[VIRUS]Win32:Medbot-AM
Résolu
A.D.I.D.A.S.
-
bablittlebuddha Messages postés 5 Statut Membre -
bablittlebuddha Messages postés 5 Statut Membre -
Bonjour,
Depuis quelques jours, Avast détecte sur mon PC le virus Win32:Medbot-AM. Que je supprime les fichiers infectés ou que je les laisse en quarantaine, ils reviennent systématiquement toutes les heures. Fichiers concernés : setup.exe dans C:\Documents and Settings\All Users\Documents, puis d'autres fichiers relatifs à des instruments de diagnostic que j'ai installés en suivant une procédure sur Internet (Smitfraudfix, Antivir). J'ai installé AVG, effectué un scan et éliminé tout ce qu'il a trouvé. J'ai également passé Ccleaner. Voilà le log de Hijackthis ce matin :
Logfile of HijackThis v1.99.1
Scan saved at 06:50:25, on 05/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\WinAce\WinAce.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
J'ai cru comprendre (en faisant une analyse sur hijackthis.de) que la ligne O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000 était néfaste (je n'ai jamais installé cette barre d'outils, il doit s'agir d'un "extra" installé avec un autre programme).
J'espère que cela vous permettra de m'aider. Avast n'a pas détecté de nouveau le virus depuis ce matin.
Merci d'avance !
Depuis quelques jours, Avast détecte sur mon PC le virus Win32:Medbot-AM. Que je supprime les fichiers infectés ou que je les laisse en quarantaine, ils reviennent systématiquement toutes les heures. Fichiers concernés : setup.exe dans C:\Documents and Settings\All Users\Documents, puis d'autres fichiers relatifs à des instruments de diagnostic que j'ai installés en suivant une procédure sur Internet (Smitfraudfix, Antivir). J'ai installé AVG, effectué un scan et éliminé tout ce qu'il a trouvé. J'ai également passé Ccleaner. Voilà le log de Hijackthis ce matin :
Logfile of HijackThis v1.99.1
Scan saved at 06:50:25, on 05/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\WinAce\WinAce.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
J'ai cru comprendre (en faisant une analyse sur hijackthis.de) que la ligne O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000 était néfaste (je n'ai jamais installé cette barre d'outils, il doit s'agir d'un "extra" installé avec un autre programme).
J'espère que cela vous permettra de m'aider. Avast n'a pas détecté de nouveau le virus depuis ce matin.
Merci d'avance !
A voir également:
- [VIRUS]Win32:Medbot-AM
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
7 réponses
Rebonjour, (oui c'est encore moi, A.D.I.D.A.S.)
voilà le log de AVG.
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 08:53:09 05/11/2006
+ Résultat de l'analyse:
:mozilla.20:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.21:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.23:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.24:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.25:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.172:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.173:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Sab\Cookies\sab@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.123:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.124:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.127:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.128:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.106:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Sab\Cookies\sab@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.19:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Sab\Cookies\sab@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.10:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.11:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.9:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.26:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.181:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.132:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Hitslink : Aucune action entreprise.
:mozilla.184:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.65:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Onestat : Aucune action entreprise.
:mozilla.69:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Onestat : Aucune action entreprise.
:mozilla.135:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.136:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.170:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.171:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.32:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.33:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.34:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.35:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.59:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.60:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.61:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.140:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.70:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.71:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.72:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.73:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.126:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
:mozilla.78:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.80:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.81:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
Fin du rapport
J'ai repassé Ccleaner, tout semble normal mais j'aimerais avoir confirmation de votre part...
voilà le log de AVG.
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 08:53:09 05/11/2006
+ Résultat de l'analyse:
:mozilla.20:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.21:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.23:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.24:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.25:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.172:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.173:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Sab\Cookies\sab@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.123:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.124:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.127:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.128:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.106:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Sab\Cookies\sab@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.19:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Sab\Cookies\sab@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.10:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.11:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.9:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.26:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.181:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.132:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Hitslink : Aucune action entreprise.
:mozilla.184:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.65:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Onestat : Aucune action entreprise.
:mozilla.69:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Onestat : Aucune action entreprise.
