Sujet Précédent Sujet Suivant

Problèmes de virus ! A l'aide SVP

Fermé
enteka - 3 sept. 2007 à 16:39
enteka Messages postés 1 Date d'inscription lundi 3 septembre 2007 Statut Membre Dernière intervention 6 septembre 2007 - 6 sept. 2007 à 00:06
Bonjour à tous,

Je suis nouvelle inscrite ici, bien que je viens très souvent chercher de l'aide dans tous vos sujets. J'avais un doute qu'un mon pc avait un virus et c'est le cas. J'ai fait toute la procédure de Suppression des fichiers potentiellement dangeureux et voici mes trois rapports. Je vous précise que je suis quasi nul en informatique. Alors j'apprécierais votre aide, l'interprésation de ces rapports et SURTOUT savoir si mon pc est encore infecté après toutes ces manoeuvres. Un gros merci pour votre aide.

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 14.34.57 03/09/2007

+ Résultat de l'analyse:



HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\Browser -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\Faceplate -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\History -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\Presets -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\Registration -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\Resources -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\Stations -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\WebUpdate -> Adware.HiWire : Ignoré.


Fin du rapport


2ième rapport

BitDefender Online Scanner


Scan report generated at: Mon, Sep 03, 2007 - 15:47:31




Scan path: A:\;C:\;D:\;



Statistics

Time
01:01:39

Files
167121

Folders
4381

Boot Sectors
2

Archives
1748

Packed Files
11167




Results

Identified Viruses
1

Infected Files
11

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
11




Engines Info

Virus Definitions
760994

Engine build
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
Infected with: Trojan.Agent.ABPI

C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
Disinfection failed

C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
Deleted

C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
Infected with: Trojan.Agent.ABPI

C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
Disinfection failed

C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
Deleted

C:\Programmi\Picasa2\PicasaMediaDetector.exe
Infected with: Trojan.Agent.ABPI

C:\Programmi\Picasa2\PicasaMediaDetector.exe
Disinfection failed

C:\Programmi\Picasa2\PicasaMediaDetector.exe
Deleted

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP361\A0101387.rbf
Infected with: Trojan.Agent.ABPI

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP361\A0101387.rbf
Disinfection failed

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP361\A0101387.rbf
Deleted

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP364\A0102545.rbf
Infected with: Trojan.Agent.ABPI

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP364\A0102545.rbf
Disinfection failed

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP364\A0102545.rbf
Deleted

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP367\A0103944.EXE
Infected with: Trojan.Agent.ABPI

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP367\A0103944.EXE
Disinfection failed

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP367\A0103944.EXE
Deleted

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP367\A0103961.EXE
Infected with: Trojan.Agent.ABPI

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP367\A0103961.EXE
Disinfection failed

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP367\A0103961.EXE
Deleted

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104135.exe
Infected with: Trojan.Agent.ABPI

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104135.exe
Disinfection failed

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104135.exe
Deleted

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104136.exe
Infected with: Trojan.Agent.ABPI

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104136.exe
Disinfection failed

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104136.exe
Deleted

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104137.exe
Infected with: Trojan.Agent.ABPI

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104137.exe
Disinfection failed

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104137.exe
Deleted

C:\WINDOWS\SiSUSBrg.exe
Infected with: Trojan.Agent.ABPI

C:\WINDOWS\SiSUSBrg.exe
Disinfection failed

C:\WINDOWS\SiSUSBrg.exe
Deleted


Troisième rapport:

Logfile of HijackThis v1.99.1
Scan saved at 15.56.37, on 03/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {982CFBD7-4731-7A1F-8E6E-8ED176F45160} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "DESKTOP"
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "DESKTOP"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F88CB17D-1AAD-40E2-95A7-8EE876D47E47}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
A voir également:

1 réponse

Réponse 1 / 1
enteka Messages postés 1 Date d'inscription lundi 3 septembre 2007 Statut Membre Dernière intervention 6 septembre 2007
6 sept. 2007 à 00:06
Bonjour à tous,

Je suis nouvelle inscrite ici, bien que je viens très souvent chercher de l'aide dans tous vos sujets. J'avais un doute qu'un mon pc avait un virus et c'est le cas. J'ai fait toute la procédure de Suppression des fichiers potentiellement dangeureux et voici mes trois rapports. Je vous précise que je suis quasi nul en informatique. Alors j'apprécierais votre aide, l'interprésation de ces rapports et SURTOUT savoir si mon pc est encore infecté après toutes ces manoeuvres. Un gros merci pour votre aide.

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 14.34.57 03/09/2007

+ Résultat de l'analyse:



HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\Browser -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\Faceplate -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\History -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\Presets -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\Registration -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\Resources -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\Stations -> Adware.HiWire : Ignoré.
HKU\S-1-5-21-515967899-492894223-1202660629-1003\Software\Hiwire\MusicMatch\WebUpdate -> Adware.HiWire : Ignoré.


Fin du rapport


2ième rapport

BitDefender Online Scanner


Scan report generated at: Mon, Sep 03, 2007 - 15:47:31




Scan path: A:\;C:\;D:\;



Statistics

Time
01:01:39

Files
167121

Folders
4381

Boot Sectors
2

Archives
1748

Packed Files
11167




Results

Identified Viruses
1

Infected Files
11

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
11




Engines Info

Virus Definitions
760994

Engine build
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
Infected with: Trojan.Agent.ABPI

C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
Disinfection failed

C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
Deleted

C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
Infected with: Trojan.Agent.ABPI

C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
Disinfection failed

C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
Deleted

C:\Programmi\Picasa2\PicasaMediaDetector.exe
Infected with: Trojan.Agent.ABPI

C:\Programmi\Picasa2\PicasaMediaDetector.exe
Disinfection failed

C:\Programmi\Picasa2\PicasaMediaDetector.exe
Deleted

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP361\A0101387.rbf
Infected with: Trojan.Agent.ABPI

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP361\A0101387.rbf
Disinfection failed

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP361\A0101387.rbf
Deleted

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP364\A0102545.rbf
Infected with: Trojan.Agent.ABPI

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP364\A0102545.rbf
Disinfection failed

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP364\A0102545.rbf
Deleted

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP367\A0103944.EXE
Infected with: Trojan.Agent.ABPI

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP367\A0103944.EXE
Disinfection failed

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP367\A0103944.EXE
Deleted

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP367\A0103961.EXE
Infected with: Trojan.Agent.ABPI

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP367\A0103961.EXE
Disinfection failed

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP367\A0103961.EXE
Deleted

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104135.exe
Infected with: Trojan.Agent.ABPI

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104135.exe
Disinfection failed

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104135.exe
Deleted

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104136.exe
Infected with: Trojan.Agent.ABPI

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104136.exe
Disinfection failed

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104136.exe
Deleted

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104137.exe
Infected with: Trojan.Agent.ABPI

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104137.exe
Disinfection failed

C:\System Volume Information\_restore{BB47E705-FA21-4180-A0DD-B5D095F814EF}\RP368\A0104137.exe
Deleted

C:\WINDOWS\SiSUSBrg.exe
Infected with: Trojan.Agent.ABPI

C:\WINDOWS\SiSUSBrg.exe
Disinfection failed

C:\WINDOWS\SiSUSBrg.exe
Deleted


Troisième rapport:

Logfile of HijackThis v1.99.1
Scan saved at 15.56.37, on 03/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {982CFBD7-4731-7A1F-8E6E-8ED176F45160} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "DESKTOP"
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "DESKTOP"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F88CB17D-1AAD-40E2-95A7-8EE876D47E47}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
Configuration: Windows XP
Internet Explorer 6.0
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses