24 files infectées par trojan

abrica Messages postés 48 Date d'inscription   Statut Membre Dernière intervention   -  
abrica Messages postés 48 Date d'inscription   Statut Membre Dernière intervention   -
bonjour, pouvez vous m'apporter votre aide pour mon ordinateur qui devient de plus en plus lent; j'ai utilisé la methode préliminaire de désinfection et vous envoe les rapports de Bitdefender et d'Hijackthis.merci


BitDefender Online Scanner







Scan report generated at: Sun, Feb 25, 2007 - 16:56:21









Scan path: C:\;D:\;E:\;F:\;G:\;















Statistics

Time


00:51:18

Files


240742

Folders


4581

Boot Sectors


8

Archives


1827

Packed Files


23598







Results

Identified Viruses


10

Infected Files


24

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


20







Engines Info

Virus Definitions


393458

Engine build


AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

E:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\CRGHY1M1\winz[1].exx


Infected with: MemScan:Trojan.Vundo.AD

E:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\CRGHY1M1\winz[1].exx


Disinfection failed

E:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\CRGHY1M1\winz[1].exx


Deleted

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP170\A0045579.dll


Infected with: Trojan.Virtumod.EB

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP170\A0045579.dll


Disinfection failed

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP170\A0045579.dll


Deleted

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP170\A0045580.exe


Infected with: Trojan.Agent.ACL

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP170\A0045580.exe


Disinfection failed

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP170\A0045580.exe


Deleted

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP97\S0023705.Acl


Infected with: Win32.MyPics.A@mm

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP97\S0023705.Acl


Disinfection failed

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP97\S0023705.Acl


Deleted

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP99\A0024454.exe=>(NSIS o)=>lzma_nsis0000


Infected with: Trojan.Zlob.JY

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP99\A0024454.exe=>(NSIS o)=>lzma_nsis0000


Disinfection failed

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP99\A0024454.exe=>(NSIS o)=>lzma_nsis0000


Deleted

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP99\A0024454.exe=>(NSIS o)