:mozilla.135:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.136:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.170:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.171:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.32:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.33:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.34:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.35:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.59:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.60:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.61:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.140:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.70:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.71:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.72:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.73:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.126:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
:mozilla.78:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.80:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.81:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
Fin du rapport
J'ai repassé Ccleaner, tout semble normal mais j'aimerais avoir confirmation de votre part...
Slt
Aucune action entreprise. Faudrait le refaire en suivant bien le tuto...
Fais ce qui suit aussi
Merci
E - Scan online avec BitDefender (fonctionne uniquement sous Internet Explorer en acceptant l’ activX)
https://assiste.com/404_La_page_demandee_n_existe_pas.php
http://www.bitdefender.fr/scan8/ie.html
Copie/COLLE le rapport entier
Aucune action entreprise. Faudrait le refaire en suivant bien le tuto...
Fais ce qui suit aussi
Merci
E - Scan online avec BitDefender (fonctionne uniquement sous Internet Explorer en acceptant l’ activX)
https://assiste.com/404_La_page_demandee_n_existe_pas.php
http://www.bitdefender.fr/scan8/ie.html
Copie/COLLE le rapport entier
Salut Marie,
Effectivement je n'ai pas supprimé les cookies incriminés (je recommence).
Je ne peux pas effectuer le scan avec Bitdefender (même sous IE acceptant les contrôles activeX) : j'ai le message suivant. "This website is not authorized to host this ActiveX control". ???
Sinon, scan de Smitfraudfix :
SmitFraudFix v2.119
Rapport fait à 9:28:03,63, 05/11/2006
Executé à partir de C:\Documents and Settings\Sab\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sab
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sab\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SAB\FAVORIS
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Effectivement je n'ai pas supprimé les cookies incriminés (je recommence).
Je ne peux pas effectuer le scan avec Bitdefender (même sous IE acceptant les contrôles activeX) : j'ai le message suivant. "This website is not authorized to host this ActiveX control". ???
Sinon, scan de Smitfraudfix :
SmitFraudFix v2.119
Rapport fait à 9:28:03,63, 05/11/2006
Executé à partir de C:\Documents and Settings\Sab\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sab
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sab\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SAB\FAVORIS
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Re. Le virus est revenu. Détecté par Avast, mis en quarantaine. Je m'aperçois qu'un fichier autorun revient sans arrêt dans le dossier C:\Documents and Settings\All Users\Documents (je l'avais supprimé). Il contient :
[autorun]
open=setup.exe
icon=setup.exe,0
A votre avis, comment le supprimer définitivement ?
[autorun]
open=setup.exe
icon=setup.exe,0
A votre avis, comment le supprimer définitivement ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Slt
Oui cette ligne est mauvaise, faut la supprimer
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
Regarde dans ajout/supp des programmes si tu as ""MyWebSearch""
Si oui tu supprimes
A++
Oui cette ligne est mauvaise, faut la supprimer
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
Regarde dans ajout/supp des programmes si tu as ""MyWebSearch""
Si oui tu supprimes
A++
J'ai fixé la ligne en question, voici le dernier log de hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 12:11:00, on 05/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
J'ai aussi fait un scan avec Antivir, il a trouvé 5 programme non désirés. Voilà le log :
AntiVir PersonalEdition Classic
Report file date: dimanche 5 novembre 2006 10:08
Scanning for 546033 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Sab
Computer name: SABINE
Version information:
AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 11:06:58
AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 11:56:34
LUKE.DLL : 7.0.0.47 118824 07/09/2006 11:32:34
LUKERES.DLL : 7.0.0.47 9256 07/09/2006 11:56:34
ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 11:35:28
ANTIVIR1.VDF : 6.36.0.228 2062336 02/11/2006 09:04:46
ANTIVIR2.VDF : 6.36.0.229 2048 02/11/2006 09:04:46
ANTIVIR3.VDF : 6.36.0.236 56832 03/11/2006 09:04:46
AVEWIN32.DLL : 7.2.0.37 1901056 05/11/2006 09:04:46
AVPREF.DLL : 7.0.0.2 23592 24/07/2006 13:36:06
AVREP.DLL : 6.36.0.144 876584 05/11/2006 09:04:46
AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 09:43:32
AVPACK32.DLL : 7.2.0.5 368680 05/11/2006 09:04:46
AVREG.DLL : 6.31.0.90 27688 28/07/2005 11:06:36
NETNT.DLL : 6.32.0.0 6696 27/09/2005 08:56:50
NETNW.DLL : 7.0.0.0 9768 24/07/2006 13:35:56
RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 12:22:58
RCTEXT.DLL : 7.0.1.4 77864 05/11/2006 09:04:42
Configuration settings for the scan:
Jobname.......................: Local Drives
Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Boot sectors..................: C,D,E,F,G
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 1
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: 0
Primary action................: 1
Secondary action..............: 0
Start of the scan: dimanche 5 novembre 2006 10:08
The scan of running processes will be started
18 Processes were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( 21 files ).
Starting the file scan:
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\Perflib_Perfdata_4a8.dat
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\_avast4_\Webshlock.txt
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Sab\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\Sab\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Sab\Local Settings\Temp\540_zip_dump.mp3
[WARNING] The file could not be opened!
C:\Documents and Settings\Sab\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\Sab\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Sab\Local Settings\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cache\633285d9d01
[0] Archive type: ZIP
--> SmitfraudFix/Reboot.exe
[WARNING] The file could not be opened!
--> SmitfraudFix/restart.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\Sab\Local Settings\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cache\0c5f542cd01
[0] Archive type: ZIP
--> SmitfraudFix/Reboot.exe
[WARNING] The file could not be opened!
--> SmitfraudFix/restart.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP560\A0079711.exe
[DETECTION] Contains signature of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '457dc438.qua'!
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP560\A0079712.exe
[DETECTION] Contains signature of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '44f2f5e9.qua'!
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP561\A0080808.exe
[DETECTION] Contains signature of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '457dc43c.qua'!
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP561\A0080809.exe
[DETECTION] Contains signature of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '44f2f5ed.qua'!
D:\Google Desktop Data\68f7117ee9ed\dbeam
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbeao
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbdam
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbdao
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbu2d.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbc2e.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbvmh.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbvm.cf1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbm
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\fim1ih.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\fii.cf1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\rpmh.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\rpm.cf1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\rpm1mh.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\rpm1m.cf1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\hpt2i.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\hp
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\fiih.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\fim1i.cf1
[WARNING] The file could not be opened!
The path E:\ could not be found!
Le périphérique n'est pas prêt.
The path F:\ could not be found!
Le périphérique n'est pas prêt.
The path G:\ could not be found!
Le périphérique n'est pas prêt.
End of the scan: dimanche 5 novembre 2006 12:05
Used time: 1:57:44 min
The scan has been done completely.
4916 Scanning directories
267265 Files were scanned
4 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
3226 Archives were scanned
53 Warnings
1 Notes
Est-ce que tu peux m'aider pour le fichier autorun ?? Je te remercie beaucoup de te pencher sur la question.
Logfile of HijackThis v1.99.1
Scan saved at 12:11:00, on 05/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
J'ai aussi fait un scan avec Antivir, il a trouvé 5 programme non désirés. Voilà le log :
AntiVir PersonalEdition Classic
Report file date: dimanche 5 novembre 2006 10:08
Scanning for 546033 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Sab
Computer name: SABINE
Version information:
AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 11:06:58
AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 11:56:34
LUKE.DLL : 7.0.0.47 118824 07/09/2006 11:32:34
LUKERES.DLL : 7.0.0.47 9256 07/09/2006 11:56:34
ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 11:35:28
ANTIVIR1.VDF : 6.36.0.228 2062336 02/11/2006 09:04:46
ANTIVIR2.VDF : 6.36.0.229 2048 02/11/2006 09:04:46
ANTIVIR3.VDF : 6.36.0.236 56832 03/11/2006 09:04:46
AVEWIN32.DLL : 7.2.0.37 1901056 05/11/2006 09:04:46
AVPREF.DLL : 7.0.0.2 23592 24/07/2006 13:36:06
AVREP.DLL : 6.36.0.144 876584 05/11/2006 09:04:46
AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 09:43:32
AVPACK32.DLL : 7.2.0.5 368680 05/11/2006 09:04:46
AVREG.DLL : 6.31.0.90 27688 28/07/2005 11:06:36
NETNT.DLL : 6.32.0.0 6696 27/09/2005 08:56:50
NETNW.DLL : 7.0.0.0 9768 24/07/2006 13:35:56
RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 12:22:58
RCTEXT.DLL : 7.0.1.4 77864 05/11/2006 09:04:42
Configuration settings for the scan:
Jobname.......................: Local Drives
Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Boot sectors..................: C,D,E,F,G
