Probleme d'intrusion sur mon pc
bill06
Messages postés
15
Statut
Membre
-
clownface Messages postés 1490 Statut Membre -
clownface Messages postés 1490 Statut Membre -
Bonjour,
hier en mon absence des trojans se sont installés sur mon pc.
J'ai essayé de résoudre quelques problemes, mais la je ne voie plus ce qu'il jaut que je fasse
Merci au par avance pour votre aimable assistance
voici le rapport Hijackthis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:02, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
f:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
f:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {100604FB-7095-4F38-9F91-6453EEE471AC} - C:\WINDOWS\system32\jkhff.dll (file missing)
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - (no file)
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\xmidyrfj\orxrfdyi.dll (file missing)
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: {bf17809a-a71b-23db-7ee4-85ad3f69dfd4} - {4dfd96f3-da58-4ee7-bd32-b17aa90871fb} - C:\WINDOWS\system32\pshcebky.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {B5FADA3F-66FF-6356-DC5F-39E6048103E7} - C:\WINDOWS\system32\wavf.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - f:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwus.dll,startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [bwdazqha] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bwdazqha.dll"
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: .protected
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Télécharger avec NetTransport - F:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Analyser avec LeechGet - file://F:\Program Files\LeechGet 2006\\Parser.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - F:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://F:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://F:\Program Files\LeechGet 2006\\AddUrl.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0A33215-AE1A-4329-B315-A8B39A591349}: NameServer = 194.117.200.10,194.117.200.15
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c007EC59.dat
O20 - Winlogon Notify: ggkfsxrw - ggkfsxrw.dll (file missing)
O20 - Winlogon Notify: gos1A9 - gos1A9.tmp (file missing)
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - f:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
hier en mon absence des trojans se sont installés sur mon pc.
J'ai essayé de résoudre quelques problemes, mais la je ne voie plus ce qu'il jaut que je fasse
Merci au par avance pour votre aimable assistance
voici le rapport Hijackthis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:02, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
f:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
f:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {100604FB-7095-4F38-9F91-6453EEE471AC} - C:\WINDOWS\system32\jkhff.dll (file missing)
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - (no file)
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\xmidyrfj\orxrfdyi.dll (file missing)
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: {bf17809a-a71b-23db-7ee4-85ad3f69dfd4} - {4dfd96f3-da58-4ee7-bd32-b17aa90871fb} - C:\WINDOWS\system32\pshcebky.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {B5FADA3F-66FF-6356-DC5F-39E6048103E7} - C:\WINDOWS\system32\wavf.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - f:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwus.dll,startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [bwdazqha] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bwdazqha.dll"
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: .protected
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Télécharger avec NetTransport - F:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Analyser avec LeechGet - file://F:\Program Files\LeechGet 2006\\Parser.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - F:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://F:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://F:\Program Files\LeechGet 2006\\AddUrl.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0A33215-AE1A-4329-B315-A8B39A591349}: NameServer = 194.117.200.10,194.117.200.15
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c007EC59.dat
O20 - Winlogon Notify: ggkfsxrw - ggkfsxrw.dll (file missing)
O20 - Winlogon Notify: gos1A9 - gos1A9.tmp (file missing)
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - f:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
A voir également:
- Probleme d'intrusion sur mon pc
- Mon pc est lent - Guide
- Télécharger musique gratuitement sur pc - Télécharger - Conversion & Extraction
- Plus de son sur mon pc - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
21 réponses
Bonsoir,
télécharge smitfraudfix :: http://www.commentcamarche.net/telecharger/telecharger 230 smitfraudfix
tuto : https://www.zebulon.fr/dossiers/tutoriaux/66-smitfraudfix.html
fais l'option 1 et postes le rapport
télécharge smitfraudfix :: http://www.commentcamarche.net/telecharger/telecharger 230 smitfraudfix
tuto : https://www.zebulon.fr/dossiers/tutoriaux/66-smitfraudfix.html
fais l'option 1 et postes le rapport
Voici le rapport de SmitFraudFix
SmitFraudFix v2.253
Rapport fait à 6:46:25,92, 19/11/2007
Executé à partir de C:\Documents and Settings\Test\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
f:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Eset\nod32kui.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Test
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Test\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Test\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\__c007EC59.dat"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte réseau 3Com EtherLink XL 10/100 PCI pour gestion intégrale de PC (3C905C-TX) - Miniport d'ordonnancement de paquets
DNS Server Search Order: 194.117.200.10
DNS Server Search Order: 194.117.200.15
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.253
Rapport fait à 6:46:25,92, 19/11/2007
Executé à partir de C:\Documents and Settings\Test\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
f:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Eset\nod32kui.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Test
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Test\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Test\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\__c007EC59.dat"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte réseau 3Com EtherLink XL 10/100 PCI pour gestion intégrale de PC (3C905C-TX) - Miniport d'ordonnancement de paquets
DNS Server Search Order: 194.117.200.10
DNS Server Search Order: 194.117.200.15
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Bonjour,
voici le rapport avec l'option 2
SmitFraudFix v2.253
Rapport fait à 16:05:05,00, 19/11/2007
Executé à partir de C:\Documents and Settings\Test\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected supprimé
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
voici le rapport avec l'option 2
SmitFraudFix v2.253
Rapport fait à 16:05:05,00, 19/11/2007
Executé à partir de C:\Documents and Settings\Test\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected supprimé
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonsoir,
ok,
coches ces lignes avec hijackthis :
O2 - BHO: (no name) - {100604FB-7095-4F38-9F91-6453EEE471AC} - C:\WINDOWS\system32\jkhff.dll (file missing)
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - (no file)
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\xmidyrfj\orxrfdyi.dll (file missing)
O2 - BHO: {bf17809a-a71b-23db-7ee4-85ad3f69dfd4} - {4dfd96f3-da58-4ee7-bd32-b17aa90871fb} - C:\WINDOWS\system32\pshcebky.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - Global Startup: .protected
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - Winlogon Notify: ggkfsxrw - ggkfsxrw.dll (file missing)
O20 - Winlogon Notify: gos1A9 - gos1A9.tmp (file missing)
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)
cliques sur fix checked
fais un scan avg antispyware et antivir en mode sans echec : https://www.malekal.com/avira-free-security-antivirus-gratuit/ (paragraphe, scanner votre ordinateur)
et postes les rapports
ok,
coches ces lignes avec hijackthis :
O2 - BHO: (no name) - {100604FB-7095-4F38-9F91-6453EEE471AC} - C:\WINDOWS\system32\jkhff.dll (file missing)
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - (no file)
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\xmidyrfj\orxrfdyi.dll (file missing)
O2 - BHO: {bf17809a-a71b-23db-7ee4-85ad3f69dfd4} - {4dfd96f3-da58-4ee7-bd32-b17aa90871fb} - C:\WINDOWS\system32\pshcebky.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - Global Startup: .protected
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - Winlogon Notify: ggkfsxrw - ggkfsxrw.dll (file missing)
O20 - Winlogon Notify: gos1A9 - gos1A9.tmp (file missing)
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)
cliques sur fix checked
fais un scan avg antispyware et antivir en mode sans echec : https://www.malekal.com/avira-free-security-antivirus-gratuit/ (paragraphe, scanner votre ordinateur)
et postes les rapports
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:44:06 19/11/2007
+ Résultat de l'analyse:
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Ignoré.
C:\WINDOWS\system32\mcrupdate.exe -> Downloader.Agent.bfj : Ignoré.
C:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP56\A0015139.exe -> Downloader.Alphabet : Ignoré.
C:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP56\A0016040.exe -> Downloader.Alphabet : Ignoré.
C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.eg : Ignoré.
F:\WINDOWS\SYSTEM32\MACROMED\Download\Install.exe -> Dropper.Small : Ignoré.
:mozilla.28:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.2o7 : Ignoré.
:mozilla.92:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Adtech : Ignoré.
