Fond d'écran bleu
Nikus
-
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
Bonjour,
Depuis hier soir, j'ai un problème sur mon ordinateur.
En effet, le fond d'écran habituel est remplacé par un fond d'écran bleu où il est marqué "Warning! Spyware detecte on your computer! Install an antivirus or spyware Remove to clean your computer.
Voici les différents rappors de scan que j'ai obtenu :
CClean :
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Aurigma.ShellCombo.4]
[HKEY_CLASSES_ROOT\Aurigma.ShellCombo.4\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.ShellCombo.4\CurVer]
[HKEY_CLASSES_ROOT\Aurigma.ShellCombo.4.1]
[HKEY_CLASSES_ROOT\Aurigma.ShellCombo.4.1\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.Thumbnail.4]
[HKEY_CLASSES_ROOT\Aurigma.Thumbnail.4\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.Thumbnail.4\CurVer]
[HKEY_CLASSES_ROOT\Aurigma.Thumbnail.4.1]
[HKEY_CLASSES_ROOT\Aurigma.Thumbnail.4.1\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.UploadItem.4]
[HKEY_CLASSES_ROOT\Aurigma.UploadItem.4\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.UploadItem.4\CurVer]
[HKEY_CLASSES_ROOT\Aurigma.UploadItem.4.1]
[HKEY_CLASSES_ROOT\Aurigma.UploadItem.4.1\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.UploadItems.4]
[HKEY_CLASSES_ROOT\Aurigma.UploadItems.4\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.UploadItems.4\CurVer]
[HKEY_CLASSES_ROOT\Aurigma.UploadItems.4.1]
[HKEY_CLASSES_ROOT\Aurigma.UploadItems.4.1\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.UploadPane.4]
[HKEY_CLASSES_ROOT\Aurigma.UploadPane.4\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.UploadPane.4\CurVer]
[HKEY_CLASSES_ROOT\Aurigma.UploadPane.4.1]
[HKEY_CLASSES_ROOT\Aurigma.UploadPane.4.1\CLSID]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl\CLSID]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl\CurVer]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1\CLSID]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1\Insertable]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtlSecondary]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtlSecondary\CLSID]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtlSecondary\CurVer]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtlSecondary.1]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtlSecondary.1\CLSID]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtlSecondary.1\Insertable]
[HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid]
[HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid]
[HKEY_CLASSES_ROOT\Applications\MyHeritage.exe]
[HKEY_CLASSES_ROOT\Applications\MyHeritage.exe\shell]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Dynamic Toolbar_is1]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,40,48,00,00,00,00,00,fe,28,71,\
e2,39,20,c5,01,02,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,4f,00,4c,00,20,\
00,39,00,2e,00,30,00,5c,00,61,00,6f,00,6c,00,2e,00,65,00,78,00,65,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000
BitDefender :
BitDefender Online Scanner
Scan report generated at: Sun, Jul 20, 2008 - 13:17:33
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;
Statistics
Time
00:56:24
Files
263400
Folders
5724
Boot Sectors
3
Archives
39148
Packed Files
8915
Results
Identified Viruses
6
Infected Files
6
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
4
Engines Info
Virus Definitions
1382184
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
43
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Murielle\ie_updates3r.exe
Infected with: Trojan.Downloader.Tipikit.F
C:\Documents and Settings\Murielle\ie_updates3r.exe
Disinfection failed
C:\Documents and Settings\Murielle\ie_updates3r.exe
Delete failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0056168.exe=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0056168.exe=>(NSIS o)=>lzma_solid_nsis0000
Disinfection failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0056168.exe=>(NSIS o)=>lzma_solid_nsis0000
Deleted
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0056168.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0057106.exe
Detected with: Application.Generic.9939
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0057106.exe
Disinfection failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0057106.exe
Deleted
C:\WINDOWS\system32\ctfmonb.bmp
Infected with: Trojan.FakeAlert.SN
C:\WINDOWS\system32\ctfmonb.bmp
Deleted
C:\WINDOWS\system32\lphc10dj0ejbt.exe
Infected with: Trojan.FakeAlert.UT
C:\WINDOWS\system32\lphc10dj0ejbt.exe
Disinfection failed
C:\WINDOWS\system32\lphc10dj0ejbt.exe
Delete failed
C:\WINDOWS\system32\phc10dj0ejbt.bmp
Infected with: Trojan.FakeAlert.UM
C:\WINDOWS\system32\phc10dj0ejbt.bmp
Deleted
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06, on 2008-07-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Documents and Settings\Murielle\ie_updates3r.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\lphc10dj0ejbt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [lphc10dj0ejbt] C:\WINDOWS\system32\lphc10dj0ejbt.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [herjek] C:\WINDOWS\herjek.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [herjek] C:\WINDOWS\herjek.exe (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://as1.emv2.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Online Services - Unknown owner - C:\Documents and Settings\Murielle\ie_updates3r.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Depuis hier soir, j'ai un problème sur mon ordinateur.
En effet, le fond d'écran habituel est remplacé par un fond d'écran bleu où il est marqué "Warning! Spyware detecte on your computer! Install an antivirus or spyware Remove to clean your computer.
Voici les différents rappors de scan que j'ai obtenu :
CClean :
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Aurigma.ShellCombo.4]
[HKEY_CLASSES_ROOT\Aurigma.ShellCombo.4\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.ShellCombo.4\CurVer]
[HKEY_CLASSES_ROOT\Aurigma.ShellCombo.4.1]
[HKEY_CLASSES_ROOT\Aurigma.ShellCombo.4.1\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.Thumbnail.4]
[HKEY_CLASSES_ROOT\Aurigma.Thumbnail.4\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.Thumbnail.4\CurVer]
[HKEY_CLASSES_ROOT\Aurigma.Thumbnail.4.1]
[HKEY_CLASSES_ROOT\Aurigma.Thumbnail.4.1\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.UploadItem.4]
[HKEY_CLASSES_ROOT\Aurigma.UploadItem.4\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.UploadItem.4\CurVer]
[HKEY_CLASSES_ROOT\Aurigma.UploadItem.4.1]
[HKEY_CLASSES_ROOT\Aurigma.UploadItem.4.1\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.UploadItems.4]
[HKEY_CLASSES_ROOT\Aurigma.UploadItems.4\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.UploadItems.4\CurVer]
[HKEY_CLASSES_ROOT\Aurigma.UploadItems.4.1]
[HKEY_CLASSES_ROOT\Aurigma.UploadItems.4.1\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.UploadPane.4]
[HKEY_CLASSES_ROOT\Aurigma.UploadPane.4\CLSID]
[HKEY_CLASSES_ROOT\Aurigma.UploadPane.4\CurVer]
[HKEY_CLASSES_ROOT\Aurigma.UploadPane.4.1]
[HKEY_CLASSES_ROOT\Aurigma.UploadPane.4.1\CLSID]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl\CLSID]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl\CurVer]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1\CLSID]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1\Insertable]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtlSecondary]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtlSecondary\CLSID]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtlSecondary\CurVer]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtlSecondary.1]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtlSecondary.1\CLSID]
[HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtlSecondary.1\Insertable]
[HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid]
[HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid]
[HKEY_CLASSES_ROOT\Applications\MyHeritage.exe]
[HKEY_CLASSES_ROOT\Applications\MyHeritage.exe\shell]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Dynamic Toolbar_is1]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,40,48,00,00,00,00,00,fe,28,71,\
e2,39,20,c5,01,02,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,4f,00,4c,00,20,\
00,39,00,2e,00,30,00,5c,00,61,00,6f,00,6c,00,2e,00,65,00,78,00,65,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000
BitDefender :
BitDefender Online Scanner
Scan report generated at: Sun, Jul 20, 2008 - 13:17:33
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;
Statistics
Time
00:56:24
Files
263400
Folders
5724
Boot Sectors
3
Archives
39148
Packed Files
8915
Results
Identified Viruses
6
Infected Files
6
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
4
Engines Info
Virus Definitions
1382184
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
43
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Murielle\ie_updates3r.exe
Infected with: Trojan.Downloader.Tipikit.F
C:\Documents and Settings\Murielle\ie_updates3r.exe
Disinfection failed
C:\Documents and Settings\Murielle\ie_updates3r.exe
Delete failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0056168.exe=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0056168.exe=>(NSIS o)=>lzma_solid_nsis0000
Disinfection failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0056168.exe=>(NSIS o)=>lzma_solid_nsis0000
Deleted
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0056168.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0057106.exe
Detected with: Application.Generic.9939
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0057106.exe
Disinfection failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0057106.exe
Deleted
C:\WINDOWS\system32\ctfmonb.bmp
Infected with: Trojan.FakeAlert.SN
C:\WINDOWS\system32\ctfmonb.bmp
Deleted
C:\WINDOWS\system32\lphc10dj0ejbt.exe
Infected with: Trojan.FakeAlert.UT
C:\WINDOWS\system32\lphc10dj0ejbt.exe
Disinfection failed
C:\WINDOWS\system32\lphc10dj0ejbt.exe
Delete failed
C:\WINDOWS\system32\phc10dj0ejbt.bmp
Infected with: Trojan.FakeAlert.UM
C:\WINDOWS\system32\phc10dj0ejbt.bmp
Deleted
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06, on 2008-07-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Documents and Settings\Murielle\ie_updates3r.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\lphc10dj0ejbt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [lphc10dj0ejbt] C:\WINDOWS\system32\lphc10dj0ejbt.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [herjek] C:\WINDOWS\herjek.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [herjek] C:\WINDOWS\herjek.exe (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://as1.emv2.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Online Services - Unknown owner - C:\Documents and Settings\Murielle\ie_updates3r.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
A voir également:
- Fond d'écran bleu
- Supprimer rond bleu whatsapp - Guide
- Double ecran - Guide
- Comment mettre une vidéo en fond d'écran - Guide
- Écran bleu - Guide
- Capture d'écran whatsapp - Accueil - Messagerie instantanée
4 réponses
OK, essai Spybot Search and Detsroy, AVG anti spyware. Fais les scans en mode sans echèc de preference. Ensuite essai ad-aware. Si le problème persiste essai SmitFraudFix.
Dans les suspects,t'as surement entré sans protection. Résultat des spyware et des virus se sont infiltrés. Solution, soit t'achetes un bon anti-virus + Spybot (sur 01telecharger.com) +Avg antispyware (gratuit) ou soit tu reformates ton ordi avec le disque dur infecté (il est conseillé de deplacer les fichiers important du genre "photos de vacance" sur un autre disque dur ou soit dans une clé usb)
Bonjour à tous
@ lol:
Pourquoi formater ??? N'importe quoi...
@ Nikus :
Tu as un trojan (cheval de Troie) qui a installé de faux logiciels de protection sur ton ordinateur (antivirus xp 2008 par exemple). Pour désinfecter, merci d'utiliser un programme spécialisé comme celui-ci :
Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse stp.
Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php
@ lol:
Pourquoi formater ??? N'importe quoi...
@ Nikus :
Tu as un trojan (cheval de Troie) qui a installé de faux logiciels de protection sur ton ordinateur (antivirus xp 2008 par exemple). Pour désinfecter, merci d'utiliser un programme spécialisé comme celui-ci :
Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse stp.
Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php
