Ordi infecté : virus et trojan
Résolu
sanselmino
Messages postés
11
Statut
Membre
-
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour la Communauté,
J'ai un pb avec mon pc qui suite à une fin de droit sur Norton à récupéré des virus et des trojans dont je n'arrive pas à me séparer malgré EWIDO, BITFINDER, Et HIJACK dont vous trouverez ci après le reporting.
Que faire ?
Merci pour votre aide
S.A
sanselmino@free.fr
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:43:33 15/12/2006
+ Scan result:
C:\Program Files\Safety Bar -> Adware.Generic : No action taken.
C:\Program Files\Safety Bar\__delete_on_reboot__S_a_f_e_t_y_B_a_r_._d_l_l_ -> Adware.Generic : No action taken.
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvxky[1].exe -> Adware.Universa : No action taken.
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvyue[1].exe -> Adware.Universa : No action taken.
C:\WINDOWS\Temp\win11C.tmp.exe -> Adware.Universa : No action taken.
C:\WINDOWS\Temp\win1D.tmp.exe -> Adware.Universa : No action taken.
C:\WINDOWS\Temp\win48.tmp.exe -> Adware.Universa : No action taken.
C:\WINDOWS\Temp\win5E.tmp.exe -> Adware.Universa : No action taken.
C:\WINDOWS\system32\vtututu.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_D_7_._t_m_p_._e_x_e_ -> Dialer.Agent.z : No action taken.
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_E_6_._t_m_p_._e_x_e_ -> Dialer.Agent.z : No action taken.
C:\WINDOWS\Temp\idd10C.tmp.exe -> Dialer.Agent.z : No action taken.
C:\WINDOWS\Temp\idd1E.tmp.exe -> Dialer.Agent.z : No action taken.
C:\WINDOWS\Temp\idd4A.tmp.exe -> Dialer.Agent.z : No action taken.
C:\WINDOWS\Temp\idd7E.tmp.exe -> Dialer.Agent.z : No action taken.
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\ERAT6PK3\45aTq2V13X[1].exe -> Downloader.Busky : No action taken.
C:\WINDOWS\Temp\win1B.tmp.exe -> Downloader.Busky : No action taken.
C:\WINDOWS\system32\frsvabb.dll -> Downloader.Busky : No action taken.
C:\__delete_on_reboot__q_l_c_o_j_e_k_._e_x_e_ -> Dropper.Agent.azs : No action taken.
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\ErrorSafeFrenchNewReleaseInstall[1].cab/UERSV_0001_N91S2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\UERSV_0001_N91S2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : No action taken.
::Report end
BitDefender Online Scanner
Scan report generated at: Fri, Dec 15, 2006 - 19:37:08
Scan path: A:\;C:\;D:\;E:\;G:\;H:\;I:\;J:\;
Statistics
Time
03:10:25
Files
777238
Folders
7109
Boot Sectors
2
Archives
39622
Packed Files
53777
Results
Identified Viruses
11
Infected Files
26
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
23
Engines Info
Virus Definitions
339236
Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\ErrorSafeFrenchNewReleaseInstall[1].cab=>UERSV_0001_N91S2108NetInstaller.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\ErrorSafeFrenchNewReleaseInstall[1].cab=>UERSV_0001_N91S2108NetInstaller.exe
Disinfection failed
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\ErrorSafeFrenchNewReleaseInstall[1].cab=>UERSV_0001_N91S2108NetInstaller.exe
Deleted
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\ErrorSafeFrenchNewReleaseInstall[1].cab
Update failed
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\popup[1].php
Detected with: Application.JS.ForcePopup.D
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\popup[1].php
Disinfection failed
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\popup[1].php
Deleted
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\popup[2].php
Detected with: Application.JS.ForcePopup.D
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\popup[2].php
Disinfection failed
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\popup[2].php
Deleted
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvxky[1].exe
Infected with: Trojan.Downloader.Agent.AQG
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvxky[1].exe
Disinfection failed
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvxky[1].exe
Deleted
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvyue[1].exe
Infected with: Trojan.Downloader.Agent.AQG
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvyue[1].exe
Disinfection failed
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvyue[1].exe
Deleted
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP206\A0040145.exe
Infected with: Trojan.Downloader.Zlob.AES
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP206\A0040145.exe
Disinfection failed
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP206\A0040145.exe
Deleted
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040161.exe
Infected with: MemScan:Backdoor.Agent.II
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040161.exe
Disinfection failed
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040161.exe
Deleted
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040162.exe
Infected with: Trojan.Downloader.Agent.MO
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040162.exe
Disinfection failed
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040162.exe
Deleted
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040166.bat
Infected with: Trojan.Zlob.AM
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040166.bat