:mozilla.76:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.77:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.78:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.79:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Test\Cookies\test@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Test\Cookies\test@adviva[2].txt -> TrackingCookie.Adviva : Ignoré.
:mozilla.13:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Bluestreak : Ignoré.
:mozilla.75:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Test\Cookies\test@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
:mozilla.14:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Estat : Ignoré.
:mozilla.29:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Mediaplex : Ignoré.
:mozilla.11:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.15:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.16:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.17:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Test\Cookies\test@smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.62:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.63:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.64:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.65:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\Test\Cookies\test@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.37:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.38:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.39:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Test\Cookies\test@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\Test\Cookies\test@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP54\A0014821.exe -> Trojan.Small : Ignoré.
C:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP57\A0016128.exe -> Trojan.Small : Ignoré.
F:\Program Files\WinRAR\crack.exe -> Trojan.Small : Ignoré.
C:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP56\A0015951.exe -> Worm.Small.n : Ignoré.
Fin du rapport
AntiVir PersonalEdition Classic
Report file date: lundi 19 novembre 2007 22:47
Scanning for 935125 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: MAISON
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 18:29:25
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 18:29:25
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 18:29:25
ANTIVIR3.VDF : 7.0.0.234 133632 Bytes 19/11/2007 18:22:12
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 18/11/2007 18:29:26
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 19 novembre 2007 22:47
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
16 processes with 16 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '22' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\bwdazqha.VIR
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Test\Local Settings\Temporary Internet Files\Content.IE5\26SEQLIY\2[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Agent.E.1
[INFO] The file was deleted!
C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.EG.8
[INFO] The file was deleted!
C:\WINDOWS\shell.VIR
[DETECTION] Is the Trojan horse TR/Dldr.Agent.eus.19
[INFO] The file was deleted!
C:\WINDOWS\system32\bxwgqywq.VIR
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] A backup was created as '47b9095b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\drvpac.VIR
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] A backup was created as '47b80961.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\drvwus.VIR
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] A backup was created as '46d583fa.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\jkhff.VIR
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] A backup was created as '47aa0965.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\mcrupdate.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bfj.7
[INFO] A backup was created as '47b40961.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\winzdn32.VIR
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] A backup was created as '47b0098e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'F:\'
F:\Musique\Tété -Live @ Zénith\RadLightMPC (A installer pour lire le format MPC).exe
[DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen
[INFO] A backup was created as '47a60d12.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\Program Files\AutoPlay Media Studio 6.0\ArmAccess.dll
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.27 Backdoor server programs
[INFO] A backup was created as '47af0d51.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\Program Files\game boy\Atari-Advanced.zip
[DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
[INFO] A backup was created as '47a310f7.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\Program Files\game boy\Carrera-Power Slide-Indy Racing.zip
[DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
[INFO] A backup was created as '47b410ef.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\Program Files\game boy\Shrek Hassle at the Castle.zip
[DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
[INFO] A backup was created as '47b4116b.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\Program Files\game boy\SPIRIT.zip
[DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
[INFO] A backup was created as '478b115b.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\Program Files\game boy\Titeuf.zip
[DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
[INFO] A backup was created as '47b61198.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\Program Files\WinRAR\crack.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] A backup was created as '47a3132a.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP59\A0017288.exe
[DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen
[INFO] A backup was created as '47721360.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP59\A0017289.dll
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.27 Backdoor server programs
[INFO] A backup was created as '461c8341.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP59\A0017290.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] A backup was created as '47721361.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\temp\aio_ip_tools up by bill06.exe
[0] Archive type: ZIP SFX (self extracting)
--> AutoPlay/Docs/GA.exe
[1] Archive type: RAR SFX (self extracting)
--> GAPro.exe
[DETECTION] Is the Trojan horse TR/Swizzor.BJ
--> AutoPlay/Docs/ipt.exe
[1] Archive type: RAR SFX (self extracting)
--> iPrivacyTools.exe
[DETECTION] Contains detection pattern of the dropper DR/MyTool.C.1
--> AutoPlay/Docs/smart.exe
[1] Archive type: RAR SFX (self extracting)
--> SPHsetup.exe
[DETECTION] Contains detection pattern of the dropper DR/PSW.OnLineGames.aby
--> AutoPlay/Docs/steganos.exe
[1] Archive type: RAR SFX (self extracting)
--> keygen.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Bifrose.aas.8 Backdoor server programs
[INFO] A backup was created as '47b1143a.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\temp\IncrediMailSetup.rar
[0] Archive type: RAR
--> Patch\Patch.exe
[DETECTION] Is the Trojan horse TR/Gendal.10420
[INFO] A backup was created as '47a51482.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\temp\Rapidshare.2007.Premium.Pack.rar
[0] Archive type: RAR
--> Speed Gear 5.0\sgsetup.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.1212829 Backdoor server programs
--> RapGet 1.2.6\rapget.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.1212829 Backdoor server programs
--> Rapidshare Unlimited 2.0\Rapidshare Unlimited 2.0 Setup.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.1212829 Backdoor server programs
[INFO] A backup was created as '47b214fd.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\temp\Autoplay.Media.Studio.v6.0.5.0.with.Bonus.Pack\4. Crack Autoplay.Media.Studio.Retail.v.6.0.5.0\ArmAccess.dll
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.27 Backdoor server programs
[INFO] A backup was created as '47af1568.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\temp\Luxor3 v1.0\THETA.nfo.exe
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted)
[INFO] A backup was created as '47871565.qua' ( QUARANTINE )
[INFO] The file was deleted!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: mardi 20 novembre 2007 00:01
Used time: 1:13:59 min
The scan has been done completely.
6883 Scanning directories
253294 Files were scanned
31 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
26 files were deleted
0 files were repaired
22 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
253263 Files not concerned
3583 Archives were scanned
2 Warnings
3 Notes
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:44:06 19/11/2007
+ Résultat de l'analyse:
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Ignoré.
C:\WINDOWS\system32\mcrupdate.exe -> Downloader.Agent.bfj : Ignoré.
C:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP56\A0015139.exe -> Downloader.Alphabet : Ignoré.
C:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP56\A0016040.exe -> Downloader.Alphabet : Ignoré.
C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.eg : Ignoré.
F:\WINDOWS\SYSTEM32\MACROMED\Download\Install.exe -> Dropper.Small : Ignoré.
:mozilla.28:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.2o7 : Ignoré.
:mozilla.92:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Adtech : Ignoré.
:mozilla.76:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.77:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.78:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.79:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Test\Cookies\test@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Test\Cookies\test@adviva[2].txt -> TrackingCookie.Adviva : Ignoré.
:mozilla.13:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Bluestreak : Ignoré.
:mozilla.75:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Test\Cookies\test@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
:mozilla.14:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Estat : Ignoré.
:mozilla.29:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Mediaplex : Ignoré.
:mozilla.11:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.15:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.16:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.17:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Test\Cookies\test@smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.62:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.63:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.64:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.65:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\Test\Cookies\test@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.37:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.38:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.39:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\j7dzsx5s.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Test\Cookies\test@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\Test\Cookies\test@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP54\A0014821.exe -> Trojan.Small : Ignoré.
C:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP57\A0016128.exe -> Trojan.Small : Ignoré.
F:\Program Files\WinRAR\crack.exe -> Trojan.Small : Ignoré.
C:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP56\A0015951.exe -> Worm.Small.n : Ignoré.
Fin du rapport
AntiVir PersonalEdition Classic
Report file date: lundi 19 novembre 2007 22:47
Scanning for 935125 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: MAISON
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 18:29:25
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 18:29:25
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 18:29:25
ANTIVIR3.VDF : 7.0.0.234 133632 Bytes 19/11/2007 18:22:12
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 18/11/2007 18:29:26
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 19 novembre 2007 22:47
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
16 processes with 16 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '22' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\bwdazqha.VIR
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Test\Local Settings\Temporary Internet Files\Content.IE5\26SEQLIY\2[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Agent.E.1
[INFO] The file was deleted!
