Trojan.zlob.gen indestructible !
Résolu
angelid
Messages postés
35
Statut
Membre
-
patounette -
patounette -
bonjour.
prise de tete depuis 2 jours avec ce probleme malgré kaspersky online, Ccleaner,bitdefender,ewido,hijackthis,spybot :(
impossible de supprimer ce truc aidez moi please .
config pc :Ordinateur
Système d'exploitation Microsoft Windows XP Home Edition
Service Pack du système Service Pack 2
Internet Explorer 6.0.2900.2180
Carte mère
Type de processeur Unknown, 3066 MHz (5.75 x 533)
Nom de la carte mère Inconnu
Chipset de la carte mère SiS 661FX
Mémoire système 384 Mo
Type de BIOS Award (05/26/06)
Moniteur
Carte vidéo SiS 661FX/GX Mirage Graphics (128 Mo)
Accélérateur 3D SiS 6330
Moniteur Écran Plug-and-Play [NoDB] (BZ 315634)
Multimédia
Carte audio SiS 7012 Audio Device
Partitions
C: (NTFS) 149346 Mo (121581 Mo libre)
voici un rapport hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 18:14:08, on 09/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
et voici le rapport kaspersky online:
KASPERSKY ONLINE SCANNER REPORT
Friday, November 10, 2006 11:25:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 10/11/2006
Kaspersky Anti-Virus database records: 226086
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 42175
Number of viruses found 1
Number of infected objects 19 / 0
Number of suspicious objects 0
Duration of the scan process 00:47:27
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\angie\Application Data\Bitdefender\Desktop\Profiles\asdict.dat Object is locked skipped
C:\Documents and Settings\angie\Bureau\cr-bd90e.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\Documents and Settings\angie\Bureau\cr-bd90e.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\Documents and Settings\angie\Bureau\cr-bd90e.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\Documents and Settings\angie\Bureau\cr-bd90e.exe ZIP: infected - 3 skipped
C:\Documents and Settings\angie\Bureau\run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\Documents and Settings\angie\Bureau\run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\Documents and Settings\angie\Bureau\run.exe NSIS: infected - 2 skipped
C:\Documents and Settings\angie\Bureau\run.exe UPX: infected - 2 skipped
C:\Documents and Settings\angie\Bureau\run.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\angie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\angie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\angie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\angie\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\angie\Local Settings\Historique\History.IE5\MSHist012006111020061111\index.dat Object is locked skipped
C:\Documents and Settings\angie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\angie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\angie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Fichiers communs\AOL\ACS\FR\forms.fdb Object is locked skipped
C:\Program Files\Fichiers communs\AOL\ACS\FR\static Object is locked skipped
C:\Program Files\Softwin\BitDefender10\aspdict.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP73\A0007652.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP73\A0007652.exe/stream Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP73\A0007652.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP73\A0007652.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP73\A0007652.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP76\A0008259.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP76\A0008259.exe/stream Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP76\A0008259.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP76\A0008259.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP76\A0008259.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP76\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CE99DE0F-3E38-467C-B24C-0138F709D4E1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp0000021f\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
merci par avance :) a+
prise de tete depuis 2 jours avec ce probleme malgré kaspersky online, Ccleaner,bitdefender,ewido,hijackthis,spybot :(
impossible de supprimer ce truc aidez moi please .
config pc :Ordinateur
Système d'exploitation Microsoft Windows XP Home Edition
Service Pack du système Service Pack 2
Internet Explorer 6.0.2900.2180
Carte mère
Type de processeur Unknown, 3066 MHz (5.75 x 533)
Nom de la carte mère Inconnu
Chipset de la carte mère SiS 661FX
Mémoire système 384 Mo
Type de BIOS Award (05/26/06)
Moniteur
Carte vidéo SiS 661FX/GX Mirage Graphics (128 Mo)
Accélérateur 3D SiS 6330
Moniteur Écran Plug-and-Play [NoDB] (BZ 315634)
Multimédia
Carte audio SiS 7012 Audio Device
Partitions
C: (NTFS) 149346 Mo (121581 Mo libre)
voici un rapport hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 18:14:08, on 09/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT
cnx|PARAM
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
et voici le rapport kaspersky online:
KASPERSKY ONLINE SCANNER REPORT
Friday, November 10, 2006 11:25:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 10/11/2006
Kaspersky Anti-Virus database records: 226086
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 42175
Number of viruses found 1
Number of infected objects 19 / 0
Number of suspicious objects 0
Duration of the scan process 00:47:27
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\angie\Application Data\Bitdefender\Desktop\Profiles\asdict.dat Object is locked skipped
C:\Documents and Settings\angie\Bureau\cr-bd90e.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\Documents and Settings\angie\Bureau\cr-bd90e.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\Documents and Settings\angie\Bureau\cr-bd90e.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\Documents and Settings\angie\Bureau\cr-bd90e.exe ZIP: infected - 3 skipped
C:\Documents and Settings\angie\Bureau\run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\Documents and Settings\angie\Bureau\run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\Documents and Settings\angie\Bureau\run.exe NSIS: infected - 2 skipped
C:\Documents and Settings\angie\Bureau\run.exe UPX: infected - 2 skipped
C:\Documents and Settings\angie\Bureau\run.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\angie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\angie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\angie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\angie\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\angie\Local Settings\Historique\History.IE5\MSHist012006111020061111\index.dat Object is locked skipped
C:\Documents and Settings\angie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\angie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\angie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Fichiers communs\AOL\ACS\FR\forms.fdb Object is locked skipped
C:\Program Files\Fichiers communs\AOL\ACS\FR\static Object is locked skipped
C:\Program Files\Softwin\BitDefender10\aspdict.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP73\A0007652.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP73\A0007652.exe/stream Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP73\A0007652.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP73\A0007652.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP73\A0007652.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP76\A0008259.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP76\A0008259.exe/stream Infected: Trojan-Downloader.Win32.Zlob.avi skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP76\A0008259.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP76\A0008259.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP76\A0008259.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP76\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CE99DE0F-3E38-467C-B24C-0138F709D4E1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp0000021f\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
merci par avance :) a+
2 réponses
hop me revoici. apres avoir mis en route mon cerveau de blonde , tout fonctionne :)
désactivation de la restauration du systeme> suppression du virus> nouveau scan avec bitdefender>réactivation de la restauration du systeme > reboot > nouveau scan avec bitdefender> victoire il n'y a plus rien.
Merci à vous pour la lecture de mon post précedent.
amicalement :)
désactivation de la restauration du systeme> suppression du virus> nouveau scan avec bitdefender>réactivation de la restauration du systeme > reboot > nouveau scan avec bitdefender> victoire il n'y a plus rien.
Merci à vous pour la lecture de mon post précedent.
amicalement :)
Bonjour,
bijour les amis,
moi j"ai un probleme avec un ver ou trojan zlob.gen keke chose qui me bouffe la vie et mon ordi impossible de m"en debarrasser et j'ai fait le maximum avec avast spydoctor et d'autres. j'ai une icone avec un point d"interrogation et une croix blanche sur fond rouge qui ne cesse dapparaitre dans la barre des taches.
'jai testé clean ca marche pas . j'ai effectué un scanner avec window live one care. ca contine a me mettre system alert avec un panneau attention sur fond jaune.
je ne sais plus quoi faire , venez moi en aide avant que je petasse un plomb mdr patricia
mon adresse email patounette39@hotmail.fr
bijour les amis,
moi j"ai un probleme avec un ver ou trojan zlob.gen keke chose qui me bouffe la vie et mon ordi impossible de m"en debarrasser et j'ai fait le maximum avec avast spydoctor et d'autres. j'ai une icone avec un point d"interrogation et une croix blanche sur fond rouge qui ne cesse dapparaitre dans la barre des taches.
'jai testé clean ca marche pas . j'ai effectué un scanner avec window live one care. ca contine a me mettre system alert avec un panneau attention sur fond jaune.
je ne sais plus quoi faire , venez moi en aide avant que je petasse un plomb mdr patricia
mon adresse email patounette39@hotmail.fr
