Bonjour,
J'ai deux nouvelles infestations d'après le scan Norton....
Pouvez vous m'aider à les supprimer?
Après avoir désactiver en mode sans échec, lancer Cleanup, puis Norton scan ... J'ai redémarré le Pc, et réactiver restauration puis je relance Norton...
Voici le rapport :
Etat de l'analyse :
Analyse : 1
Début d'analyse : 11/18/07 09:05:02
Cibles de l'analyse : Processus en cours d'exécution;Points d'entrée
Définitions de virus : 11/17/07
Décompte de l'analyse : 5130
Risques détectés : 4
Risques résolus : 0
Risques non résolus : 4
Durée d'analyse : 1636 sec
Analyse terminée : 11/18/07 09:32:19
Menaces résolues :
Menaces non résolues :
Dialer.CarpeDiem
ID du virus : 4294905994
Risque : Moyen
Catégories : Numéroteur
Etat : Non traité
-----------
Base de registres :
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1008\Software\Montorgueil
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1008\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\EC77857721E7DFB88A5881AA4BB23151D82DE208
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Kit de connexion HOT
Ircfast
ID du virus : 4294907118
Risque : Bas
Catégories : Risque de sécurité
Etat : Non traité
-----------
Fichier :
C:\Documents and Settings\V\Favoris\Jeux.url
Base de registres :
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1009\Software\Microsoft\Internet Explorer\Main->Start Page:
https://www.broadcom.com/support/security-center
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main->Start Page:
https://www.broadcom.com/support/security-center
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1010\Software\Microsoft\Internet Explorer\Main->Start Page:
https://www.broadcom.com/support/security-center
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1004\Software\Microsoft\Internet Explorer\Main->Start Page:
https://www.broadcom.com/support/security-center
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main->Start Page:
https://www.broadcom.com/support/security-center
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1007\Software\Microsoft\Internet Explorer\Main->Start Page:
https://www.broadcom.com/support/security-center
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main->Start Page:
https://www.broadcom.com/support/security-center
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1008\Software\Microsoft\Internet Explorer\Main->Start Page:
https://www.broadcom.com/support/security-center
WinFixer
ID du virus : 4294906730
Risque : Moyen
Catégories : Risque de sécurité
Etat : Non traité
-----------
Service :
tdird.sys
df_kmd
dfd
df_u42
FOPN
d_kmd
vspf
vspf_hk
vspf5
vspf_hk5
FWsvc
vxd
WSFS
Fichier :
c:\documents and settings\v\local settings\temp\~df1aaa.tmp
c:\documents and settings\v\local settings\temp\~df80af.tmp
c:\documents and settings\v\local settings\temp\~dfb627.tmp
c:\documents and settings\v\local settings\temp\~dfb63b.tmp
c:\documents and settings\v\local settings\temp\~dfcaac.tmp
c:\documents and settings\v\local settings\temp\~dfe405.tmp
c:\documents and settings\v\local settings\temp\~dfe47a.tmp
Base de registres :
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\->1601:1
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\->1601:1
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\->1601:1
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\->1601:1
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\->1601:1
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ShellExtension
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1004\Software\Microsoft\Internet Explorer\New Windows\->BlockUserInit
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1007\Software\Microsoft\Internet Explorer\New Windows\->BlockUserInit
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1008\Software\Microsoft\Internet Explorer\New Windows\->BlockUserInit
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1004\Software\Microsoft\Internet Explorer\New Windows\->PopupMgr:yes
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1007\Software\Microsoft\Internet Explorer\New Windows\->PopupMgr:yes
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1009\Software\WinAntiVirus Pro 2006
HKEY_USERS\S-1-5-19\Software\WinAntiVirus Pro 2006
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1010\Software\WinAntiVirus Pro 2006
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1004\Software\WinAntiVirus Pro 2006
HKEY_USERS\S-1-5-20\Software\WinAntiVirus Pro 2006
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1005\Software\WinAntiVirus Pro 2006
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1007\Software\WinAntiVirus Pro 2006
HKEY_USERS\.DEFAULT\Software\WinAntiVirus Pro 2006
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1008\Software\WinAntiVirus Pro 2006
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1009\SOFTWARE\WinSoftware
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1004\SOFTWARE\WinSoftware
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1008\SOFTWARE\WinSoftware
Trackware.SmartShopper
ID du virus : 4294909919
Risque : Bas
Catégories : Logiciel de suivi
Etat : Non traité
-----------
Processus :
C:\Program Files\Internet Explorer\iexplore.exe
Base de registres :
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1009\Software\Microsoft\Internet Explorer\Extensions\CmdMapping->{946B3E9E-E21A-49c8-9F63-900533FAFE14}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping->{946B3E9E-E21A-49c8-9F63-900533FAFE14}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1007\Software\Microsoft\Internet Explorer\Extensions\CmdMapping->{946B3E9E-E21A-49c8-9F63-900533FAFE14}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1008\Software\Microsoft\Internet Explorer\Extensions\CmdMapping->{946B3E9E-E21A-49c8-9F63-900533FAFE14}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1009\Software\Microsoft\Internet Explorer\Extensions\CmdMapping->{946B3E9E-E21A-49c8-9F63-900533FAFE15}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping->{946B3E9E-E21A-49c8-9F63-900533FAFE15}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1007\Software\Microsoft\Internet Explorer\Extensions\CmdMapping->{946B3E9E-E21A-49c8-9F63-900533FAFE15}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1008\Software\Microsoft\Internet Explorer\Extensions\CmdMapping->{946B3E9E-E21A-49c8-9F63-900533FAFE15}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1009\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{946B3E9E-E21A-49C8-9F63-900533FAFE14}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{946B3E9E-E21A-49C8-9F63-900533FAFE14}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{946B3E9E-E21A-49C8-9F63-900533FAFE15}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{946B3E9E-E21A-49C8-9F63-900533FAFE15}
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1009\Software\ShopperReports
HKEY_USERS\S-1-5-21-1957994488-1715567821-839522115-1004\Software\ShopperReports
et le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:36:04, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton Security Scan\Nss.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\V\LOCALS~1\Temp\Rar$EX03.516\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://fr.midas.games.yahoo.net/midasa.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -
https://www.msn.com/fr-fr/
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (M6music player) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) -
https://www.canalplus.com/canalplay/
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Afficher la suite