Update failed

E:\WINDOWS\system32\bjofpdfu.exe


Infected with: Trojan.Agent.ACL

E:\WINDOWS\system32\bjofpdfu.exe


Disinfection failed

E:\WINDOWS\system32\bjofpdfu.exe


Deleted

E:\WINDOWS\system32\cgrxdoox.dll


Infected with: Trojan.Virtumod.EB

E:\WINDOWS\system32\cgrxdoox.dll


Disinfection failed

E:\WINDOWS\system32\cgrxdoox.dll


Deleted

E:\WINDOWS\system32\gebca.dll


Infected with: MemScan:Trojan.Vundo.AF

E:\WINDOWS\system32\gebca.dll


Disinfection failed

E:\WINDOWS\system32\gebca.dll


Delete failed

E:\WINDOWS\system32\htfiukvn.dll


Infected with: Trojan.Spy.VBStat.B

E:\WINDOWS\system32\htfiukvn.dll


Deleted

E:\WINDOWS\system32\iifcdbx.dll


Infected with: Trojan.Vundo.AD

E:\WINDOWS\system32\iifcdbx.dll


Disinfection failed

E:\WINDOWS\system32\iifcdbx.dll


Deleted

E:\WINDOWS\system32\iskekbcs.dll


Infected with: Trojan.Virtumod.EB

E:\WINDOWS\system32\iskekbcs.dll


Disinfection failed

E:\WINDOWS\system32\iskekbcs.dll


Deleted

E:\WINDOWS\system32\jcxdmrgr.exe


Infected with: Trojan.Agent.ACL

E:\WINDOWS\system32\jcxdmrgr.exe


Disinfection failed

E:\WINDOWS\system32\jcxdmrgr.exe


Deleted

E:\WINDOWS\system32\jeiugltc.exe


Infected with: Trojan.Agent.ACL

E:\WINDOWS\system32\jeiugltc.exe


Disinfection failed

E:\WINDOWS\system32\jeiugltc.exe


Deleted

E:\WINDOWS\system32\jkkhfge.dll


Infected with: Trojan.Vundo.AD

E:\WINDOWS\system32\jkkhfge.dll


Disinfection failed

E:\WINDOWS\system32\jkkhfge.dll


Deleted

E:\WINDOWS\system32\khfcyxv.dll


Infected with: Trojan.Vundo.AD

E:\WINDOWS\system32\khfcyxv.dll


Disinfection failed

E:\WINDOWS\system32\khfcyxv.dll


Delete failed

E:\WINDOWS\system32\khfdaxv.dll


Infected with: Trojan.Vundo.AD

E:\WINDOWS\system32\khfdaxv.dll


Disinfection failed

E:\WINDOWS\system32\khfdaxv.dll


Deleted

E:\WINDOWS\system32\oswyjquq.exe


Infected with: Trojan.Agent.ACL

E:\WINDOWS\system32\oswyjquq.exe


Disinfection failed

E:\WINDOWS\system32\oswyjquq.exe


Deleted

E:\WINDOWS\system32\pjgrxixk.dll


Infected with: Trojan.Virtumod.EB

E:\WINDOWS\system32\pjgrxixk.dll


Disinfection failed

E:\WINDOWS\system32\pjgrxixk.dll


Deleted

E:\WINDOWS\system32\rhdsfsox.dll


Infected with: Trojan.Virtumod.EB

E:\WINDOWS\system32\rhdsfsox.dll


Disinfection failed

E:\WINDOWS\system32\rhdsfsox.dll


Deleted

E:\WINDOWS\system32\urqqonl.dll


Infected with: Trojan.Vundo.AD

E:\WINDOWS\system32\urqqonl.dll


Disinfection failed

E:\WINDOWS\system32\urqqonl.dll


Deleted

E:\WINDOWS\system32\vrvwhptc.dll


Infected with: Trojan.Virtumod.EB

E:\WINDOWS\system32\vrvwhptc.dll


Disinfection failed

E:\WINDOWS\system32\vrvwhptc.dll


Deleted

E:\WINDOWS\system32\vugcopyj.exe


Infected with: Trojan.Agent.ACL

E:\WINDOWS\system32\vugcopyj.exe


Disinfection failed

E:\WINDOWS\system32\vugcopyj.exe


Deleted

E:\WINDOWS\system32\wbvxqsfg.dll


Infected with: Trojan.Juan.F

E:\WINDOWS\system32\wbvxqsfg.dll


Disinfection failed

E:\WINDOWS\system32\wbvxqsfg.dll


Delete failed

E:\WINDOWS\system32\winsystems16.exe


Infected with: DeepScan:Generic.Malware.G!SI!!FLWX!!YBdg.8F7FE4FA

E:\WINDOWS\system32\winsystems16.exe


Disinfection failed

E:\WINDOWS\system32\winsystems16.exe


Delete failed

Logfile of HijackThis v1.99.1
Scan saved at 17:20:58, on 25/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\VTTimer.exe
E:\WINDOWS\system32\VTtrayp.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\RunDll32.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
E:\WINDOWS\system32\winsystems16.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\outils\HidjackThis\Hijackthis Version Française\VERSION TRADUITE
ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {340216DF-9CA8-4CB0-B920-274CFA04D509} -
E:\WINDOWS\system32\gebca.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} -
E:\WINDOWS\system32\khfcyxv.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} -
E:\WINDOWS\system32\wbvxqsfg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software
Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBLive 24-Bit
External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program
Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "E:\Program Files\Fichiers
communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "E:\Program Files\ABBYY
FineReader 7.0 Professional Edition\ABBYYNewsReader.exe"
O4 - HKLM\..\Run: [WinSystems] E:\WINDOWS\system32\winsystems16.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [WinSystems] E:\WINDOWS\system32\winsystems16.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [BitTorrent] "E:\Program Files\BitTorrent\bittorrent.exe"
--force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk =
E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program
Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file
missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: gebca - E:\WINDOWS\system32\gebca.dll
O20 - Winlogon Notify: khfcyxv - E:\WINDOWS\SYSTEM32\khfcyxv.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - E:\Program Files\Fichiers
communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe






















