Bonjour tout le monde
J'ai un probleme avec le Virus happy888 qui m'ouvre de temps a autre des fenetre en pop up Happy888.org
c'est aparemment chinois puisqu'il me demande d'installer les polices corespondante
je ne sais pas trop quoi faire j'ai fait pas mal de recherhce mais je ne trouve rien
je tourne sur du windows Xp
jai ca pour vous
Merci de votre aide
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:50:26, on 11/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.fr/?gws_rd=ssl
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [only23] C:\WINDOWS\SCVHOST.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'Default user')
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Indexing Helps (Indexingbox) - Unknown owner - C:\WINDOWS\system\svchest.exe
O23 - Service: Indexing Helper (Indexingboxs) - Unknown owner - c:\temp\svchost.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: OESH (Office Source Engine Help) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
un coup de virustotal aussi
STATUS: FINISHEDComplete scanning result of "SCVHOST.EXE", received in VirusTotal at 04.11.2007, 19:54:30 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.4.12.0 04.11.2007 no virus found
AntiVir 7.3.1.50 04.11.2007 TR/Dldr.Delf.BO.3
Authentium 4.93.8 04.11.2007 no virus found
Avast 4.7.936.0 04.11.2007 no virus found
AVG 7.5.0.447 04.11.2007 Generic3.QOT
BitDefender 7.2 04.11.2007 no virus found
CAT-QuickHeal 9.00 04.11.2007 (Suspicious) - DNAScan
ClamAV devel-20070312 04.11.2007 no virus found
DrWeb 4.33 04.11.2007 Trojan.DownLoader.19797
eSafe 7.0.15.0 04.10.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3560 04.11.2007 no virus found
Ewido 4.0 04.10.2007 Downloader.Small
FileAdvisor 1 04.11.2007 Low threat detected
Fortinet 2.85.0.0 04.11.2007 W32/Delf.BO!tr.dldr
F-Prot 4.3.1.45 04.11.2007 no virus found
F-Secure 6.70.13030.0 04.11.2007 Trojan-Downloader.Win32.Delf.bo
Ikarus T3.1.1.5 04.11.2007 Trojan-Downloader.Win32.Delf.bo
Kaspersky 4.0.2.24 04.11.2007 Trojan-Downloader.Win32.Delf.bo
McAfee 5006 04.11.2007 no virus found
Microsoft 1.2405 04.11.2007 no virus found
NOD32v2 2181 04.11.2007 no virus found
Norman 5.80.02 04.11.2007 W32/Malware.LZU
Panda 9.0.0.4 04.11.2007 Adware/DriveCleaner
Prevx1 V2 04.11.2007 Malware:Gaobot.B
Sophos 4.16.0 04.06.2007 Mal/Packer
Sunbelt 2.2.907.0 04.07.2007 no virus found
Symantec 10 04.11.2007 no virus found
TheHacker 6.1.6.088 04.09.2007 no virus found
VBA32 3.11.3 04.10.2007 Trojan.DownLoader.19797
VirusBuster 4.3.7:9 04.11.2007 Trojan.DL.Delf.WIA
Webwasher-Gateway 6.0.1 04.11.2007 Trojan.Dldr.Delf.BO.3
Aditional Information
File size: 40448 bytes
MD5: 793af18e1628c45b017f0f137c4584bd
SHA1: 229f6f940c20ad6377fb0e372c26576ced80c9da
Bit9 info: http://fileadvisor.bit9.com/
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=87aa82879302
Afficher la suite
12 avril 2007 à 08:44