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 1
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: 0
Primary action................: 1
Secondary action..............: 0
Start of the scan: dimanche 5 novembre 2006 10:08
The scan of running processes will be started
18 Processes were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( 21 files ).
Starting the file scan:
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\Perflib_Perfdata_4a8.dat
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\_avast4_\Webshlock.txt
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Sab\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\Sab\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Sab\Local Settings\Temp\540_zip_dump.mp3
[WARNING] The file could not be opened!
C:\Documents and Settings\Sab\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\Sab\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Sab\Local Settings\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cache\633285d9d01
[0] Archive type: ZIP
--> SmitfraudFix/Reboot.exe
[WARNING] The file could not be opened!
--> SmitfraudFix/restart.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\Sab\Local Settings\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cache\0c5f542cd01
[0] Archive type: ZIP
--> SmitfraudFix/Reboot.exe
[WARNING] The file could not be opened!
--> SmitfraudFix/restart.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP560\A0079711.exe
[DETECTION] Contains signature of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '457dc438.qua'!
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP560\A0079712.exe
[DETECTION] Contains signature of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '44f2f5e9.qua'!
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP561\A0080808.exe
[DETECTION] Contains signature of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '457dc43c.qua'!
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP561\A0080809.exe
[DETECTION] Contains signature of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '44f2f5ed.qua'!
D:\Google Desktop Data\68f7117ee9ed\dbeam
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbeao
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbdam
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbdao
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbu2d.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbc2e.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbvmh.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbvm.cf1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\dbm
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\fim1ih.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\fii.cf1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\rpmh.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\rpm.cf1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\rpm1mh.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\rpm1m.cf1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\hpt2i.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\hp
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\fiih.ht1
[WARNING] The file could not be opened!
D:\Google Desktop Data\68f7117ee9ed\fim1i.cf1
[WARNING] The file could not be opened!
The path E:\ could not be found!
Le périphérique n'est pas prêt.
The path F:\ could not be found!
Le périphérique n'est pas prêt.
The path G:\ could not be found!
Le périphérique n'est pas prêt.
End of the scan: dimanche 5 novembre 2006 12:05
Used time: 1:57:44 min
The scan has been done completely.
4916 Scanning directories
267265 Files were scanned
4 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
3226 Archives were scanned
53 Warnings
1 Notes
Est-ce que tu peux m'aider pour le fichier autorun ?? Je te remercie beaucoup de te pencher sur la question.
Marie, voilà le dernier rapport d'AVG :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 19:38:41 05/11/2006
+ Résultat de l'analyse:
:mozilla.6:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.31:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.23:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.24:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.25:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
Fin du rapport
Je pense que j'ai compris d'où venait mon problème. Un certain programme avait ouvert beaucoup (trop) de ports et donc laissé libre cours à toutes les intrusions... Programme désinstallé, ports fermés... Problème éradiqué !!
Merci à toi.
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 19:38:41 05/11/2006
+ Résultat de l'analyse:
:mozilla.6:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.31:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.23:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.24:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.25:C:\Documents and Settings\Sab\Application Data\Mozilla\Firefox\Profiles\e1opjpzq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
Fin du rapport
Je pense que j'ai compris d'où venait mon problème. Un certain programme avait ouvert beaucoup (trop) de ports et donc laissé libre cours à toutes les intrusions... Programme désinstallé, ports fermés... Problème éradiqué !!
Merci à toi.