A voir également:

6 réponses

Réponse 1 / 6
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
bonsoir,

* Télécharge VundoFix.exe (par Atribune) sur ton Bureau

http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer

* Clique sur le bouton Scan for Vundo

* Lorsque le scan est complété, clique sur le bouton Remove Vundo

* Une invite te demandera si tu veux supprimer les fichiers, clique YES

* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse


Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

0
abrica Messages postés 48 Date d'inscription   Statut Membre Dernière intervention  
 
merci de ton aide double
voici les deux rapports

VundoFix V6.3.9

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 18:16:21 26/02/2007

Listing files found while scanning....

E:\WINDOWS\system32\acbeg.ini
E:\WINDOWS\system32\acbeg.ini2
E:\WINDOWS\system32\acbeg.tmp
E:\WINDOWS\system32\gebca.dll
E:\WINDOWS\system32\khfcyxv.dll
E:\WINDOWS\system32\wbvxqsfg.dll

Beginning removal...

Attempting to delete E:\WINDOWS\system32\acbeg.ini
E:\WINDOWS\system32\acbeg.ini Has been deleted!

Attempting to delete E:\WINDOWS\system32\acbeg.ini2
E:\WINDOWS\system32\acbeg.ini2 Has been deleted!

Attempting to delete E:\WINDOWS\system32\acbeg.tmp
E:\WINDOWS\system32\acbeg.tmp Has been deleted!

Attempting to delete E:\WINDOWS\system32\gebca.dll
E:\WINDOWS\system32\gebca.dll Has been deleted!

Attempting to delete E:\WINDOWS\system32\khfcyxv.dll
E:\WINDOWS\system32\khfcyxv.dll Has been deleted!

Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 18:37:29, on 26/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\VTTimer.exe
E:\WINDOWS\system32\VTtrayp.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\RunDll32.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
E:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe
E:\WINDOWS\system32\winsystems16.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\outils\HidjackThis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {96548CBB-EE60-48B2-AC16-77AA723D1703} - E:\WINDOWS\system32\gebca.dll (file missing)
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - E:\WINDOWS\system32\khfcyxv.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - E:\WINDOWS\system32\wbvxqsfg.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "E:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "E:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe"
O4 - HKLM\..\Run: [WinSystems] E:\WINDOWS\system32\winsystems16.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [WinSystems] E:\WINDOWS\system32\winsystems16.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "E:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
0
Réponse 2 / 6
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
bonsoir,

du ménage de fait, il en reste encore

Telecharge: Pocket Killbox
http://www.downloads.subratam.org/killBox.exe

puis

* lance hijackthis coche et fixe ces lignes :

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {96548CBB-EE60-48B2-AC16-77AA723D1703} - E:\WINDOWS\system32\gebca.dll (file missing)
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - E:\WINDOWS\system32\khfcyxv.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - E:\WINDOWS\system32\wbvxqsfg.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "E:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -schedul
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "E:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe"
O4 - HKLM\..\Run: [WinSystems] E:\WINDOWS\system32\winsystems16.exe
O4 - HKLM\..\RunServices: [WinSystems] E:\WINDOWS\system32\winsystems16.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)

1- Double-clic sur KillBox.exe
2- Selectionne "Delete on Reboot"
3 - Dans "Full Path of File to Delete"
copie et colle:

E:\WINDOWS\system32\winsystems16.exe

5- clic sur le rond rouge
6- une fenetre va apparaitre pour confirmation clic sur OUI
7- une seconde fenetre te demande si tu veux redemarrer clic sur OUI

