.OpenStream.C
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Matrix.class
Disinfection failed
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Matrix.class
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip
Updated
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Dummy.class
Infected with: Trojan.Java.Classloader.G
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Dummy.class
Disinfection failed
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Dummy.class
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip
Updated
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Parser.class
Infected with: Trojan.Java.Classloader.D
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Parser.class
Disinfection failed
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Parser.class
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip
Updated
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP329\A0049190.exe
Infected with: Generic.Malware.Sdld!!g.94908B1A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP329\A0049190.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP329\A0049190.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP329\A0049215.exe
Infected with: Generic.Malware.Sdld!!g.94908B1A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP329\A0049215.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP329\A0049215.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP330\A0050951.dll
Infected with: Generic.PWStealer.C7FFB9CA
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP330\A0050951.dll
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP330\A0050951.dll
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP330\A0050952.dll
Infected with: Trojan.PWS.Sinowal.AS
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP330\A0050952.dll
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP330\A0050952.dll
Deleted
C:\WINDOWS\system32\mpgeey.dll
Infected with: DeepScan:Generic.Malware.SMw.61F37AFE
C:\WINDOWS\system32\mpgeey.dll
Disinfection failed
C:\WINDOWS\system32\mpgeey.dll
Delete failed
C:\WINDOWS\system32\svshost.dll
Infected with: Backdoor.Peke.C
C:\WINDOWS\system32\svshost.dll
Disinfection failed
C:\WINDOWS\system32\svshost.dll
Delete failed
Depuis trois jours internet rame et j'ai sans arret des messages me disant qu'internet explorer a rencontré un problème et doit être fermé. Voici mon rapport hijack, merci d'avance pour votre aide.
Logfile of HijackThis v1.99.1
Scan saved at 23:33:47, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\INCRED~2\bin\IMApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\daasmeri.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {99C51580-583E-46B5-A982-07FB0856BE42} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\Run: [SvcManager] mdme7.exe
O4 - HKLM\..\Run: [svcmon] C:\Program Files\PI\PIN\svcmon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [_mzu_stonedrv8] C:\WINDOWS\system32\_mzu_stonedrv8.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~2\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\system32\svshost.dll
O21 - SSODL: DCOM Server 2240 - {2C1CD3D7-86AC-4068-93BC-A02304BB2240} - C:\WINDOWS\system32\mpgeey.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
et voilà le rapport bitdefender :
BitDefender Online Scanner
Scan report generated at: Wed, Oct 25, 2006 - 20:03:09
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;
Statistics
Time
00:58:42
Files
488585
Folders
5209
Boot Sectors
3
Archives
16557
Packed Files
54780
Results
Identified Viruses
14
Infected Files
15
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
13
Engines Info
Virus Definitions
478756
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\$VAULT$.AVG\05436281.FIL
Infected with: Exploit.Win32.WMF-PFV.C
C:\$VAULT$.AVG\05436281.FIL
Disinfection failed
C:\$VAULT$.AVG\05436281.FIL
Deleted
C:\$VAULT$.AVG\05472140.FIL
Infected with: Exploit.Win32.WMF-PFV.B
C:\$VAULT$.AVG\05472140.FIL
Disinfection failed
C:\$VAULT$.AVG\05472140.FIL
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>GetAccess.class
Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>GetAccess.class
Disinfection failed
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>GetAccess.class
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip
Updated
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>Installer.class
Infected with: Trojan.Downloader.Java.Openconnection.AJ
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>Installer.class
Disinfection failed
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>Installer.class
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip
Updated
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>NewSecurityClassLoader.class
Infected with: Trojan.Exploit.Byteverify.G
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>NewSecurityClassLoader.class
Disinfection failed
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>NewSecurityClassLoader.class
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip
Updated
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>NewURLClassLoader.class
Infected with: Trojan.Java.Byteverify.Exploit.C
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>NewURLClassLoader.class
Disinfection failed
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip=>NewURLClassLoader.class
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523932-66b3cbad.zip
Updated
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Matrix.class
Infected with: Java.Trojan.Downloader.OpenStream.C
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Matrix.class
Disinfection failed
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Matrix.class
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip
Updated
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Dummy.class
Infected with: Trojan.Java.Classloader.G
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Dummy.class
Disinfection failed
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Dummy.class
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip
Updated
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Parser.class
Infected with: Trojan.Java.Classloader.D
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Parser.class
Disinfection failed
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip=>Parser.class
Deleted
C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv644.jar-2fc7a86-180074c4.zip
Updated
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP329\A0049190.exe
Infected with: Generic.Malware.Sdld!!g.94908B1A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP329\A0049190.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP329\A0049190.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP329\A0049215.exe
Infected with: Generic.Malware.Sdld!!g.94908B1A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP329\A0049215.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP329\A0049215.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP330\A0050951.dll
Infected with: Generic.PWStealer.C7FFB9CA
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP330\A0050951.dll
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP330\A0050951.dll
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP330\A0050952.dll
Infected with: Trojan.PWS.Sinowal.AS
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP330\A0050952.dll
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP330\A0050952.dll
Deleted
C:\WINDOWS\system32\mpgeey.dll
Infected with: DeepScan:Generic.Malware.SMw.61F37AFE
C:\WINDOWS\system32\mpgeey.dll
Disinfection failed
C:\WINDOWS\system32\mpgeey.dll
Delete failed
C:\WINDOWS\system32\svshost.dll
Infected with: Backdoor.Peke.C
C:\WINDOWS\system32\svshost.dll
Disinfection failed
C:\WINDOWS\system32\svshost.dll
Delete failed
A voir également:
- Problème internet explorer ; virus ??
- Internet explorer - Guide
- Internet explorer 11 - Télécharger - Navigateurs
- Internet explorer 8 - Télécharger - Navigateurs
- Internet explorer 10 - Télécharger - Navigateurs
- Explorer patcher - Télécharger - Personnalisation