Disinfection failed
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040166.bat
Deleted
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040174.exe
Infected with: Trojan.Downloader.Zlob.AES
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040174.exe
Disinfection failed
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040174.exe
Deleted
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040210.exe
Infected with: Trojan.Downloader.Zlob.ABN
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040210.exe
Disinfection failed
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040210.exe
Deleted
C:\WINDOWS\Downloaded Program Files\UERSV_0001_N91S2108NetInstaller.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\WINDOWS\Downloaded Program Files\UERSV_0001_N91S2108NetInstaller.exe
Disinfection failed
C:\WINDOWS\Downloaded Program Files\UERSV_0001_N91S2108NetInstaller.exe
Deleted
C:\WINDOWS\system32\drvdox.dll
Infected with: Trojan.FakeAlert.S
C:\WINDOWS\system32\drvdox.dll
Disinfection failed
C:\WINDOWS\system32\drvdox.dll
Deleted
C:\WINDOWS\system32\ismini.exe
Infected with: Trojan.Downloader.Zlob.AES
C:\WINDOWS\system32\ismini.exe
Disinfection failed
C:\WINDOWS\system32\ismini.exe
Deleted
C:\WINDOWS\system32\vtututu.dll
Infected with: Trojan.Virtumod.DF
C:\WINDOWS\system32\vtututu.dll
Disinfection failed
C:\WINDOWS\system32\vtututu.dll
Delete failed
C:\WINDOWS\system32\winzlo32.dll
Infected with: Trojan.Klone.H
C:\WINDOWS\system32\winzlo32.dll
Disinfection failed
C:\WINDOWS\system32\winzlo32.dll
Delete failed
C:\WINDOWS\Temp\idd10C.tmp.exe
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\idd10C.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\idd10C.tmp.exe
Deleted
C:\WINDOWS\Temp\idd1E.tmp.exe
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\idd1E.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\idd1E.tmp.exe
Deleted
C:\WINDOWS\Temp\idd4A.tmp.exe
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\idd4A.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\idd4A.tmp.exe
Deleted
C:\WINDOWS\Temp\win11C.tmp.exe
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\win11C.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win11C.tmp.exe
Delete failed
C:\WINDOWS\Temp\win1D.tmp.exe
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\win1D.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win1D.tmp.exe
Deleted
C:\WINDOWS\Temp\win48.tmp.exe
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\win48.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win48.tmp.exe
Deleted
C:\WINDOWS\Temp\win5E.tmp.exe
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\win5E.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win5E.tmp.exe
Deleted
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_D_7_._t_m_p_._e_x_e_
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_D_7_._t_m_p_._e_x_e_
Disinfection failed
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_D_7_._t_m_p_._e_x_e_
Deleted
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_E_6_._t_m_p_._e_x_e_
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_E_6_._t_m_p_._e_x_e_
Disinfection failed
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_E_6_._t_m_p_._e_x_e_
Deleted
C:\__delete_on_reboot__q_l_c_o_j_e_k_._e_x_e_
Infected with: MemScan:Backdoor.Agent.II
C:\__delete_on_reboot__q_l_c_o_j_e_k_._e_x_e_
Disinfection failed
C:\__delete_on_reboot__q_l_c_o_j_e_k_._e_x_e_
Deleted
Logfile of HijackThis v1.99.1
Scan saved at 20:08:45, on 15/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\msasvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {7411F8BA-29A3-3216-9DE7-024AC0AAB9F6} - C:\WINDOWS\System32\viyjhai.dll
O2 - BHO: (no name) - {9B0C7A02-A17A-4C81-BD7D-30A622701C36} - C:\WINDOWS\System32\vtututu.dll
O2 - BHO: (no name) - {B360F627-D362-448B-99EA-2B28DACA4B4D} - C:\WINDOWS\System32\mlljk.dll
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\System32\ixt0.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [thisbiasstupidwarn] C:\Documents and Settings\All Users\Application Data\Bikeboobthisbias\SendNoun.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvdox.dll,startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [frsvabb.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\frsvabb.dll,mhomdtd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Team Jump] C:\DOCUME~1\STEPHANE\APPLIC~1\PARTDE~1\HoleCool.exe
O4 - HKCU\..\Run: [Whp] C:\Program Files\?icrosoft\n?tepad.exe
O4 - HKCU\..\Run: [Cccs] "C:\PROGRA~1\COMMON~1\RACLE~1\msiexec.exe" -vt ndrv
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - Winlogon Notify: explorer - explorer.dll (file missing)
O20 - Winlogon Notify: mlljk - C:\WINDOWS\System32\mlljk.dll
O20 - Winlogon Notify: vtututu - C:\WINDOWS\SYSTEM32\vtututu.dll
O20 - Winlogon Notify: winzlo32 - C:\WINDOWS\SYSTEM32\winzlo32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Unknown owner - C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\System32\ZipToA.exe
J'ai un pb avec mon pc qui suite à une fin de droit sur Norton à récupéré des virus et des trojans dont je n'arrive pas à me séparer malgré EWIDO, BITFINDER, Et HIJACK dont vous trouverez ci après le reporting.