C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.EG.8
[INFO] The file was deleted!
C:\WINDOWS\shell.VIR
[DETECTION] Is the Trojan horse TR/Dldr.Agent.eus.19
[INFO] The file was deleted!
C:\WINDOWS\system32\bxwgqywq.VIR
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] A backup was created as '47b9095b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\drvpac.VIR
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] A backup was created as '47b80961.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\drvwus.VIR
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] A backup was created as '46d583fa.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\jkhff.VIR
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] A backup was created as '47aa0965.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\mcrupdate.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bfj.7
[INFO] A backup was created as '47b40961.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\winzdn32.VIR
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] A backup was created as '47b0098e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'F:\'
F:\Musique\Tété -Live @ Zénith\RadLightMPC (A installer pour lire le format MPC).exe
[DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen
[INFO] A backup was created as '47a60d12.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\Program Files\AutoPlay Media Studio 6.0\ArmAccess.dll
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.27 Backdoor server programs
[INFO] A backup was created as '47af0d51.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\Program Files\game boy\Atari-Advanced.zip
[DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
[INFO] A backup was created as '47a310f7.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\Program Files\game boy\Carrera-Power Slide-Indy Racing.zip
[DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
[INFO] A backup was created as '47b410ef.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\Program Files\game boy\Shrek Hassle at the Castle.zip
[DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
[INFO] A backup was created as '47b4116b.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\Program Files\game boy\SPIRIT.zip
[DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
[INFO] A backup was created as '478b115b.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\Program Files\game boy\Titeuf.zip
[DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
[INFO] A backup was created as '47b61198.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\Program Files\WinRAR\crack.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] A backup was created as '47a3132a.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP59\A0017288.exe
[DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen
[INFO] A backup was created as '47721360.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP59\A0017289.dll
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.27 Backdoor server programs
[INFO] A backup was created as '461c8341.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\System Volume Information\_restore{C68ABAD7-B16C-4592-B7EE-7B4126E1A45A}\RP59\A0017290.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] A backup was created as '47721361.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\temp\aio_ip_tools up by bill06.exe
[0] Archive type: ZIP SFX (self extracting)
--> AutoPlay/Docs/GA.exe
[1] Archive type: RAR SFX (self extracting)
--> GAPro.exe
[DETECTION] Is the Trojan horse TR/Swizzor.BJ
--> AutoPlay/Docs/ipt.exe
[1] Archive type: RAR SFX (self extracting)
--> iPrivacyTools.exe
[DETECTION] Contains detection pattern of the dropper DR/MyTool.C.1
--> AutoPlay/Docs/smart.exe
[1] Archive type: RAR SFX (self extracting)
--> SPHsetup.exe
[DETECTION] Contains detection pattern of the dropper DR/PSW.OnLineGames.aby
--> AutoPlay/Docs/steganos.exe
[1] Archive type: RAR SFX (self extracting)
--> keygen.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Bifrose.aas.8 Backdoor server programs
[INFO] A backup was created as '47b1143a.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\temp\IncrediMailSetup.rar
[0] Archive type: RAR
--> Patch\Patch.exe
[DETECTION] Is the Trojan horse TR/Gendal.10420
[INFO] A backup was created as '47a51482.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\temp\Rapidshare.2007.Premium.Pack.rar
[0] Archive type: RAR
--> Speed Gear 5.0\sgsetup.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.1212829 Backdoor server programs
--> RapGet 1.2.6\rapget.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.1212829 Backdoor server programs
--> Rapidshare Unlimited 2.0\Rapidshare Unlimited 2.0 Setup.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.1212829 Backdoor server programs
[INFO] A backup was created as '47b214fd.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\temp\Autoplay.Media.Studio.v6.0.5.0.with.Bonus.Pack\4. Crack Autoplay.Media.Studio.Retail.v.6.0.5.0\ArmAccess.dll
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.27 Backdoor server programs
[INFO] A backup was created as '47af1568.qua' ( QUARANTINE )
[INFO] The file was deleted!
F:\temp\Luxor3 v1.0\THETA.nfo.exe
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted)
[INFO] A backup was created as '47871565.qua' ( QUARANTINE )
[INFO] The file was deleted!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: mardi 20 novembre 2007 00:01
Used time: 1:13:59 min
The scan has been done completely.
6883 Scanning directories
253294 Files were scanned
31 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
26 files were deleted
0 files were repaired
22 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
253263 Files not concerned
3583 Archives were scanned
2 Warnings
3 Notes
bonsoir,
on recommence avg correctement.. là il n'a rien supprimé
tuto : https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/#mozTocId190431
postes le rapport
+ un nouvel hijackthis
on recommence avg correctement.. là il n'a rien supprimé
tuto : https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/#mozTocId190431
postes le rapport
+ un nouvel hijackthis
Bonsoir,
je ne suis pas convaincu que ça soit terminé, postes un nouvel hijackthis stp
je ne suis pas convaincu que ça soit terminé, postes un nouvel hijackthis stp
Salut Clownface,
Pour info : http://www.commentcamarche.net/forum/affich 4158621 dispartrition du menu executer#0
C'est vraiment difficile de faire comprendre que la désinfection n'est pas nécessairement terminée quand tout semble tourner de nouveau.
Cordialement
Pour info : http://www.commentcamarche.net/forum/affich 4158621 dispartrition du menu executer#0
C'est vraiment difficile de faire comprendre que la désinfection n'est pas nécessairement terminée quand tout semble tourner de nouveau.
Cordialement
bah en fait je pensais que tout était terminé car tout marchait à pau pres normalement et , je m'apercois maintenant que ce n'est plus le cas.
bah en fait je pensais que tout était terminé car tout marchait à pau pres normalement et , je m'apercois maintenant que ce n'est plus le cas.
Et voila le rapport HijackThis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:26:21, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
f:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Pando Networks\Pando\pando.exe
F:\Program Files\SlimBrowser\sbrowser.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - F:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B5FADA3F-66FF-6356-DC5F-39E6048103E7} - C:\WINDOWS\system32\wavf.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - F:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = F:\Program Files\troud'balweb\tribalweb.exe
O8 - Extra context menu item: Analyser avec LeechGet - file://F:\Program Files\LeechGet 2006\\Parser.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://F:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://F:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://F:\Program Files\LeechGet 2006\\AddUrl.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0A33215-AE1A-4329-B315-A8B39A591349}: NameServer = 194.117.200.10,194.117.200.15
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c007EC59.dat
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - f:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:26:21, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
f:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Pando Networks\Pando\pando.exe
F:\Program Files\SlimBrowser\sbrowser.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - F:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B5FADA3F-66FF-6356-DC5F-39E6048103E7} - C:\WINDOWS\system32\wavf.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - F:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = F:\Program Files\troud'balweb\tribalweb.exe
O8 - Extra context menu item: Analyser avec LeechGet - file://F:\Program Files\LeechGet 2006\\Parser.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://F:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://F:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://F:\Program Files\LeechGet 2006\\AddUrl.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0A33215-AE1A-4329-B315-A8B39A591349}: NameServer = 194.117.200.10,194.117.200.15
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c007EC59.dat
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - f:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Bonsoir,
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
clic double sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et clic double sur RunThis.cmd
Appuie sur Y pour commencer le nettoyage.
Il va supprimer les services et les entrées du Registre infectés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, poste le contenu du fichier Report.txt dans ta prochaine réponse
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
clic double sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et clic double sur RunThis.cmd
Appuie sur Y pour commencer le nettoyage.
Il va supprimer les services et les entrées du Registre infectés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, poste le contenu du fichier Report.txt dans ta prochaine réponse
SDFix: Version 1.116
Run by Test on 29/11/2007 at 15:35
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Test\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\E404 Helper\e404.v5.dll - Deleted
Folder C:\Program Files\E404 Helper - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 15:42:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="f:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:4a,b7,02,07,55,32,78,b0,c9,c8,6f,7f,86,97,a2,dc,10,86,bb,30,44,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="f:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:4a,b7,02,07,55,32,78,b0,c9,c8,6f,7f,86,97,a2,dc,10,86,bb,30,44,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"F:\\Program Files\\Gizmo Project\\mDNSResponder.exe"="F:\\Program Files\\Gizmo Project\\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\\Program Files\\Gizmo Project\\Gizmo.exe"="F:\\Program Files\\Gizmo Project\\Gizmo.exe:*:Enabled:Gizmo Project"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\Program Files\\Miranda-IM\\miranda32.exe"="F:\\Program Files\\Miranda-IM\\miranda32.exe:*:Enabled:Miranda IM"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\xloader10181.exe"="C:\\Program Files\\xloader10181.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Test\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe"="C:\\Documents and Settings\\Test\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe"="C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Test\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Test\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Test\\Application Data\\ppldr.exe"="C:\\Documents and Settings\\Test\\Application Data\\ppldr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Test\\Application Data\\trant.exe"="C:\\Documents and Settings\\Test\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Test\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 1 Nov 2007 230,400 ..SHR --- "C:\Program Files\??mbols\s?rvices.exe"
Sun 30 Sep 2007 88 ..SHR --- "C:\WINDOWS\system32\443861A727.sys"
Sun 18 Nov 2007 20,810 ..SH. --- "C:\WINDOWS\system32\ggkfsxrw.dllbox"
Wed 28 Nov 2007 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 17 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 28 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 28 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\895429730abf1e933cbabe1c3fad3173\BIT3.tmp"
Finished!
Run by Test on 29/11/2007 at 15:35
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Test\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\E404 Helper\e404.v5.dll - Deleted
Folder C:\Program Files\E404 Helper - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 15:42:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="f:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:4a,b7,02,07,55,32,78,b0,c9,c8,6f,7f,86,97,a2,dc,10,86,bb,30,44,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="f:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:4a,b7,02,07,55,32,78,b0,c9,c8,6f,7f,86,97,a2,dc,10,86,bb,30,44,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"F:\\Program Files\\Gizmo Project\\mDNSResponder.exe"="F:\\Program Files\\Gizmo Project\\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\\Program Files\\Gizmo Project\\Gizmo.exe"="F:\\Program Files\\Gizmo Project\\Gizmo.exe:*:Enabled:Gizmo Project"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\Program Files\\Miranda-IM\\miranda32.exe"="F:\\Program Files\\Miranda-IM\\miranda32.exe:*:Enabled:Miranda IM"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\xloader10181.exe"="C:\\Program Files\\xloader10181.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Test\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe"="C:\\Documents and Settings\\Test\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe"="C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Test\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Test\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Test\\Application Data\\ppldr.exe"="C:\\Documents and Settings\\Test\\Application Data\\ppldr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Test\\Application Data\\trant.exe"="C:\\Documents and Settings\\Test\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Test\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 1 Nov 2007 230,400 ..SHR --- "C:\Program Files\??mbols\s?rvices.exe"
Sun 30 Sep 2007 88 ..SHR --- "C:\WINDOWS\system32\443861A727.sys"
Sun 18 Nov 2007 20,810 ..SH. --- "C:\WINDOWS\system32\ggkfsxrw.dllbox"
Wed 28 Nov 2007 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 17 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 28 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 28 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\895429730abf1e933cbabe1c3fad3173\BIT3.tmp"
Finished!
bonsoir,
fais un scan en ligne avec bitdefender : https://www.bitdefender.com/toolbox/
postes le rapport
fais un scan en ligne avec bitdefender : https://www.bitdefender.com/toolbox/
postes le rapport
BitDefender Online Scanner - Real Time Virus Report
Generated at: Fri, Nov 30, 2007 - 22:39:34
Scan Info
Scanned Files 347306
Infected Files 1
Virus Detected
Trojan.Generic.79013 1
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
Generated at: Fri, Nov 30, 2007 - 22:39:34
Scan Info
Scanned Files 347306
Infected Files 1
Virus Detected
Trojan.Generic.79013 1
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
