Problème à l'allumage Résolu/Fermé

Question

Anti spy ware : rien à signaler

BitDefender Online Scanner
	

 
	

 

Scan report generated at: Fri, Mar 23, 2007 - 15:02:55

 
	

 
	

 

Scan path: A:\;C:\;D:\;E:\;F:\;
	

 
	

 

 
	

 
	

 

Statistics

Time
	

00:35:18

Files
	

187873

Folders
	

3964

Boot Sectors
	

5

Archives
	

1845

Packed Files
	

18926
	

 
	

 

Results

Identified Viruses
	

5

Infected Files
	

9

Suspect Files
	

0

Warnings
	

0

Disinfected
	

0

Deleted Files
	

9
	

 
	

 

Engines Info

Virus Definitions
	

407087

Engine build
	

AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
	

14

Archive plugins
	

38

Unpack plugins
	

6

E-mail plugins
	

6

System plugins
	

1
	

 
	

 

Scan Settings

First Action
	

Disinfect

Second Action
	

Delete

Heuristics
	

Yes

Enable Warnings
	

Yes

Scanned Extensions
	

*;

Exclude Extensions
	

 

Scan Emails
	

Yes

Scan Archives
	

Yes

Scan Packed
	

Yes

Scan Files
	

Yes

Scan Boot
	

Yes
	

 
	

 
 

Scanned File
	

 Status

C:\Hijackthis Version Française\backups\backup-20070313-221302-722.dll
	

Infected with: Trojan.BHO.AL

C:\Hijackthis Version Française\backups\backup-20070313-221302-722.dll
	

Disinfection failed

C:\Hijackthis Version Française\backups\backup-20070313-221302-722.dll
	

Deleted

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP19\A0005363.exe
	

Infected with: DeepScan:Generic.Ranky.54D38905

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP19\A0005363.exe
	

Disinfection failed

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP19\A0005363.exe
	

Deleted

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP19\A0005366.dll
	

Infected with: MemScan:Trojan.Virtumod.IX

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP19\A0005366.dll
	

Disinfection failed

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP19\A0005366.dll
	

Deleted

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP19\A0005367.dll
	

Infected with: MemScan:Trojan.Downloader.NF

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP19\A0005367.dll
	

Disinfection failed

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP19\A0005367.dll
	

Deleted

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP19\A0005380.dll
	

Infected with: Trojan.BHO.AL

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP19\A0005380.dll
	

Disinfection failed

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP19\A0005380.dll
	

Deleted

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP23\A0007716.dll
	

Infected with: MemScan:Trojan.Spy.Agent.NU

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP23\A0007716.dll
	

Disinfection failed

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP23\A0007716.dll
	

Deleted

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP28\A0011084.dll
	

Infected with: Trojan.BHO.AL

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP28\A0011084.dll
	

Disinfection failed

C:\System Volume Information\_restore{0644C1BB-39E7-4792-83D0-972F428D24F6}\RP28\A0011084.dll
	

Deleted

C:\VundoFix Backups\awtsq.dll.bad
	

Infected with: MemScan:Trojan.Virtumod.IX

C:\VundoFix Backups\awtsq.dll.bad
	

Disinfection failed

C:\VundoFix Backups\awtsq.dll.bad
	

Deleted

C:\VundoFix Backups	uvtqqo.dll.bad
	

Infected with: MemScan:Trojan.Downloader.NF

C:\VundoFix Backups	uvtqqo.dll.bad
	

Disinfection failed

C:\VundoFix Backups	uvtqqo.dll.bad
	

Deleted
	

Logfile of HijackThis v1.99.1
Scan saved at 15:06:24, on 23/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe

batisims · Answer

pourquoi personne ne me réponds ?

Lyonnais92 · Answer

Bonjour,

Pourquoi ?

quand tu vas chez le médecin, la première chose que tu fais c'est de lui donner la feuille d'analyse ?

En plus, qui as tu consulté avant nous ? (on a pas un backup de vundofix par hasard).

Et enfin, c'est quoi le problème ?

Bonne suite.

Lyonnais92 · Answer

Re,

supprime C:\VundoFix Backups

La restauration système est infectée. Ouvre ce lien :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

regarde et applique. Une première fois pour désactiver  et une seconde fois pour réactiver.

Sinon, le log Hijackthis est propre, l'antispyware ne trouve rien et l'antivirus ne montre que des choses inoffensives car  dans les backup.

Quel est le problème ?

@+

Problème à l'allumage

3 réponses

Discussions similaires