[virus] résultats google redirigés

Résolu

Pascal -
yoyo - 23 avril 2010 à 17:00

Bonjour,

Je pense que mon ordinateur est infecté par un virus. J'utilise Internet Explorer et lorsque je fais une recherche Google, quand je clique sur un des résultats, je suis souvent redirigé vers des pages que je n'ai pas sollicitées comme par exemple http://www-search.net, http://weddingcamerasplace.com/, etc.

J'ai suivi les recommandations de Yoan et voici les rapports de mes scans:

Ewido:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:17:56 24/10/2006

+ Scan result:

C:\Program Files\HQvideo -> Adware.HQvideo : No action taken.
C:\Program Files\HQvideo\Uninstall.exe -> Adware.HQvideo : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0000027.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0000060.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0001060.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0001076.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0002076.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0003076.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003094.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003112.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003128.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003215.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP4\A0003257.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP4\A0003273.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP5\A0003291.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP6\A0003308.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP6\A0003326.exe -> Downloader.Agent.uj : No action taken.
[1088] VM_00B80000 -> Downloader.Agent.uj : No action taken.
[1592] VM_009E0000 -> Downloader.Agent.uj : No action taken.
[1692] VM_003C0000 -> Downloader.Agent.uj : No action taken.
[1892] VM_00A80000 -> Downloader.Agent.uj : No action taken.
[2100] VM_009D0000 -> Downloader.Agent.uj : No action taken.
[2124] VM_003B0000 -> Downloader.Agent.uj : No action taken.
[2156] VM_01F20000 -> Downloader.Agent.uj : No action taken.
[2212] VM_00990000 -> Downloader.Agent.uj : No action taken.
[224] VM_00A80000 -> Downloader.Agent.uj : No action taken.
[2344] VM_00DF0000 -> Downloader.Agent.uj : No action taken.
[2400] VM_01250000 -> Downloader.Agent.uj : No action taken.
[2536] VM_009B0000 -> Downloader.Agent.uj : No action taken.
[2556] VM_009F0000 -> Downloader.Agent.uj : No action taken.
[2580] VM_00AF0000 -> Downloader.Agent.uj : No action taken.
[2600] VM_00380000 -> Downloader.Agent.uj : No action taken.
[2928] VM_00980000 -> Downloader.Agent.uj : No action taken.
[2936] VM_009F0000 -> Downloader.Agent.uj : No action taken.
[3252] VM_00870000 -> Downloader.Agent.uj : No action taken.
[3432] VM_003F0000 -> Downloader.Agent.uj : No action taken.
[3508] VM_008A0000 -> Downloader.Agent.uj : No action taken.
[3552] VM_00990000 -> Downloader.Agent.uj : No action taken.
[3600] VM_00990000 -> Downloader.Agent.uj : No action taken.
[3608] VM_00980000 -> Downloader.Agent.uj : No action taken.
[3708] VM_00A20000 -> Downloader.Agent.uj : No action taken.
[3724] VM_003A0000 -> Downloader.Agent.uj : No action taken.
[3740] VM_00990000 -> Downloader.Agent.uj : No action taken.
[3828] VM_00A10000 -> Downloader.Agent.uj : No action taken.
[4076] VM_00A40000 -> Downloader.Agent.uj : No action taken.
[844] VM_034E0000 -> Downloader.Agent.uj : No action taken.
[872] VM_00A30000 -> Downloader.Agent.uj : No action taken.
[984] VM_00380000 -> Downloader.Agent.uj : No action taken.
C:\Documents and Settings\Demelenne Pascal\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-301c72d2-34b5425d.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
C:\Documents and Settings\Demelenne Pascal\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-4e340213-49e15260.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
C:\Documents and Settings\Demelenne Pascal\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-4e340213-74096285.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
:mozilla.62:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.63:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.64:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.65:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.66:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.291:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.535:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.36:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.37:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.38:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
:mozilla.102:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.53:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.114:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.115:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.139:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.140:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.368:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.369:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@com[2].txt -> TrackingCookie.Com : No action taken.
:mozilla.78:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.79:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.80:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : No action taken.
:mozilla.22:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\2zl4uzoa.Utilisateur par défaut\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.43:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.106:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@estat[1].txt -> TrackingCookie.Estat : No action taken.
:mozilla.56:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.57:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.58:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.59:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.60:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@as-eu.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
:mozilla.144:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.14:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.15:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.232:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.31:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.32:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.516:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.74:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.93:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.22:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@data3.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.11:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.181:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.211:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.231:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.234:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.275:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.276:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.277:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.278:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.329:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.462:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.497:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.512:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.520:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.532:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.578:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.70:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.71:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.142:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.154:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.155:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.156:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.116:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.117:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.118:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.480:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.481:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.113:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.165:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
:mozilla.474:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.540:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.541:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.542:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.543:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.6:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0000036.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0001069.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0003088.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003104.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003122.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003135.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003222.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP4\A0003237.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP4\A0003264.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP4\A0003279.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP5\A0003297.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP6\A0003315.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP6\A0003332.exe -> Trojan.Small.fb : No action taken.

::Report end

BitDefender:

BitDefender Online Scanner

Scan report generated at: Tue, Oct 24, 2006 - 11:42:37

Scan path: C:\;D:\;E:\;

Statistics

Time
01:20:42

Files
404370

Folders
6470

Boot Sectors
4

Archives
7428

Packed Files
42686

Results

Identified Viruses
9

Infected Files
38

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
68

Engines Info

Virus Definitions
478438

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>GetAccess.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>GetAccess.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>GetAccess.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>InsecureClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>InsecureClassLoader.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>InsecureClassLoader.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>Dummy.class
Infected with: Trojan.Java.Classloader.Dummy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>Dummy.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>Dummy.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>Installer.class
Infected with: Java.Trojan.OpenConnection.F

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>Installer.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>Installer.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>GetAccess.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>GetAccess.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>GetAccess.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>InsecureClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>InsecureClassLoader.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>InsecureClassLoader.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>Dummy.class
Infected with: Trojan.Java.Classloader.Dummy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>Dummy.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>Dummy.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>Installer.class
Infected with: Java.Trojan.OpenConnection.F

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>Installer.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>Installer.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAD0335.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAD0335.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAD0335.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B72316F.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B72316F.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B72316F.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DCD2E66.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DCD2E66.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DCD2E66.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\697367F4.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.B

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\697367F4.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\697367F4.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AE77E5B.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AE77E5B.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AE77E5B.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48081419.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48081419.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48081419.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0509017D.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0509017D.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0509017D.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB12D31.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.B

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB12D31.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB12D31.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\324B4B82.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\324B4B82.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\324B4B82.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A1A26CC.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A1A26CC.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A1A26CC.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61B46EB6.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61B46EB6.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61B46EB6.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C702B31.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.B

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C702B31.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C702B31.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22D101AE.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22D101AE.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22D101AE.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22D42BAB.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22D42BAB.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22D42BAB.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A336325.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A336325.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A336325.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9C0581.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.B

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9C0581.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9C0581.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE31A5D.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE31A5D.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE31A5D.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE64459.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE64459.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE64459.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45574E8B.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45574E8B.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45574E8B.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DD700EA.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.B

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DD700EA.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DD700EA.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57FE5F5C.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57FE5F5C.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57FE5F5C.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B7038DD.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B7038DD.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B7038DD.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\130636EF.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\130636EF.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\130636EF.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36F82AC2.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.B

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36F82AC2.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36F82AC2.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\794059A0.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.IstBar.ER

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\794059A0.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\794059A0.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C76587C.tmp=>(Quarantine-2)
Infected with: Generic.Malware.dld!!g.FB6619D2

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C76587C.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C76587C.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163878C8.tmp=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.ASY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163878C8.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163878C8.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C790279.tmp=>(Quarantine-2)
Infected with: Generic.Malware.dld!!g.FB6619D2

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C790279.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C790279.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\136366DD.js=>(Quarantine-2)
Infected with: Trojan.Movidl.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\136366DD.js=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\136366DD.js=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\455E7BDD.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.IstBar.ER

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\455E7BDD.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\455E7BDD.exe=>(Quarantine-2)
Deleted

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 22:22:58, on 26/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MLK\mouse_2k.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Demelenne Pascal\Bureau\hijackthis_hijackthis_1.99.1_anglais_17891.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/sourcesdoc/indexFR.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\MLK\mouse_2k.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{2771795A-F326-488D-9F9D-7DB1888AF5F1}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C8CB9A8-32B1-41C4-B346-24941EF3A71B}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{A66B4545-16F9-46BA-ADB9-D86FFE784ECB}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0DD3738-2081-45A2-BDC3-852CE80F8CAF}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{C288B38C-1152-48F0-8E68-59B086F29117}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4033967-DE39-4C66-B4DF-E0D94569F748}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA5E3EFF-595A-4C52-B25F-AD1DE82EC949}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC349F21-1077-44B8-BF87-06F9448EC62E}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Afficher la suite

A voir également:

[virus] résultats google redirigés
Google maps satellite - Guide
Dns google - Guide
Google maps - Guide
Google photo - Télécharger - Albums photo
Créer un compte google - Guide

15 réponses

Réponse 1 / 15

Hirua

j'ai exactement le même problème mais il m'est impossible de téléchager fixwareout je tombe sur une erreur 404 quelqu'un pourrait me dire ou je pourrai le récupérer

yoyo

prend malwarbytes anti malware la derniere version j ai eu le meme probleme et il a supprimer depuis aucun probleme normalement ses pas un antivirus mes il suppme serta
in

Réponse 2 / 15

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Crée ton propre poste

A+

Réponse 3 / 15

d0ne Messages postés 1002 Date d'inscription Statut Membre Dernière intervention 73

salut a toi

bon alors refais ton scan ewido et cette fois ci quand le scan est fini supprime les fichiers trouvés. car la tu n'a rien fias --> "no action taken " --> pas d'action faite.

je te conseille de lacher norton antivirus pour avast qui est gratuit et beaucoup plus performant.

vire norton avec ceci ( progrmamme créé par symantec , société fondatrice de norton )

ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SymNRT.exe

avast est dispo a gauche de la page actuelle

Pascal

Merci infiniment done,

En fait je crois que je viens juste de m'en débarasser en refaisant un scan adaware avec les dernières updates.

Merci pour le tuyau ewido, ça m'avait échappé.

Je m'occupe aussi de Norton, qui ralentit à fond mon système, surtout à l'ouverture.

Merci encore!

Pascal

Pascal

Bon ben apparemment le problème est revenu. J'ai refait un scan Ewido mais il y a un trojan sur les deux détectés qu'il n'a pas pu supprimer, peut-être parce que d'autres applications étaient actives en même temps?

Voici le rapport:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:40:25 29/10/2006

+ Scan result:

C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP10\A0003975.exe -> Downloader.Agent.uj : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP10\A0003997.exe -> Downloader.Agent.uj : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP7\A0003368.exe -> Downloader.Agent.uj : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003393.exe -> Downloader.Agent.uj : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003413.exe -> Downloader.Agent.uj : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003429.exe -> Downloader.Agent.uj : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003445.exe -> Downloader.Agent.uj : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003468.exe -> Downloader.Agent.uj : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003489.exe -> Downloader.Agent.uj : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP9\A0003524.exe -> Downloader.Agent.uj : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP9\A0003959.exe -> Downloader.Agent.uj : Cleaned.
[1148] VM_00870000 -> Downloader.Agent.uj : Error during cleaning.
[1516] VM_00C40000 -> Downloader.Agent.uj : Error during cleaning.
[1716] VM_00AF0000 -> Downloader.Agent.uj : Error during cleaning.
[1792] VM_00980000 -> Downloader.Agent.uj : Error during cleaning.
[1992] VM_009B0000 -> Downloader.Agent.uj : Error during cleaning.
[2208] VM_003F0000 -> Downloader.Agent.uj : Error during cleaning.
[2460] VM_00990000 -> Downloader.Agent.uj : Error during cleaning.
[2560] VM_00990000 -> Downloader.Agent.uj : Error during cleaning.
[2616] VM_009F0000 -> Downloader.Agent.uj : Error during cleaning.
[2680] VM_00380000 -> Downloader.Agent.uj : Error during cleaning.
[2864] VM_00A20000 -> Downloader.Agent.uj : Error during cleaning.
[2948] VM_00990000 -> Downloader.Agent.uj : Error during cleaning.
[2952] VM_003A0000 -> Downloader.Agent.uj : Error during cleaning.
[3028] VM_00A40000 -> Downloader.Agent.uj : Error during cleaning.
[3096] VM_00A80000 -> Downloader.Agent.uj : Error during cleaning.
[3240] VM_00B80000 -> Downloader.Agent.uj : Error during cleaning.
[3248] VM_009E0000 -> Downloader.Agent.uj : Error during cleaning.
[3312] VM_00A80000 -> Downloader.Agent.uj : Error during cleaning.
[3416] VM_009D0000 -> Downloader.Agent.uj : Error during cleaning.
[3428] VM_00340000 -> Downloader.Agent.uj : Error during cleaning.
[3448] VM_003B0000 -> Downloader.Agent.uj : Error during cleaning.
[3460] VM_009C0000 -> Downloader.Agent.uj : Error during cleaning.
[3464] VM_00380000 -> Downloader.Agent.uj : Error during cleaning.
[3532] VM_00980000 -> Downloader.Agent.uj : Error during cleaning.
[3592] VM_01F20000 -> Downloader.Agent.uj : Error during cleaning.
[3756] VM_00A00000 -> Downloader.Agent.uj : Error during cleaning.
[3760] VM_00990000 -> Downloader.Agent.uj : Error during cleaning.
[3840] VM_00DF0000 -> Downloader.Agent.uj : Error during cleaning.
[3876] VM_009B0000 -> Downloader.Agent.uj : Error during cleaning.
[604] VM_009F0000 -> Downloader.Agent.uj : Error during cleaning.
[904] VM_034E0000 -> Downloader.Agent.uj : Error during cleaning.
[932] VM_00C10000 -> Downloader.Agent.uj : Error during cleaning.
C:\Documents and Settings\Demelenne Pascal\Cookies\demelenne pascal@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Demelenne Pascal\Cookies\demelenne pascal@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Karine\Cookies\karine@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Demelenne Pascal\Cookies\demelenne pascal@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Demelenne Pascal\Cookies\demelenne pascal@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP10\A0003969.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP10\A0003982.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP10\A0004005.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP7\A0003376.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003402.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003419.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003435.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003452.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003474.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003499.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP9\A0003534.exe -> Trojan.Small.fb : Cleaned.

::Report end

Voici aussi un rapport hjt effectué après:

Logfile of HijackThis v1.99.1
Scan saved at 22:47:04, on 29/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MLK\mouse_2k.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Demelenne Pascal\Bureau\hijackthis_hijackthis_1.99.1_anglais_17891.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/sourcesdoc/indexFR.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\MLK\mouse_2k.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{2771795A-F326-488D-9F9D-7DB1888AF5F1}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C8CB9A8-32B1-41C4-B346-24941EF3A71B}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{A66B4545-16F9-46BA-ADB9-D86FFE784ECB}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0DD3738-2081-45A2-BDC3-852CE80F8CAF}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{C288B38C-1152-48F0-8E68-59B086F29117}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4033967-DE39-4C66-B4DF-E0D94569F748}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA5E3EFF-595A-4C52-B25F-AD1DE82EC949}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC349F21-1077-44B8-BF87-06F9448EC62E}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Si tu pouvais y jeter un coup d'oeil, peut-être pourrais-tu me guider pour la suite...

Bonnesemaine et à bientôt

Séb08 Messages postés 16503 Date d'inscription Statut Contributeur Dernière intervention 1 430

Mauvaise manip ...

Voir + bas

;-)

Réponse 4 / 15

Chris

Pardon, j'utilise windows XP pas NT, le clavier a fourché.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 15

Chris

Bon, c'est réglé.

Merci Fixwareout.

Réponse 6 / 15

d0ne Messages postés 1002 Date d'inscription Statut Membre Dernière intervention 73

va dans norton et supprime tout ce qui se trouve dans quarantaine. fais attention de pas restaurer les elements dans ton systeme.

Pascal

Tiens, c'est étrange, j'ai déjà posté une réponse mais elle n'apparaît nulle part.

Tant pis, je reprends.

J'ai suivi tes instructions concernant la restauration mais ewido n'a quand même pas pu supprimer le malware détecté.

En ce qui concerne Norton, j'ai tout effacé grâce au lien que tu l'avais conseillé dans ta première réponse.

Le virus est toujours là et je suis un peu désespéré...

Si tu as d'autres pistes, je suis preneur!

Merci et à bientôt

Réponse 7 / 15

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Salut

Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

A+

Pascal

Merci pour ton aide précieuse!

Voici le rapport 1

SmitFraudFix v2.117

Rapport fait à 12:36:19,21, jeu. 02/11/2006
Executé à partir de C:\Documents and Settings\Demelenne Pascal\Bureau\Smitfraudfix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Demelenne Pascal

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Demelenne Pascal\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DEMELE~1\FAVORIS

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://photos1.blogger.com/blogger/2746/2197/1600/IMG_7199.jpg"
"SubscribedURL"="http://photos1.blogger.com/blogger/2746/2197/1600/IMG_7199.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://photos1.blogger.com/blogger/2746/2197/1600/IMG_7371.0.jpg"
"SubscribedURL"="http://photos1.blogger.com/blogger/2746/2197/1600/IMG_7371.0.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Pascal > Pascal

Voici le rapport 2

SmitFraudFix v2.117

Rapport fait à 12:50:34,11, jeu. 02/11/2006
Executé à partir de C:\Documents and Settings\Demelenne Pascal\Bureau\Smitfraudfix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Séb08 Messages postés 16503 Date d'inscription Statut Contributeur Dernière intervention 1 430 > Pascal

slt,

Redémarre en mode normal

Télécharge le FixWareout sur le bureau:
https://www.bleepingcomputer.com/download/linux/

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:

O17 - HKLM\System\CCS\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{2771795A-F326-488D-9F9D-7DB1888AF5F1}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C8CB9A8-32B1-41C4-B346-24941EF3A71B}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{A66B4545-16F9-46BA-ADB9-D86FFE784ECB}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0DD3738-2081-45A2-BDC3-852CE80F8CAF}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{C288B38C-1152-48F0-8E68-59B086F29117}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4033967-DE39-4C66-B4DF-E0D94569F748}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA5E3EFF-595A-4C52-B25F-AD1DE82EC949}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC349F21-1077-44B8-BF87-06F9448EC62E}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130

Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.

a+

Pascal > Séb08 Messages postés 16503 Date d'inscription Statut Contributeur Dernière intervention

Excellent, on dirait qu'on avance!

Voici le rapport fixwareout:

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A77FD052A62D-848B-BEA4-5C01-E4E1F057{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}70D9C3052B7D-C32A-64E4-DD45-427AFA12{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\alwmd
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmwla.exe"=-
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSEIL.EXE 51.754 2006-10-12
C:\WINDOWS\SYSTEM32\DMWLA.EXE 60.998 2004-08-20

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

et le dernier hjt

Logfile of HijackThis v1.99.1
Scan saved at 13:29:55, on 2/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MLK\mouse_2k.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Documents and Settings\Demelenne Pascal\Bureau\hijackthis_hijackthis_1.99.1_anglais_17891.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\MLK\mouse_2k.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Tu crois que c'est bon?

Merci 1000x

Réponse 8 / 15

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

salut

Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :

C:\WINDOWS\SYSTEM32\CSEIL.EXE

et

C:\WINDOWS\SYSTEM32\DMWLA.EXE

Clik send et colle les rapports stp

A+

pascal

Comment faire pour exporter le rapport de Virustotal? Je ne vois pas...

Pascal

Voilà le premier

VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.

Select file : DistributeSSL

Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
News Hot news in the virus/antivirus sector.
Estadisticas Statistics of VirusTotal procesing.
Virustotal More info about Virustotal.

STATUS: FINISHEDComplete scanning result of "cseil.exe", received in VirusTotal at 11.02.2006, 15:43:48 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.37 11.02.2006 no virus found
Authentium 4.93.8 11.02.2006 could be a corrupted executable file
Avast 4.7.892.0 11.02.2006 no virus found
AVG 386 11.02.2006 no virus found
BitDefender 7.2 11.01.2006 MemScan:Trojan.Downloader.Mohbpork.A
CAT-QuickHeal 8.00 11.02.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.02.2006 no virus found
DrWeb 4.33 11.02.2006 Trojan.DnsChange
eTrust-InoculateIT 23.73.43 11.02.2006 no virus found
eTrust-Vet 30.3.3174 11.02.2006 Win32/Alureon!generic
Ewido 4.0 11.02.2006 Downloader.Agent.uj
Fortinet 2.82.0.0 11.02.2006 suspicious
F-Prot 3.16f 11.01.2006 no virus found
F-Prot4 4.2.1.29 11.02.2006 W32/new-malware!Maximus
Ikarus 0.2.65.0 11.02.2006 no virus found
Kaspersky 4.0.2.24 11.02.2006 no virus found
McAfee 4886 11.01.2006 Spy-Agent.bc
Microsoft 1.1609 11.02.2006 no virus found
NOD32v2 1.1849 11.02.2006 a variant of Win32/Small.FB
Norman 5.80.02 11.02.2006 no virus found
Panda 9.0.0.4 11.02.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.111 11.02.2006 no virus found
UNA 1.83 11.01.2006 no virus found
VBA32 3.11.1 11.01.2006 suspected of Trojan-Downloader.Agent.32
VirusBuster 4.3.15:9 11.02.2006 no virus found

Aditional Information
File size: 51754 bytes
MD5: b625f3c19d3fcc89a0a39b30c43d12bc
SHA1: 093f8fa0ed903930cd15696cde1ef74875239c80
packers: PECRYPT

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Ir a: Inicio Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com

Et le second

VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.

Select file : DistributeSSL

Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
News Hot news in the virus/antivirus sector.
Estadisticas Statistics of VirusTotal procesing.
Virustotal More info about Virustotal.

STATUS: FINISHEDComplete scanning result of "dmwla.exe", received in VirusTotal at 11.02.2006, 15:47:10 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.37 11.02.2006 no virus found
Authentium 4.93.8 11.02.2006 could be a corrupted executable file
Avast 4.7.892.0 11.02.2006 no virus found
AVG 386 11.02.2006 no virus found
BitDefender 7.2 11.01.2006 MemScan:Trojan.Downloader.Mohbpork.B
CAT-QuickHeal 8.00 11.02.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.02.2006 no virus found
DrWeb 4.33 11.02.2006 Trojan.DnsChange
eTrust-InoculateIT 23.73.43 11.02.2006 no virus found
eTrust-Vet 30.3.3174 11.02.2006 Win32/Alureon!generic
Ewido 4.0 11.02.2006 Trojan.Small.fb
Fortinet 2.82.0.0 11.02.2006 suspicious
F-Prot 3.16f 11.01.2006 Possibly a new variant of W32/new-malware!Maximus
F-Prot4 4.2.1.29 11.02.2006 W32/new-malware!Maximus
Ikarus 0.2.65.0 11.02.2006 no virus found
Kaspersky 4.0.2.24 11.02.2006 no virus found
McAfee 4886 11.01.2006 no virus found
Microsoft 1.1609 11.02.2006 no virus found
NOD32v2 1.1849 11.02.2006 a variant of Win32/Small.FB
Norman 5.80.02 11.02.2006 no virus found
Panda 9.0.0.4 11.02.2006 Trj/Ruins.DP
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.111 11.02.2006 no virus found
UNA 1.83 11.01.2006 no virus found
VBA32 3.11.1 11.01.2006 suspected of Malware.Agent.11
VirusBuster 4.3.15:9 11.02.2006 no virus found

Aditional Information
File size: 60998 bytes
MD5: 2b8f7b95024f91bb0d4cc81ad3afe21a
SHA1: 0bdc6aeef3a677d0dafc9c0bce7c7ee36a24f42b
packers: PECRYPT

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Ir a: Inicio Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com

Merci!

Réponse 9 / 15

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Ah super, je me disais que tu nous avais oublié !

Merci du compliment et bravo a seb

Bon dimanche

Réponse 10 / 15

Chris

Bonjour,

j'ai le même problème depuis 2 jours.

Mais les fichiers indiqués à rechercher n'existent pas sur mon pc (Windows NT).

De plus, Avast ne reconnait pas de virus ou de trojan et Spybot a soit disant corrigé les problèmes rencontrés, mais ils perdurent !...

Avez-vous une solution ?

Réponse 11 / 15

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Salut

Tu selectionnes tout et tu fais copier coller ici

a+

Réponse 12 / 15

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Re,

Supprime les maintenant, ils sont infectés:

C:\WINDOWS\SYSTEM32\CSEIL.EXE
C:\WINDOWS\SYSTEM32\DMWLA.EXE

A+

pascal

je les supprime manuellement en passant par l'explorateur et je vide la corbeille?

Réponse 13 / 15

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Re,

Oui, tu passes par :
demarer < poste de travail < c < windows < systeme32 et tu les supprimes puis tu vides la corbeille.
Si tu rencontre des soucis, dis le, on fera autrement.

A+

Pascal

Oups... j'ai oublié de vous donner de mes nouvelles. Tous mes problèmes sont résolus. Je tiens à remercier vivement tous les helpers, c'est vraiment du travail de pro!

Bonne continuation

Réponse 14 / 15

Séb08 Messages postés 16503 Date d'inscription Statut Contributeur Dernière intervention 1 430

de rien content pour toi :-)

Bon surf.

Réponse 15 / 15

d0ne Messages postés 1002 Date d'inscription Statut Membre Dernière intervention 73

desactive et reactive ta restauration systeme

fais comme suit

appuie sur les touches suivantes ( en meme temps )

la touche windows ( a coté de ALT ) + sur PAUSE ( au dessus des fleches si tu as un ordi de bureau ( pour un pc portable cherche sur ton clavier lol )

normalement une fenetre s'ouvre et la tu clique sur l'onglet restauration systeme. tu coche desactiver la resaturation systeme puis tu recoche ( lorsque tu va decocher il se peut que tu es l'impression que sa ne reponde plus mais attend un peu et sa redeviendra normal; car le systeme supprime les points de restauration )

ensuite refais un scan ewido pour voir s'il te retrouve tes trojans et vire ce qu'il trouve

Votre réponse