Que faire ?
Merci pour votre aide
S.A
sanselmino@free.fr
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:43:33 15/12/2006
+ Scan result:
C:\Program Files\Safety Bar -> Adware.Generic : No action taken.
C:\Program Files\Safety Bar\__delete_on_reboot__S_a_f_e_t_y_B_a_r_._d_l_l_ -> Adware.Generic : No action taken.
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvxky[1].exe -> Adware.Universa : No action taken.
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvyue[1].exe -> Adware.Universa : No action taken.
C:\WINDOWS\Temp\win11C.tmp.exe -> Adware.Universa : No action taken.
C:\WINDOWS\Temp\win1D.tmp.exe -> Adware.Universa : No action taken.
C:\WINDOWS\Temp\win48.tmp.exe -> Adware.Universa : No action taken.
C:\WINDOWS\Temp\win5E.tmp.exe -> Adware.Universa : No action taken.
C:\WINDOWS\system32\vtututu.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_D_7_._t_m_p_._e_x_e_ -> Dialer.Agent.z : No action taken.
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_E_6_._t_m_p_._e_x_e_ -> Dialer.Agent.z : No action taken.
C:\WINDOWS\Temp\idd10C.tmp.exe -> Dialer.Agent.z : No action taken.
C:\WINDOWS\Temp\idd1E.tmp.exe -> Dialer.Agent.z : No action taken.
C:\WINDOWS\Temp\idd4A.tmp.exe -> Dialer.Agent.z : No action taken.
C:\WINDOWS\Temp\idd7E.tmp.exe -> Dialer.Agent.z : No action taken.
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\ERAT6PK3\45aTq2V13X[1].exe -> Downloader.Busky : No action taken.
C:\WINDOWS\Temp\win1B.tmp.exe -> Downloader.Busky : No action taken.
C:\WINDOWS\system32\frsvabb.dll -> Downloader.Busky : No action taken.
C:\__delete_on_reboot__q_l_c_o_j_e_k_._e_x_e_ -> Dropper.Agent.azs : No action taken.
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\ErrorSafeFrenchNewReleaseInstall[1].cab/UERSV_0001_N91S2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\UERSV_0001_N91S2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\STEPHANE\Cookies\stephane@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : No action taken.
::Report end
BitDefender Online Scanner
Scan report generated at: Fri, Dec 15, 2006 - 19:37:08
Scan path: A:\;C:\;D:\;E:\;G:\;H:\;I:\;J:\;
Statistics
Time
03:10:25
Files
777238
Folders
7109
Boot Sectors
2
Archives
39622
Packed Files
53777
Results
Identified Viruses
11
Infected Files
26
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
23
Engines Info
Virus Definitions
339236
Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\ErrorSafeFrenchNewReleaseInstall[1].cab=>UERSV_0001_N91S2108NetInstaller.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\ErrorSafeFrenchNewReleaseInstall[1].cab=>UERSV_0001_N91S2108NetInstaller.exe
Disinfection failed
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\ErrorSafeFrenchNewReleaseInstall[1].cab=>UERSV_0001_N91S2108NetInstaller.exe
Deleted
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\ErrorSafeFrenchNewReleaseInstall[1].cab
Update failed
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\popup[1].php
Detected with: Application.JS.ForcePopup.D
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\popup[1].php
Disinfection failed
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\popup[1].php
Deleted
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\popup[2].php
Detected with: Application.JS.ForcePopup.D
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\popup[2].php
Disinfection failed
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\popup[2].php
Deleted
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvxky[1].exe
Infected with: Trojan.Downloader.Agent.AQG
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvxky[1].exe
Disinfection failed
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvxky[1].exe
Deleted
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvyue[1].exe
Infected with: Trojan.Downloader.Agent.AQG
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvyue[1].exe
Disinfection failed
C:\Documents and Settings\STEPHANE\Local Settings\Temporary Internet Files\Content.IE5\SZCPQF4B\srvyue[1].exe
Deleted
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP206\A0040145.exe
Infected with: Trojan.Downloader.Zlob.AES
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP206\A0040145.exe
Disinfection failed
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP206\A0040145.exe
Deleted
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040161.exe
Infected with: MemScan:Backdoor.Agent.II
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040161.exe
Disinfection failed
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040161.exe
Deleted
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040162.exe
Infected with: Trojan.Downloader.Agent.MO
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040162.exe
Disinfection failed
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040162.exe
Deleted
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040166.bat
Infected with: Trojan.Zlob.AM
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040166.bat
Disinfection failed
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040166.bat
Deleted
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040174.exe
Infected with: Trojan.Downloader.Zlob.AES
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040174.exe
Disinfection failed
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040174.exe
Deleted
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040210.exe
Infected with: Trojan.Downloader.Zlob.ABN
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040210.exe
Disinfection failed
C:\System Volume Information\_restore{AF454EF8-DE95-4662-BE7E-790AE8BCB6F4}\RP207\A0040210.exe
Deleted
C:\WINDOWS\Downloaded Program Files\UERSV_0001_N91S2108NetInstaller.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\WINDOWS\Downloaded Program Files\UERSV_0001_N91S2108NetInstaller.exe
Disinfection failed
C:\WINDOWS\Downloaded Program Files\UERSV_0001_N91S2108NetInstaller.exe
Deleted
C:\WINDOWS\system32\drvdox.dll
Infected with: Trojan.FakeAlert.S
C:\WINDOWS\system32\drvdox.dll
Disinfection failed
C:\WINDOWS\system32\drvdox.dll
Deleted
C:\WINDOWS\system32\ismini.exe
Infected with: Trojan.Downloader.Zlob.AES
C:\WINDOWS\system32\ismini.exe
Disinfection failed
C:\WINDOWS\system32\ismini.exe
Deleted
C:\WINDOWS\system32\vtututu.dll
Infected with: Trojan.Virtumod.DF
C:\WINDOWS\system32\vtututu.dll
Disinfection failed
C:\WINDOWS\system32\vtututu.dll
Delete failed
C:\WINDOWS\system32\winzlo32.dll
Infected with: Trojan.Klone.H
C:\WINDOWS\system32\winzlo32.dll
Disinfection failed
C:\WINDOWS\system32\winzlo32.dll
Delete failed
C:\WINDOWS\Temp\idd10C.tmp.exe
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\idd10C.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\idd10C.tmp.exe
Deleted
C:\WINDOWS\Temp\idd1E.tmp.exe
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\idd1E.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\idd1E.tmp.exe
Deleted
C:\WINDOWS\Temp\idd4A.tmp.exe
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\idd4A.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\idd4A.tmp.exe
Deleted
C:\WINDOWS\Temp\win11C.tmp.exe
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\win11C.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win11C.tmp.exe
Delete failed
C:\WINDOWS\Temp\win1D.tmp.exe
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\win1D.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win1D.tmp.exe
Deleted
C:\WINDOWS\Temp\win48.tmp.exe
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\win48.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win48.tmp.exe
Deleted
C:\WINDOWS\Temp\win5E.tmp.exe
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\win5E.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win5E.tmp.exe
Deleted
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_D_7_._t_m_p_._e_x_e_
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_D_7_._t_m_p_._e_x_e_
Disinfection failed
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_D_7_._t_m_p_._e_x_e_
Deleted
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_E_6_._t_m_p_._e_x_e_
Infected with: Trojan.Downloader.Agent.AQG
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_E_6_._t_m_p_._e_x_e_
Disinfection failed
C:\WINDOWS\Temp\__delete_on_reboot__i_d_d_E_6_._t_m_p_._e_x_e_
Deleted
C:\__delete_on_reboot__q_l_c_o_j_e_k_._e_x_e_
Infected with: MemScan:Backdoor.Agent.II
C:\__delete_on_reboot__q_l_c_o_j_e_k_._e_x_e_
Disinfection failed
C:\__delete_on_reboot__q_l_c_o_j_e_k_._e_x_e_
Deleted
Logfile of HijackThis v1.99.1
Scan saved at 20:08:45, on 15/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\msasvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {7411F8BA-29A3-3216-9DE7-024AC0AAB9F6} - C:\WINDOWS\System32\viyjhai.dll
O2 - BHO: (no name) - {9B0C7A02-A17A-4C81-BD7D-30A622701C36} - C:\WINDOWS\System32\vtututu.dll
O2 - BHO: (no name) - {B360F627-D362-448B-99EA-2B28DACA4B4D} - C:\WINDOWS\System32\mlljk.dll
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\System32\ixt0.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [thisbiasstupidwarn] C:\Documents and Settings\All Users\Application Data\Bikeboobthisbias\SendNoun.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvdox.dll,startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [frsvabb.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\frsvabb.dll,mhomdtd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Team Jump] C:\DOCUME~1\STEPHANE\APPLIC~1\PARTDE~1\HoleCool.exe
O4 - HKCU\..\Run: [Whp] C:\Program Files\?icrosoft\n?tepad.exe
O4 - HKCU\..\Run: [Cccs] "C:\PROGRA~1\COMMON~1\RACLE~1\msiexec.exe" -vt ndrv
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - Winlogon Notify: explorer - explorer.dll (file missing)
O20 - Winlogon Notify: mlljk - C:\WINDOWS\System32\mlljk.dll
O20 - Winlogon Notify: vtututu - C:\WINDOWS\SYSTEM32\vtututu.dll
O20 - Winlogon Notify: winzlo32 - C:\WINDOWS\SYSTEM32\winzlo32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Unknown owner - C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\System32\ZipToA.exe
A voir également:
- Ordi infecté : virus et trojan
- Ordi qui rame - Guide
- Comment reinitialiser un ordi - Guide
- Ordi scrabble - Télécharger - Jeux vidéo
- Mon ordi ne reconnait pas ma clé usb - Guide
- Ecran ordi a l'envers - Guide
3 réponses
Salut,
Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
A+
Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
A+
Bonsoir
Oui un peu, tu es tres infecté.
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
A+
Oui un peu, tu es tres infecté.
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
A+
Et merci pour ton intervention rapide..voilà comme demandé le rapport d'analyse.....dites c'est grave docteur ??
SmitFraudFix v2.130
Rapport fait à 21:59:45,71, 15/12/2006
Executé à partir de C:\Program Files\Fichiers communs\mozilla.org\GRE\1.7.3_2004091008\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\issearch.exe PRESENT !
C:\WINDOWS\system32\olnohdw.dll PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\ts.ico PRESENT !
C:\WINDOWS\system32\components\flx?.dll PRESENT !
C:\WINDOWS\system32\components\flx??.dll PRESENT !
C:\WINDOWS\system32\components\flx???.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\STEPHANE
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\STEPHANE\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\STEPHANE\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Safety Bar\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral"
[HKEY_CLASSES_ROOT\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32]
@="C:\WINDOWS\System32\olnohdw.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32]
@="C:\WINDOWS\System32\olnohdw.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
pe386 détecté, utilisez un scanner de Rootkit
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Et merci pour ton intervention rapide..voilà comme demandé le rapport d'analyse.....dites c'est grave docteur ??
SmitFraudFix v2.130
Rapport fait à 21:59:45,71, 15/12/2006
Executé à partir de C:\Program Files\Fichiers communs\mozilla.org\GRE\1.7.3_2004091008\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\issearch.exe PRESENT !
C:\WINDOWS\system32\olnohdw.dll PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\ts.ico PRESENT !
C:\WINDOWS\system32\components\flx?.dll PRESENT !
C:\WINDOWS\system32\components\flx??.dll PRESENT !
C:\WINDOWS\system32\components\flx???.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\STEPHANE
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\STEPHANE\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\STEPHANE\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Safety Bar\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral"
[HKEY_CLASSES_ROOT\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32]
@="C:\WINDOWS\System32\olnohdw.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32]
@="C:\WINDOWS\System32\olnohdw.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
pe386 détecté, utilisez un scanner de Rootkit
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll