Bonjour,et encore d'avance un grand merci pour le sérieux de votre site etde son tutoriel ,alors suite à un virus sur messenger voilà mes 3 rapports,sinon je suis sur pc 2.6ghz avec win xp pro sp2 avast pro et zone alarm + spybot ,voici les rapports:
1 avg anti spyware:
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 00:43:08 13/10/2007
+ Résultat de l'analyse:
C:\Documents and Settings\alex\Bureau\Everest Poker.exe -> Adware.Casino : Aucune action entreprise.
C:\Program Files\Everest Poker\Everest Poker.exe -> Adware.Casino : Aucune action entreprise.
C:\Program Files\Everest Poker\cstart-tmp.exe -> Adware.Casino : Aucune action entreprise.
C:\System Volume Information\_restore{C2EC0B6B-BC9D-4FB7-913B-C0F9A6B493EB}\RP533\A0080809.exe -> Adware.Casino : Aucune action entreprise.
C:\System Volume Information\_restore{C2EC0B6B-BC9D-4FB7-913B-C0F9A6B493EB}\RP533\A0080819.old -> Adware.Casino : Aucune action entreprise.
C:\Documents and Settings\alex\Application Data\Registry Cleaner -> Adware.RogueSuspect : Aucune action entreprise.
C:\Documents and Settings\alex\Application Data\Registry Cleaner\RegClean.ini -> Adware.RogueSuspect : Aucune action entreprise.
C:\Program Files\Registry Cleaner Trial -> Adware.RogueSuspect : Aucune action entreprise.
C:\Program Files\Registry Cleaner Trial\soref.dll -> Adware.RogueSuspect : Aucune action entreprise.
C:\Program Files\Registry Cleaner Trial\soref_v1.dll -> Adware.RogueSuspect : Aucune action entreprise.
:mozilla.24:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\4srwazb3.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.18:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\4srwazb3.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.19:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\4srwazb3.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.20:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\4srwazb3.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.16:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\4srwazb3.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.17:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\4srwazb3.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
Fin du rapport
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 00:49:59 13/10/2007
+ Résultat de l'analyse:
C:\Documents and Settings\alex\Bureau\Everest Poker.exe -> Adware.Casino : Ignoré.
C:\Program Files\Everest Poker\Everest Poker.exe -> Adware.Casino : Ignoré.
C:\Program Files\Everest Poker\cstart-tmp.exe -> Adware.Casino : Ignoré.
C:\System Volume Information\_restore{C2EC0B6B-BC9D-4FB7-913B-C0F9A6B493EB}\RP533\A0080809.exe -> Adware.Casino : Ignoré.
C:\System Volume Information\_restore{C2EC0B6B-BC9D-4FB7-913B-C0F9A6B493EB}\RP533\A0080819.old -> Adware.Casino : Ignoré.
C:\Documents and Settings\alex\Application Data\Registry Cleaner -> Adware.RogueSuspect : Ignoré.
C:\Documents and Settings\alex\Application Data\Registry Cleaner\RegClean.ini -> Adware.RogueSuspect : Ignoré.
C:\Program Files\Registry Cleaner Trial -> Adware.RogueSuspect : Ignoré.
C:\Program Files\Registry Cleaner Trial\soref.dll -> Adware.RogueSuspect : Ignoré.
C:\Program Files\Registry Cleaner Trial\soref_v1.dll -> Adware.RogueSuspect : Ignoré.
:mozilla.24:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\4srwazb3.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.18:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\4srwazb3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.19:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\4srwazb3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.20:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\4srwazb3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.16:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\4srwazb3.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.17:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\4srwazb3.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
Fin du rapport
2 bitdefender
//
// Product BitDefender Free Edition v10
// Product 10.2
//
// Created on: 12/10/2007 19:41:56
//
//-----------------------------------------------------------------
Virus Statistics
Scan path : C:\WINDOWS
C:\Program Files
Folders : 4716
Files : 111042
Memory processes scanned : 0
Archives : 1
Runtime packers : 9609
Identified viruses : 3
Infected files : 3
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 3
I/O errors : 2
Scan time : 00:24:50
Scan speed (files/sec) : 74
Virus definitions : 899790
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 7
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[X] Scan boot sectors
[ ] Memory Processes
[ ] Scan archives
[X] Scan runtime packers
[X] Scan email
File mask
[X] Programs
[ ] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user
Virus scan options
[X] Enable warnings
[ ] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\DOCUME~1\alex\LOCALS~1\Temp\1192210916.log
Spyware scan options
[X] Scan for riskware
[ ] Skip dial and applications from scan
[ ] Registry keys
[ ] Cookies
Summary:
C:\WINDOWS\LBTWiz.exe Infected: Backdoor.Sdbot.DEXW
C:\WINDOWS\LBTWiz.exe Disinfection failed
C:\WINDOWS\LBTWiz.exe Moved
C:\Program Files\Fichiers communs\ErrorSafe\PCheck.dll Detected: Spyware.Winfixer.M
C:\Program Files\Fichiers communs\ErrorSafe\PCheck.dll Disinfection failed
C:\Program Files\Fichiers communs\ErrorSafe\PCheck.dll Moved
C:\Program Files\MSN Messenger\riched20.dll Detected: Adware.MyWebSearch.AV
C:\Program Files\MSN Messenger\riched20.dll Disinfection failed
C:\Program Files\MSN Messenger\riched20.dll Moved
3 rapport highjack
Logfile of HijackThis v1.99.1
Scan saved at 01:01:15, on 13/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Dsp24Set.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\LBTWiz.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [DSP24] Dsp24Set.exe /n
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LBTWiz.exe] C:\WINDOWS\LBTWiz.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -
https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://margouyalexvenise.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6969B9C2-948D-40A6-9816-4A96AAC9D491}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EDA9965-C2A8-4794-8AC0-20CAF2CC0D0D}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
voilà ce monstreux papyrus,en espérant une aide de votre part et quelques conseils pour mieux se protèger en matière de logiciels,je vous remercie bonne soirée.
Afficher la suite