* fait un scan complet avec AVG et poste le rapport stp

ainsi qu' un nouveau rapport Hijackthis
0
Réponse 3 / 6
abrica Messages postés 48 Date d'inscription   Statut Membre Dernière intervention  
 
bonjour ; merci de ton aide voici les 2 rapports :
Logfile of HijackThis v1.99.1
Scan saved at 09:01:16, on 27/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\VTTimer.exe
E:\WINDOWS\system32\VTtrayp.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\RunDll32.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\outils\HidjackThis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.free.fr/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinSystems] E:\WINDOWS\system32\winsystems16.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "E:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 08:59:06 27/02/2007

+ Résultat de l'analyse:



E:\Program Files\Everest Poker\CStart.exe -> Adware.Casino : Ignoré.
E:\Program Files\Everest Poker\Everest Poker.exe -> Adware.Casino : Ignoré.
E:\Program Files\Everest Poker\cstart-tmp.exe -> Adware.Casino : Ignoré.
E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP143\A0032289.exe -> Adware.Casino : Ignoré.
E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP143\A0032312.exe -> Adware.Casino : Ignoré.
E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP143\A0032342.exe -> Adware.Casino : Ignoré.
E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP144\A0032372.exe -> Adware.Casino : Ignoré.
E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP144\A0032435.exe -> Adware.Casino : Ignoré.
E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP145\A0032624.exe -> Adware.Casino : Ignoré.
E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP145\A0032720.exe -> Adware.Casino : Ignoré.
E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP147\A0032777.exe -> Adware.Casino : Ignoré.
E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP150\A0032896.exe -> Adware.Casino : Ignoré.
E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP152\A0035069.exe -> Adware.Casino : Ignoré.
E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP152\A0036086.exe -> Adware.Casino : Ignoré.
E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP153\A0036163.exe -> Adware.Casino : Ignoré.
E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP154\A0036240.exe -> Adware.Casino : Ignoré.
E:\!KillBox\winsystems16.exe -> Backdoor.SdBot.bdy : Nettoyé et sauvegardé (mise en quarantaine).
E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP172\A0051341.exe -> Backdoor.SdBot.bdy : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.35:E:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d9q0jhco.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.11:E:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d9q0jhco.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.30:E:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d9q0jhco.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
E:\Documents and Settings\Administrateur\Cookies\administrateur@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.34:E:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d9q0jhco.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.41:E:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d9q0jhco.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.42:E:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d9q0jhco.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.43:E:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d9q0jhco.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.44:E:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d9q0jhco.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.27:E:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d9q0jhco.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.28:E:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d9q0jhco.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.29:E:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d9q0jhco.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.51:E:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d9q0jhco.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.


Fin du rapport

à +
0
Réponse 4 / 6
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
Bonjour,

relance Hijackthis et vérifie si cette ligne y est encore

O4 - HKLM\..\Run: [WinSystems] E:\WINDOWS\system32\winsystems16.exe
si oui tu la fixes


supprime
c:\!killbox

vide ta corbeille

fait un scan antivirus en ligne et poste le rapport ici ensuite

* Fait un scan antivirus en ligne
https://www.bitdefender.fr/

* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

(sauvegarder le rapport au format TEXTE svp. merci)
et reposte un rapport hijackthis également


0
abrica Messages postés 48 Date d'inscription   Statut Membre Dernière intervention  
 
bonsoir , la ligne en question était encore présente ; le l'ai"fixée" je n'ai par contre pas la possibilité d'accéder à internet et de faire un scan en ligne car le PC était chez mon fils qui utilise une neufbox très haut débit et chez moi j'ai une freebox ADSL ( qui n'a pas le même débit - est ce une raison?)et je ne parviens pas à connecter le serveur. j'ai posé la question sur le forum internet ; la réponse actuelle ne m'aide pas plus.
je dois donc transférer logiciel et rapports d'un PC à l'autre par clé USB.aurais tu une autre procédure?merci
0
abrica Messages postés 48 Date d'inscription   Statut Membre Dernière intervention  
 
j'annule ce que je viens de dire car , ensuivant les bons conseils de mon interlocuteur j'ai découvert que ca marchait bien donc je fais ce scan en ligne et je te le poste ; merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
ensuivant les bons conseils de mon interlocuteur j'ai découvert que ca marchait bien

tu parles de quel interlocuteur ?
moi ?
dit moi l'autre topic où afideg est passé continuer, est-ce pour le même pc ?
0
abrica Messages postés 48 Date d'inscription   Statut Membre Dernière intervention  
 
bonjour il y a bien 2 PC infectés : celui de mon fils , étudiant à Clermont que j'ai rappatrié chez moi pour le désinfecter et pour lequel j'avais des difficultés de connexion à internet et ai donc interpellé le forum "internet" et celui de ma fille chez moi qui était plus légèrement infecté du moins je croyais. j'avais différencié les problèmes pour éviter les confusions apparemment c'est le contraire qui s'est passé. désolée
j'avais posté hier soir les 2 rapports ; je ne les vois pas ici je les reposte donc :
*BitDefender Online Scanner*









*Scan report generated at: Tue, Feb 27, 2007 - 21:01:35*

* *









*Scan path: *C:\;D:\;E:\;F:\;I:\;









* *









*Statistics*

Time



00:54:15

Files



243349

Folders



4633

Boot Sectors



5

Archives



1888

Packed Files



23614









*Results*

Identified Viruses



9

Infected Files



23

Suspect Files



0

Warnings



0

Disinfected



0

Deleted Files



23









*Engines Info*

Virus Definitions



393845

Engine build



AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins



14

Archive plugins



38

Unpack plugins



6

E-mail plugins



6

System plugins



1









*Scan Settings*

First Action



Disinfect

Second Action



Delete

Heuristics



Yes

Enable Warnings



Yes

Scanned Extensions



*;

Exclude Extensions





Scan Emails



Yes

Scan Archives



Yes

Scan Packed



Yes

Scan Files



Yes

Scan Boot



Yes











*Scanned File*



* Status*

E:\Documents and Settings\Administrateur\Local Settings\Temporary
Internet Files\Content.IE5\PH91K3MN\winz[1].exx



Infected with: MemScan:Trojan.Vundo.AD

E:\Documents and Settings\Administrateur\Local Settings\Temporary
Internet Files\Content.IE5\PH91K3MN\winz[1].exx



Disinfection failed

E:\Documents and Settings\Administrateur\Local Settings\Temporary
Internet Files\Content.IE5\PH91K3MN\winz[1].exx



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047129.exe



Infected with: Trojan.Agent.ACL

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047129.exe



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047129.exe



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047130.dll



Infected with: Trojan.Virtumod.EB

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047130.dll



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047130.dll



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047131.dll



Infected with: Trojan.Spy.VBStat.B

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047131.dll



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047131.dll



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047132.dll



Infected with: Trojan.Vundo.AD

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047132.dll



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047132.dll



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047133.dll



Infected with: Trojan.Virtumod.EB

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047133.dll



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047133.dll



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047134.exe



Infected with: Trojan.Agent.ACL

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047134.exe



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047134.exe



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047135.exe



Infected with: Trojan.Agent.ACL

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047135.exe



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047135.exe



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047136.dll



Infected with: Trojan.Vundo.AD

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047136.dll



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047136.dll



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047137.dll



Infected with: Trojan.Vundo.AD

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047137.dll



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047137.dll



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047138.exe



Infected with: Trojan.Agent.ACL

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047138.exe



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047138.exe



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047139.dll



Infected with: Trojan.Virtumod.EB

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047139.dll



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047139.dll



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047140.dll



Infected with: Trojan.Virtumod.EB

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047140.dll



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047140.dll



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047141.dll



Infected with: Trojan.Vundo.AD

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047141.dll



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047141.dll



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047142.dll



Infected with: Trojan.Virtumod.EB

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047142.dll



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047142.dll



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047143.exe



Infected with: Trojan.Agent.ACL

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047143.exe



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0047143.exe



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0048129.dll



Infected with: Trojan.Juan.F

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0048129.dll



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP171\A0048129.dll



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP172\A0051251.dll



Infected with: MemScan:Trojan.Vundo.AF

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP172\A0051251.dll



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP172\A0051251.dll



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP172\A0051252.dll



Infected with: Trojan.Vundo.AD

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP172\A0051252.dll



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP172\A0051252.dll



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP172\A0051353.exe



Infected with: DeepScan:Generic.Malware.G!SI!!FLWX!!YBdg.8F7FE4FA

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP172\A0051353.exe



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP172\A0051353.exe



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP99\A0024454.exe=>(NSIS
o)=>lzma_nsis0000



Infected with: Trojan.Zlob.JY

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP99\A0024454.exe=>(NSIS
o)=>lzma_nsis0000



Disinfection failed

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP99\A0024454.exe=>(NSIS
o)=>lzma_nsis0000



Deleted

E:\System Volume
Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP99\A0024454.exe=>(NSIS
o)



Update failed

E:\VundoFix Backups\gebca.dll.bad



Infected with: MemScan:Trojan.Vundo.AF

E:\VundoFix Backups\gebca.dll.bad



Disinfection failed

E:\VundoFix Backups\gebca.dll.bad



Deleted

E:\VundoFix Backups\khfcyxv.dll.bad



Infected with: Trojan.Vundo.AD

E:\VundoFix Backups\khfcyxv.dll.bad



Disinfection failed

E:\VundoFix Backups\khfcyxv.dll.bad



Deleted





* *









* *

Logfile of HijackThis v1.99.1
Scan saved at 21:05:09, on 27/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\VTTimer.exe
E:\WINDOWS\system32\VTtrayp.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\RunDll32.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\outils\HidjackThis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.free.fr/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "E:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

à+
0
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206 > abrica Messages postés 48 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour,

ok, pour les 2 pc, c'était une précision. pas de soucis

pour ce pc, visiblement tout est dans ta restauration système. As tu encore des soucis ? le log HJT a l'air clean maintenant.





0
abrica Messages postés 48 Date d'inscription   Statut Membre Dernière intervention   > philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention  
 
bonsoir,j'ai refait ce soir un scan enligne dont je te poste le rapport ainsi qu'un rapport HJ
pourquoi y a t il à nouveau un virus?j'aimerai bien comprendre et toujours dans le volume restore
merci de m'expliquer


BitDefender Online Scanner







Scan report generated at: Wed, Feb 28, 2007 - 19:36:17









Scan path: C:\;D:\;E:\;F:\;















Statistics

Time


00:47:08

Files


242268

Folders


4616

Boot Sectors


3

Archives


1862

Packed Files


23610







Results

Identified Viruses


1

Infected Files


1

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


1







Engines Info

Virus Definitions


394007

Engine build


AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP99\A0024454.exe=>(NSIS o)=>lzma_nsis0000


Infected with: Trojan.Zlob.JY

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP99\A0024454.exe=>(NSIS o)=>lzma_nsis0000


Disinfection failed

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP99\A0024454.exe=>(NSIS o)=>lzma_nsis0000


Deleted

E:\System Volume Information\_restore{E38889D1-DABD-425F-A042-EB5FB438347F}\RP99\A0024454.exe=>(NSIS o)


Update failed


Logfile of HijackThis v1.99.1
Scan saved at 19:40:27, on 28/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\WINDOWS\system32\VTTimer.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\VTtrayp.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\RunDll32.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\outils\HidjackThis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.free.fr/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "E:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
0
Réponse 6 / 6
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
normal on n'a pas désactiver la restauration système

tu vas le faire maintenant
démarrer-----------panneau de configuration------------système----------

onglet Restauration système-----------coche la case (Désactiver la restauration système)--------------

redémarre l'ordinateur
puis ré active la.
0
abrica Messages postés 48 Date d'inscription   Statut Membre Dernière intervention  
 
OK merci
0

Discussions similaires

Voxbone ? qui est-ce ?
fanfan54 -
ntrece13 -

159 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses