[virus] résultats google redirigés

Résolu
Pascal -  
 yoyo -
Bonjour,

Je pense que mon ordinateur est infecté par un virus. J'utilise Internet Explorer et lorsque je fais une recherche Google, quand je clique sur un des résultats, je suis souvent redirigé vers des pages que je n'ai pas sollicitées comme par exemple http://www-search.net, http://weddingcamerasplace.com/, etc.

J'ai suivi les recommandations de Yoan et voici les rapports de mes scans:

Ewido:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:17:56 24/10/2006

+ Scan result:

C:\Program Files\HQvideo -> Adware.HQvideo : No action taken.
C:\Program Files\HQvideo\Uninstall.exe -> Adware.HQvideo : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0000027.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0000060.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0001060.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0001076.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0002076.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0003076.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003094.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003112.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003128.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003215.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP4\A0003257.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP4\A0003273.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP5\A0003291.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP6\A0003308.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP6\A0003326.exe -> Downloader.Agent.uj : No action taken.
[1088] VM_00B80000 -> Downloader.Agent.uj : No action taken.
[1592] VM_009E0000 -> Downloader.Agent.uj : No action taken.
[1692] VM_003C0000 -> Downloader.Agent.uj : No action taken.
[1892] VM_00A80000 -> Downloader.Agent.uj : No action taken.
[2100] VM_009D0000 -> Downloader.Agent.uj : No action taken.
[2124] VM_003B0000 -> Downloader.Agent.uj : No action taken.
[2156] VM_01F20000 -> Downloader.Agent.uj : No action taken.
[2212] VM_00990000 -> Downloader.Agent.uj : No action taken.
[224] VM_00A80000 -> Downloader.Agent.uj : No action taken.
[2344] VM_00DF0000 -> Downloader.Agent.uj : No action taken.
[2400] VM_01250000 -> Downloader.Agent.uj : No action taken.
[2536] VM_009B0000 -> Downloader.Agent.uj : No action taken.
[2556] VM_009F0000 -> Downloader.Agent.uj : No action taken.
[2580] VM_00AF0000 -> Downloader.Agent.uj : No action taken.
[2600] VM_00380000 -> Downloader.Agent.uj : No action taken.
[2928] VM_00980000 -> Downloader.Agent.uj : No action taken.
[2936] VM_009F0000 -> Downloader.Agent.uj : No action taken.
[3252] VM_00870000 -> Downloader.Agent.uj : No action taken.
[3432] VM_003F0000 -> Downloader.Agent.uj : No action taken.
[3508] VM_008A0000 -> Downloader.Agent.uj : No action taken.
[3552] VM_00990000 -> Downloader.Agent.uj : No action taken.
[3600] VM_00990000 -> Downloader.Agent.uj : No action taken.
[3608] VM_00980000 -> Downloader.Agent.uj : No action taken.
[3708] VM_00A20000 -> Downloader.Agent.uj : No action taken.
[3724] VM_003A0000 -> Downloader.Agent.uj : No action taken.
[3740] VM_00990000 -> Downloader.Agent.uj : No action taken.
[3828] VM_00A10000 -> Downloader.Agent.uj : No action taken.
[4076] VM_00A40000 -> Downloader.Agent.uj : No action taken.
[844] VM_034E0000 -> Downloader.Agent.uj : No action taken.
[872] VM_00A30000 -> Downloader.Agent.uj : No action taken.
[984] VM_00380000 -> Downloader.Agent.uj : No action taken.
C:\Documents and Settings\Demelenne Pascal\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-301c72d2-34b5425d.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
C:\Documents and Settings\Demelenne Pascal\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-4e340213-49e15260.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
C:\Documents and Settings\Demelenne Pascal\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-4e340213-74096285.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
:mozilla.62:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.63:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.64:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.65:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.66:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.291:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.535:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.36:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.37:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.38:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
:mozilla.102:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.53:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.114:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.115:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.139:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.140:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.368:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.369:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@com[2].txt -> TrackingCookie.Com : No action taken.
:mozilla.78:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.79:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.80:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : No action taken.
:mozilla.22:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\2zl4uzoa.Utilisateur par défaut\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.43:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.106:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@estat[1].txt -> TrackingCookie.Estat : No action taken.
:mozilla.56:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.57:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.58:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.59:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.60:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@as-eu.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
:mozilla.144:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.14:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.15:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.232:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.31:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.32:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.516:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.74:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.93:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.22:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@data3.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.11:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.181:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.211:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.231:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.234:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.275:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.276:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.277:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.278:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.329:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.462:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.497:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.512:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.520:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.532:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.578:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.70:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.71:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.142:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.154:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.155:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.156:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.116:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.117:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.118:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.480:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.481:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.113:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.165:C:\Documents and Settings\Demelenne Pascal\Application Data\Mozilla\Firefox\Profiles\fu2t835p.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Karine\Cookies\karine@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
:mozilla.474:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.540:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.541:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.542:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.543:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.6:C:\Documents and Settings\Karine\Application Data\Mozilla\Firefox\Profiles\4xi21nxa.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0000036.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0001069.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP2\A0003088.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003104.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003122.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003135.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP3\A0003222.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP4\A0003237.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP4\A0003264.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP4\A0003279.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP5\A0003297.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP6\A0003315.exe -> Trojan.Small.fb : No action taken.
C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP6\A0003332.exe -> Trojan.Small.fb : No action taken.

::Report end

BitDefender:

BitDefender Online Scanner

Scan report generated at: Tue, Oct 24, 2006 - 11:42:37

Scan path: C:\;D:\;E:\;

Statistics

Time
01:20:42

Files
404370

Folders
6470

Boot Sectors
4

Archives
7428

Packed Files
42686

Results

Identified Viruses
9

Infected Files
38

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
68

Engines Info

Virus Definitions
478438

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>GetAccess.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>GetAccess.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>GetAccess.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>InsecureClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>InsecureClassLoader.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>InsecureClassLoader.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>Dummy.class
Infected with: Trojan.Java.Classloader.Dummy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>Dummy.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>Dummy.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>Installer.class
Infected with: Java.Trojan.OpenConnection.F

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>Installer.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)=>Installer.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D9612B.zip
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>GetAccess.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>GetAccess.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>GetAccess.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>InsecureClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>InsecureClassLoader.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>InsecureClassLoader.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>Dummy.class
Infected with: Trojan.Java.Classloader.Dummy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>Dummy.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>Dummy.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>Installer.class
Infected with: Java.Trojan.OpenConnection.F

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>Installer.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)=>Installer.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA5939.zip
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAD0335.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAD0335.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAD0335.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B72316F.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B72316F.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B72316F.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DCD2E66.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DCD2E66.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DCD2E66.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\697367F4.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.B

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\697367F4.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\697367F4.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AE77E5B.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AE77E5B.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AE77E5B.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48081419.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48081419.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48081419.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0509017D.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0509017D.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0509017D.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB12D31.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.B

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB12D31.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB12D31.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\324B4B82.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\324B4B82.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\324B4B82.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A1A26CC.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A1A26CC.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A1A26CC.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61B46EB6.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61B46EB6.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61B46EB6.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C702B31.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.B

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C702B31.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C702B31.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22D101AE.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22D101AE.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22D101AE.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22D42BAB.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22D42BAB.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22D42BAB.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A336325.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A336325.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A336325.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9C0581.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.B

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9C0581.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9C0581.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE31A5D.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE31A5D.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE31A5D.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE64459.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE64459.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE64459.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45574E8B.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45574E8B.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45574E8B.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DD700EA.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.B

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DD700EA.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DD700EA.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57FE5F5C.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57FE5F5C.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57FE5F5C.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B7038DD.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B7038DD.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B7038DD.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\130636EF.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\130636EF.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\130636EF.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36F82AC2.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Femad.B

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36F82AC2.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36F82AC2.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\794059A0.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.IstBar.ER

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\794059A0.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\794059A0.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C76587C.tmp=>(Quarantine-2)
Infected with: Generic.Malware.dld!!g.FB6619D2

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C76587C.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C76587C.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163878C8.tmp=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.ASY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163878C8.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163878C8.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C790279.tmp=>(Quarantine-2)
Infected with: Generic.Malware.dld!!g.FB6619D2

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C790279.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C790279.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\136366DD.js=>(Quarantine-2)
Infected with: Trojan.Movidl.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\136366DD.js=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\136366DD.js=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\455E7BDD.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.IstBar.ER

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\455E7BDD.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\455E7BDD.exe=>(Quarantine-2)
Deleted

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 22:22:58, on 26/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MLK\mouse_2k.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Demelenne Pascal\Bureau\hijackthis_hijackthis_1.99.1_anglais_17891.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/sourcesdoc/indexFR.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\MLK\mouse_2k.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{2771795A-F326-488D-9F9D-7DB1888AF5F1}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C8CB9A8-32B1-41C4-B346-24941EF3A71B}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{A66B4545-16F9-46BA-ADB9-D86FFE784ECB}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0DD3738-2081-45A2-BDC3-852CE80F8CAF}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{C288B38C-1152-48F0-8E68-59B086F29117}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4033967-DE39-4C66-B4DF-E0D94569F748}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA5E3EFF-595A-4C52-B25F-AD1DE82EC949}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC349F21-1077-44B8-BF87-06F9448EC62E}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

15 réponses

  1. Hirua
     
    j'ai exactement le même problème mais il m'est impossible de téléchager fixwareout je tombe sur une erreur 404 quelqu'un pourrait me dire ou je pourrai le récupérer
    2
    1. yoyo
       
      prend malwarbytes anti malware la derniere version j ai eu le meme probleme et il a supprimer depuis aucun probleme normalement ses pas un antivirus mes il suppme serta
      in
      0
  2. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Crée ton propre poste

    A+
    2
  3. d0ne Messages postés 1019 Statut Membre 73
     
    salut a toi

    bon alors refais ton scan ewido et cette fois ci quand le scan est fini supprime les fichiers trouvés. car la tu n'a rien fias --> "no action taken " --> pas d'action faite.

    je te conseille de lacher norton antivirus pour avast qui est gratuit et beaucoup plus performant.

    vire norton avec ceci ( progrmamme créé par symantec , société fondatrice de norton )

    ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SymNRT.exe

    avast est dispo a gauche de la page actuelle
    1
    1. Pascal
       
      Merci infiniment done,

      En fait je crois que je viens juste de m'en débarasser en refaisant un scan adaware avec les dernières updates.

      Merci pour le tuyau ewido, ça m'avait échappé.

      Je m'occupe aussi de Norton, qui ralentit à fond mon système, surtout à l'ouverture.

      Merci encore!

      Pascal
      0
    2. Pascal
       
      Bon ben apparemment le problème est revenu. J'ai refait un scan Ewido mais il y a un trojan sur les deux détectés qu'il n'a pas pu supprimer, peut-être parce que d'autres applications étaient actives en même temps?

      Voici le rapport:

      ---------------------------------------------------------
      ewido anti-spyware - Scan Report
      ---------------------------------------------------------

      + Created at: 22:40:25 29/10/2006

      + Scan result:



      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP10\A0003975.exe -> Downloader.Agent.uj : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP10\A0003997.exe -> Downloader.Agent.uj : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP7\A0003368.exe -> Downloader.Agent.uj : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003393.exe -> Downloader.Agent.uj : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003413.exe -> Downloader.Agent.uj : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003429.exe -> Downloader.Agent.uj : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003445.exe -> Downloader.Agent.uj : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003468.exe -> Downloader.Agent.uj : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003489.exe -> Downloader.Agent.uj : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP9\A0003524.exe -> Downloader.Agent.uj : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP9\A0003959.exe -> Downloader.Agent.uj : Cleaned.
      [1148] VM_00870000 -> Downloader.Agent.uj : Error during cleaning.
      [1516] VM_00C40000 -> Downloader.Agent.uj : Error during cleaning.
      [1716] VM_00AF0000 -> Downloader.Agent.uj : Error during cleaning.
      [1792] VM_00980000 -> Downloader.Agent.uj : Error during cleaning.
      [1992] VM_009B0000 -> Downloader.Agent.uj : Error during cleaning.
      [2208] VM_003F0000 -> Downloader.Agent.uj : Error during cleaning.
      [2460] VM_00990000 -> Downloader.Agent.uj : Error during cleaning.
      [2560] VM_00990000 -> Downloader.Agent.uj : Error during cleaning.
      [2616] VM_009F0000 -> Downloader.Agent.uj : Error during cleaning.
      [2680] VM_00380000 -> Downloader.Agent.uj : Error during cleaning.
      [2864] VM_00A20000 -> Downloader.Agent.uj : Error during cleaning.
      [2948] VM_00990000 -> Downloader.Agent.uj : Error during cleaning.
      [2952] VM_003A0000 -> Downloader.Agent.uj : Error during cleaning.
      [3028] VM_00A40000 -> Downloader.Agent.uj : Error during cleaning.
      [3096] VM_00A80000 -> Downloader.Agent.uj : Error during cleaning.
      [3240] VM_00B80000 -> Downloader.Agent.uj : Error during cleaning.
      [3248] VM_009E0000 -> Downloader.Agent.uj : Error during cleaning.
      [3312] VM_00A80000 -> Downloader.Agent.uj : Error during cleaning.
      [3416] VM_009D0000 -> Downloader.Agent.uj : Error during cleaning.
      [3428] VM_00340000 -> Downloader.Agent.uj : Error during cleaning.
      [3448] VM_003B0000 -> Downloader.Agent.uj : Error during cleaning.
      [3460] VM_009C0000 -> Downloader.Agent.uj : Error during cleaning.
      [3464] VM_00380000 -> Downloader.Agent.uj : Error during cleaning.
      [3532] VM_00980000 -> Downloader.Agent.uj : Error during cleaning.
      [3592] VM_01F20000 -> Downloader.Agent.uj : Error during cleaning.
      [3756] VM_00A00000 -> Downloader.Agent.uj : Error during cleaning.
      [3760] VM_00990000 -> Downloader.Agent.uj : Error during cleaning.
      [3840] VM_00DF0000 -> Downloader.Agent.uj : Error during cleaning.
      [3876] VM_009B0000 -> Downloader.Agent.uj : Error during cleaning.
      [604] VM_009F0000 -> Downloader.Agent.uj : Error during cleaning.
      [904] VM_034E0000 -> Downloader.Agent.uj : Error during cleaning.
      [932] VM_00C10000 -> Downloader.Agent.uj : Error during cleaning.
      C:\Documents and Settings\Demelenne Pascal\Cookies\demelenne pascal@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
      C:\Documents and Settings\Demelenne Pascal\Cookies\demelenne pascal@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
      C:\Documents and Settings\Karine\Cookies\karine@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
      C:\Documents and Settings\Demelenne Pascal\Cookies\demelenne pascal@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
      C:\Documents and Settings\Demelenne Pascal\Cookies\demelenne pascal@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP10\A0003969.exe -> Trojan.Small.fb : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP10\A0003982.exe -> Trojan.Small.fb : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP10\A0004005.exe -> Trojan.Small.fb : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP7\A0003376.exe -> Trojan.Small.fb : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003402.exe -> Trojan.Small.fb : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003419.exe -> Trojan.Small.fb : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003435.exe -> Trojan.Small.fb : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003452.exe -> Trojan.Small.fb : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003474.exe -> Trojan.Small.fb : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP8\A0003499.exe -> Trojan.Small.fb : Cleaned.
      C:\System Volume Information\_restore{49798821-77F8-4402-A9AA-0F6C0860DD0D}\RP9\A0003534.exe -> Trojan.Small.fb : Cleaned.


      ::Report end

      Voici aussi un rapport hjt effectué après:

      Logfile of HijackThis v1.99.1
      Scan saved at 22:47:04, on 29/10/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Acer\eManager\anbmServ.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\MLK\mouse_2k.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
      C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
      C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
      C:\Program Files\Logitech\SetPoint\KEM.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
      C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
      C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
      C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
      C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
      C:\Program Files\ewido anti-spyware 4.0\ewido.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Documents and Settings\Demelenne Pascal\Bureau\hijackthis_hijackthis_1.99.1_anglais_17891.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/sourcesdoc/indexFR.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
      O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\MLK\mouse_2k.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
      O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
      O4 - Global Startup: D-Link AirPlus.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
      O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
      O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
      O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
      O17 - HKLM\System\CCS\Services\Tcpip\..\{2771795A-F326-488D-9F9D-7DB1888AF5F1}: NameServer = 85.255.114.66,85.255.112.130
      O17 - HKLM\System\CCS\Services\Tcpip\..\{2C8CB9A8-32B1-41C4-B346-24941EF3A71B}: NameServer = 85.255.114.66,85.255.112.130
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A66B4545-16F9-46BA-ADB9-D86FFE784ECB}: NameServer = 85.255.114.66,85.255.112.130
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B0DD3738-2081-45A2-BDC3-852CE80F8CAF}: NameServer = 85.255.114.66,85.255.112.130
      O17 - HKLM\System\CCS\Services\Tcpip\..\{C288B38C-1152-48F0-8E68-59B086F29117}: NameServer = 85.255.114.66,85.255.112.130
      O17 - HKLM\System\CCS\Services\Tcpip\..\{D4033967-DE39-4C66-B4DF-E0D94569F748}: NameServer = 85.255.114.66,85.255.112.130
      O17 - HKLM\System\CCS\Services\Tcpip\..\{FA5E3EFF-595A-4C52-B25F-AD1DE82EC949}: NameServer = 85.255.114.66,85.255.112.130
      O17 - HKLM\System\CCS\Services\Tcpip\..\{FC349F21-1077-44B8-BF87-06F9448EC62E}: NameServer = 85.255.114.66,85.255.112.130
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
      O17 - HKLM\System\CS1\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
      O17 - HKLM\System\CS2\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

      Si tu pouvais y jeter un coup d'oeil, peut-être pourrais-tu me guider pour la suite...

      Bonnesemaine et à bientôt
      0
    3. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
       
      Mauvaise manip ...

      Voir + bas

      ;-)
      0
  4. Chris
     
    Pardon, j'utilise windows XP pas NT, le clavier a fourché.
    1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. d0ne Messages postés 1019 Statut Membre 73
     
    va dans norton et supprime tout ce qui se trouve dans quarantaine. fais attention de pas restaurer les elements dans ton systeme.

    0
    1. Pascal
       
      Tiens, c'est étrange, j'ai déjà posté une réponse mais elle n'apparaît nulle part.

      Tant pis, je reprends.

      J'ai suivi tes instructions concernant la restauration mais ewido n'a quand même pas pu supprimer le malware détecté.

      En ce qui concerne Norton, j'ai tout effacé grâce au lien que tu l'avais conseillé dans ta première réponse.

      Le virus est toujours là et je suis un peu désespéré...

      Si tu as d'autres pistes, je suis preneur!

      Merci et à bientôt
      0
  7. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Télécharge ceci: (merci a S!RI pour ce programme).
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.
    ----------------------------------------------------------------------------
    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    Relance le programme Smitfraud,
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

    A+
    0
    1. Pascal
       
      Merci pour ton aide précieuse!

      Voici le rapport 1

      SmitFraudFix v2.117

      Rapport fait à 12:36:19,21, jeu. 02/11/2006
      Executé à partir de C:\Documents and Settings\Demelenne Pascal\Bureau\Smitfraudfix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Demelenne Pascal


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Demelenne Pascal\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DEMELE~1\FAVORIS


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="http://photos1.blogger.com/blogger/2746/2197/1600/IMG_7199.jpg"
      "SubscribedURL"="http://photos1.blogger.com/blogger/2746/2197/1600/IMG_7199.jpg"
      "FriendlyName"=""

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
      "Source"="http://photos1.blogger.com/blogger/2746/2197/1600/IMG_7371.0.jpg"
      "SubscribedURL"="http://photos1.blogger.com/blogger/2746/2197/1600/IMG_7371.0.jpg"
      "FriendlyName"=""
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"

      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
      1. Pascal > Pascal
         
        Voici le rapport 2

        SmitFraudFix v2.117

        Rapport fait à 12:50:34,11, jeu. 02/11/2006
        Executé à partir de C:\Documents and Settings\Demelenne Pascal\Bureau\Smitfraudfix
        OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
        Fix executé en mode sans echec

        »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
        !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


        »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

        GenericRenosFix by S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


        »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


        »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

        Nettoyage terminé.

        »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
        !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll


        »»»»»»»»»»»»»»»»»»»»»»»» Fin
        0
      2. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430 > Pascal
         
        slt,

        Redémarre en mode normal

        Télécharge le FixWareout sur le bureau:
        https://www.bleepingcomputer.com/download/linux/

        Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
        Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

        Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:

        O17 - HKLM\System\CCS\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
        O17 - HKLM\System\CCS\Services\Tcpip\..\{2771795A-F326-488D-9F9D-7DB1888AF5F1}: NameServer = 85.255.114.66,85.255.112.130
        O17 - HKLM\System\CCS\Services\Tcpip\..\{2C8CB9A8-32B1-41C4-B346-24941EF3A71B}: NameServer = 85.255.114.66,85.255.112.130
        O17 - HKLM\System\CCS\Services\Tcpip\..\{A66B4545-16F9-46BA-ADB9-D86FFE784ECB}: NameServer = 85.255.114.66,85.255.112.130
        O17 - HKLM\System\CCS\Services\Tcpip\..\{B0DD3738-2081-45A2-BDC3-852CE80F8CAF}: NameServer = 85.255.114.66,85.255.112.130
        O17 - HKLM\System\CCS\Services\Tcpip\..\{C288B38C-1152-48F0-8E68-59B086F29117}: NameServer = 85.255.114.66,85.255.112.130
        O17 - HKLM\System\CCS\Services\Tcpip\..\{D4033967-DE39-4C66-B4DF-E0D94569F748}: NameServer = 85.255.114.66,85.255.112.130
        O17 - HKLM\System\CCS\Services\Tcpip\..\{FA5E3EFF-595A-4C52-B25F-AD1DE82EC949}: NameServer = 85.255.114.66,85.255.112.130
        O17 - HKLM\System\CCS\Services\Tcpip\..\{FC349F21-1077-44B8-BF87-06F9448EC62E}: NameServer = 85.255.114.66,85.255.112.130
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
        O17 - HKLM\System\CS1\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
        O17 - HKLM\System\CS2\Services\Tcpip\..\{063FB18A-0CE0-4D0C-BBBE-ED2B96B2A637}: NameServer = 85.255.114.66,85.255.112.130
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130


        Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

        A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

        Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.

        a+
        0
      3. Pascal > Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention  
         
        Excellent, on dirait qu'on avance!

        Voici le rapport fixwareout:


        Fixwareout ver 1.003
        Last edited 8/11/2006
        Post this report in the forums please

        Reg Entries that were deleted
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A77FD052A62D-848B-BEA4-5C01-E4E1F057{
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}70D9C3052B7D-C32A-64E4-DD45-427AFA12{
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\alwmd
        ...

        Microsoft (R) Windows Script Host Version 5.6
        Random Runs removed from HKLM
        "dmwla.exe"=-
        ...

        PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

        »»»»» Searching by size/names...

        »»»»»
        Search five digit cs, dm and jb files.
        This WILL/CAN also list Legit Files, Submit them at Virustotal
        C:\WINDOWS\SYSTEM32\CSEIL.EXE 51.754 2006-10-12
        C:\WINDOWS\SYSTEM32\DMWLA.EXE 60.998 2004-08-20

        Other suspects.
        Directory of C:\WINDOWS\system32

        »»»»» Misc files.

        »»»»» Checking for older varients covered by the Rem3 tool.

        et le dernier hjt

        Logfile of HijackThis v1.99.1
        Scan saved at 13:29:55, on 2/11/2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\ctfmon.exe
        C:\Acer\eManager\anbmServ.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\Program Files\ewido anti-spyware 4.0\guard.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
        C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
        C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
        C:\WINDOWS\system32\LVCOMSX.EXE
        C:\Program Files\Logitech\Video\LogiTray.exe
        C:\Program Files\Logitech\Video\FxSvr2.exe
        C:\Program Files\MLK\mouse_2k.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
        C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
        C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
        C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
        C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
        C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
        C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
        C:\Program Files\Logitech\SetPoint\KEM.exe
        C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
        C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
        C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
        C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
        C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
        C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
        C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
        C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
        C:\Documents and Settings\Demelenne Pascal\Bureau\hijackthis_hijackthis_1.99.1_anglais_17891.exe

        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
        O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
        O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
        O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
        O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
        O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
        O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
        O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
        O4 - HKLM\..\Run: [LaunchApp] Alaunch
        O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
        O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
        O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\MLK\mouse_2k.exe
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
        O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
        O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
        O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
        O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
        O4 - Global Startup: D-Link AirPlus.lnk = ?
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
        O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
        O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
        O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
        O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
        O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
        O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
        O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
        O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

        Tu crois que c'est bon?

        Merci 1000x
        0
  8. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    salut

    Rend toi sur ce site :
    http://www.virustotal.com/xhtml/virustotal_en.html
    Clik sur parcourir
    Recherche ceci :

    C:\WINDOWS\SYSTEM32\CSEIL.EXE

    et

    C:\WINDOWS\SYSTEM32\DMWLA.EXE

    Clik send et colle les rapports stp

    A+
    0
    1. pascal
       
      Comment faire pour exporter le rapport de Virustotal? Je ne vois pas...
      0
    2. Pascal
       
      Voilà le premier

      VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.


      Select file : DistributeSSL

      Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
      News Hot news in the virus/antivirus sector.
      Estadisticas Statistics of VirusTotal procesing.
      Virustotal More info about Virustotal.


      STATUS: FINISHEDComplete scanning result of "cseil.exe", received in VirusTotal at 11.02.2006, 15:43:48 (CET).

      Antivirus Version Update Result
      AntiVir 7.2.0.37 11.02.2006 no virus found
      Authentium 4.93.8 11.02.2006 could be a corrupted executable file
      Avast 4.7.892.0 11.02.2006 no virus found
      AVG 386 11.02.2006 no virus found
      BitDefender 7.2 11.01.2006 MemScan:Trojan.Downloader.Mohbpork.A
      CAT-QuickHeal 8.00 11.02.2006 (Suspicious) - DNAScan
      ClamAV devel-20060426 11.02.2006 no virus found
      DrWeb 4.33 11.02.2006 Trojan.DnsChange
      eTrust-InoculateIT 23.73.43 11.02.2006 no virus found
      eTrust-Vet 30.3.3174 11.02.2006 Win32/Alureon!generic
      Ewido 4.0 11.02.2006 Downloader.Agent.uj
      Fortinet 2.82.0.0 11.02.2006 suspicious
      F-Prot 3.16f 11.01.2006 no virus found
      F-Prot4 4.2.1.29 11.02.2006 W32/new-malware!Maximus
      Ikarus 0.2.65.0 11.02.2006 no virus found
      Kaspersky 4.0.2.24 11.02.2006 no virus found
      McAfee 4886 11.01.2006 Spy-Agent.bc
      Microsoft 1.1609 11.02.2006 no virus found
      NOD32v2 1.1849 11.02.2006 a variant of Win32/Small.FB
      Norman 5.80.02 11.02.2006 no virus found
      Panda 9.0.0.4 11.02.2006 no virus found
      Sophos 4.10.0 10.26.2006 no virus found
      TheHacker 6.0.1.111 11.02.2006 no virus found
      UNA 1.83 11.01.2006 no virus found
      VBA32 3.11.1 11.01.2006 suspected of Trojan-Downloader.Agent.32
      VirusBuster 4.3.15:9 11.02.2006 no virus found


      Aditional Information
      File size: 51754 bytes
      MD5: b625f3c19d3fcc89a0a39b30c43d12bc
      SHA1: 093f8fa0ed903930cd15696cde1ef74875239c80
      packers: PECRYPT

      VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
      > Ir a: Inicio Contactar En Español
      --------------------------------------------------------------------------------
      www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com


      Et le second

      VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.


      Select file : DistributeSSL

      Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
      News Hot news in the virus/antivirus sector.
      Estadisticas Statistics of VirusTotal procesing.
      Virustotal More info about Virustotal.


      STATUS: FINISHEDComplete scanning result of "dmwla.exe", received in VirusTotal at 11.02.2006, 15:47:10 (CET).

      Antivirus Version Update Result
      AntiVir 7.2.0.37 11.02.2006 no virus found
      Authentium 4.93.8 11.02.2006 could be a corrupted executable file
      Avast 4.7.892.0 11.02.2006 no virus found
      AVG 386 11.02.2006 no virus found
      BitDefender 7.2 11.01.2006 MemScan:Trojan.Downloader.Mohbpork.B
      CAT-QuickHeal 8.00 11.02.2006 (Suspicious) - DNAScan
      ClamAV devel-20060426 11.02.2006 no virus found
      DrWeb 4.33 11.02.2006 Trojan.DnsChange
      eTrust-InoculateIT 23.73.43 11.02.2006 no virus found
      eTrust-Vet 30.3.3174 11.02.2006 Win32/Alureon!generic
      Ewido 4.0 11.02.2006 Trojan.Small.fb
      Fortinet 2.82.0.0 11.02.2006 suspicious
      F-Prot 3.16f 11.01.2006 Possibly a new variant of W32/new-malware!Maximus
      F-Prot4 4.2.1.29 11.02.2006 W32/new-malware!Maximus
      Ikarus 0.2.65.0 11.02.2006 no virus found
      Kaspersky 4.0.2.24 11.02.2006 no virus found
      McAfee 4886 11.01.2006 no virus found
      Microsoft 1.1609 11.02.2006 no virus found
      NOD32v2 1.1849 11.02.2006 a variant of Win32/Small.FB
      Norman 5.80.02 11.02.2006 no virus found
      Panda 9.0.0.4 11.02.2006 Trj/Ruins.DP
      Sophos 4.10.0 10.26.2006 no virus found
      TheHacker 6.0.1.111 11.02.2006 no virus found
      UNA 1.83 11.01.2006 no virus found
      VBA32 3.11.1 11.01.2006 suspected of Malware.Agent.11
      VirusBuster 4.3.15:9 11.02.2006 no virus found


      Aditional Information
      File size: 60998 bytes
      MD5: 2b8f7b95024f91bb0d4cc81ad3afe21a
      SHA1: 0bdc6aeef3a677d0dafc9c0bce7c7ee36a24f42b
      packers: PECRYPT

      VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
      > Ir a: Inicio Contactar En Español
      --------------------------------------------------------------------------------
      www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com


      Merci!
      0
  9. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Ah super, je me disais que tu nous avais oublié !

    Merci du compliment et bravo a seb

    Bon dimanche
    0
  10. Chris
     
    Bonjour,

    j'ai le même problème depuis 2 jours.

    Mais les fichiers indiqués à rechercher n'existent pas sur mon pc (Windows NT).

    De plus, Avast ne reconnait pas de virus ou de trojan et Spybot a soit disant corrigé les problèmes rencontrés, mais ils perdurent !...

    Avez-vous une solution ?
    0
  11. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Tu selectionnes tout et tu fais copier coller ici

    a+
    -1
  12. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    Supprime les maintenant, ils sont infectés:

    C:\WINDOWS\SYSTEM32\CSEIL.EXE
    C:\WINDOWS\SYSTEM32\DMWLA.EXE

    A+
    -1
    1. pascal
       
      je les supprime manuellement en passant par l'explorateur et je vide la corbeille?
      0
  13. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    Oui, tu passes par :
    demarer < poste de travail < c < windows < systeme32 et tu les supprimes puis tu vides la corbeille.
    Si tu rencontre des soucis, dis le, on fera autrement.

    A+
    -1
    1. Pascal
       
      Oups... j'ai oublié de vous donner de mes nouvelles. Tous mes problèmes sont résolus. Je tiens à remercier vivement tous les helpers, c'est vraiment du travail de pro!

      Bonne continuation
      0
  14. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    de rien content pour toi :-)

    Bon surf.

    -1
  15. d0ne Messages postés 1019 Statut Membre 73
     
    desactive et reactive ta restauration systeme

    fais comme suit

    appuie sur les touches suivantes ( en meme temps )

    la touche windows ( a coté de ALT ) + sur PAUSE ( au dessus des fleches si tu as un ordi de bureau ( pour un pc portable cherche sur ton clavier lol )

    normalement une fenetre s'ouvre et la tu clique sur l'onglet restauration systeme. tu coche desactiver la resaturation systeme puis tu recoche ( lorsque tu va decocher il se peut que tu es l'impression que sa ne reponde plus mais attend un peu et sa redeviendra normal; car le systeme supprime les points de restauration )

    ensuite refais un scan ewido pour voir s'il te retrouve tes trojans et vire ce qu'il trouve
    -2