Bonjour, G récupérer le disque dur d'un ami car il avait un bug du système. Après avoir résolu ce problème g lancé une analyse antivirus. Il se trouve que le disque est infecté par divers virus trojan. Pouvez vous me donner un coup de main svp.
Voici une analyse d'hijackthis de son disque dur.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\qfioxira.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\SpecialOffers.exe
C:\DOCUME~1\Pierre\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C0C0E63-62EB-40D9-AAD1-6DF86D0E9B42} - C:\Program Files\CSBB\CSBB.dll
O2 - BHO: (no name) - {660F4CE9-8F5B-4448-A06A-91E8A406B0F3} - C:\Program Files\CSBB\CSBB.dll
O2 - BHO: (no name) - {67932DD9-E43A-4924-BE91-A8C216523096} - C:\Program Files\CSBB\CSBB.dll
O2 - BHO: (no name) - {7D720571-96DC-4BFD-8A44-B071FAD080A1} - C:\Program Files\CSBB\CSBB.dll
O2 - BHO: (no name) - {80167A3E-8F21-4A5E-8A58-5D1CC75CF437} - C:\Program Files\CSBB\CSBB.dll
O2 - BHO: (no name) - {97F071D8-DBB6-48D2-8EA8-D794E3FA32A5} - C:\Program Files\CSBB\CSBB.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
O2 - BHO: (no name) - {AF8C9219-B80F-4560-B97F-1E45E4722B00} - C:\Program Files\CSBB\CSBB.dll
O2 - BHO: (no name) - {BD36B744-2B80-4F78-B073-72D0CE6BF62E} - C:\Program Files\CSBB\CSBB.dll
O2 - BHO: (no name) - {E00EA0FA-83E4-46C7-967C-95E89C533A96} - C:\Program Files\CSBB\CSBB.dll
O2 - BHO: (no name) - {E4AA2416-0824-4540-BC10-89600569F64C} - C:\Program Files\CSBB\CSBB.dll
O4 - HKLM\..\Run: [Zone Alarm] vsmon.exe
O4 - HKLM\..\Run: [Microsoft IT Update] SVCHSST.exe
O4 - HKLM\..\Run: [mswkork Service] msework.exe
O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32sD.exe
O4 - HKLM\..\Run: [Microsoft Update Client] videon_32.exe
O4 - HKLM\..\Run: [MS Autoloader 32] MSAuto32.exe
O4 - HKLM\..\Run: [regsrv] scvhost.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [rinbhdjnsjoyk] C:\WINDOWS\System32\qfioxira.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uvycdolb.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁßfÏNb»1÷ÕçC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uvycdolb.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe
O4 - HKLM\..\RunServices: [Microsoft IT Update] SVCHSST.exe
O4 - HKLM\..\RunServices: [mswkork Service] msework.exe
O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32sD.exe
O4 - HKLM\..\RunServices: [Microsoft Update Client] videon_32.exe
O4 - HKLM\..\RunServices: [MS Autoloader 32] MSAuto32.exe
O4 - HKLM\..\RunServices: [regsrv] scvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft IT Update] SVCHSST.exe
O4 - HKCU\..\Run: [Zone Alarm] vsmon.exe
O4 - HKCU\..\Run: [mswkork Service] msework.exe
O4 - HKCU\..\Run: [NVIDIA Video drivers] video_32sD.exe
O4 - HKCU\..\Run: [Microsoft Update Client] videon_32.exe
O4 - HKCU\..\Run: [MS Autoloader 32] MSAuto32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpecialOffers] C:\WINDOWS\SpecialOffers.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Interface Chat Voila - http://chat14.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1023_FR_XP.cab
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://zephyr.alizes.rapsodie.fr/iNotes6.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_FR_XP.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeFullInstaller.exe
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.alloticket.com/MicroPaiement/kit/WebInstall.dll
O16 - DPF: {8B936702-C234-40D0-B69C-A2F669A33978} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_7_FR_XP.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.cyberamat.com/dialer/sexe.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/604485.exe
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Merci car je sais plus quoi faire
Voici les rapports des scans que tu m'as demandé.
ewido security suite - Rapport de scan
---------------------------------------------------------
+ Créé le: 11:19:40, 01/11/2005
+ Somme de contrôle: 51900104
+ Résultats du scan:
HKLM\SOFTWARE\Classes\CLSID\{50AD557E-3426-41FD-AFDD-2AF39BB1C387} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\CLSID\{8B936702-C234-40D0-B69C-A2F669A33978} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{50AD557E-3426-41FD-AFDD-2AF39BB1C387} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8B936702-C234-40D0-B69C-A2F669A33978} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C771B05E-E725-4516-97A5-4CE5EB163CFB} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bridge.dll\\.Owner -> Spyware.WinFavorites : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bridge.dll\\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Spyware.WinFavorites : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/jao.dll\\.Owner -> Spyware.WinFavorites : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/jao.dll\\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Spyware.WinFavorites : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/EGAUTH.dll\\.Owner -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/EGAUTH.dll\\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/eglivecam_1029.dll\\.Owner -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/eglivecam_1029.dll\\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/eglivecam_1029.dll\\{8B936702-C234-40D0-B69C-A2F669A33978} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LiveService_5.dll\\.Owner -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LiveService_5.dll\\{50AD557E-3426-41FD-AFDD-2AF39BB1C387} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LiveService_7.dll\\.Owner -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LiveService_7.dll\\{8B936702-C234-40D0-B69C-A2F669A33978} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/nethv32.dll\\.Owner -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/nethv32.dll\\{469C7080-8EC8-43A6-AD97-45848113743C} -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/vbiewer.ocx\\.Owner -> Spyware.EliteBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/vbiewer.ocx\\{0B682CC1-FB40-4006-A5DD-99EDD3C9095D} -> Spyware.EliteBar : Nettoyer et sauvegarder
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Nettoyer et sauvegarder
HKU\S-1-5-21-436374069-839522115-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000607D-D204-42C7-8E46-216055BF9918} -> Spyware.TwainTech : Nettoyer et sauvegarder
HKU\S-1-5-21-436374069-839522115-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Nettoyer et sauvegarder
HKU\S-1-5-21-436374069-839522115-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Nettoyer et sauvegarder
[1716] VM_019E0000 -> Adware.BetterInternet : Erreur durant le nettoyage
[1804] C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Nettoyer et sauvegarder
[408] C:\WINDOWS\system32\gkmkqo.exe -> Trojan.Agent.cp : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\604485.exe -> Dialer.Generic : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\WebInstall.dll -> TrojanDownloader.WebInstall : Nettoyer et sauvegarder
C:\WINDOWS\glhsxw.exe -> Adware.BetterInternet : Nettoyer et sauvegarder
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Nettoyer et sauvegarder
C:\WINDOWS\Passe-partout.exe -> Dialer.Generic : Nettoyer et sauvegarder
C:\WINDOWS\system32\Dfgmmkci.dll -> Backdoor.Padodor : Nettoyer et sauvegarder
C:\WINDOWS\system32\EGAUTH.dll -> Trojan.P2E.ak : Nettoyer et sauvegarder
C:\WINDOWS\system32\gkmkqo.exe -> Trojan.Poler.a : Nettoyer et sauvegarder
C:\WINDOWS\system32\LiveService_7.dll -> TrojanDownloader.Wintrim.cn : Nettoyer et sauvegarder
C:\WINDOWS\temp_update.exe -> Dialer.Generic : Nettoyer et sauvegarder
::Fin du rapport
Celui de bid defender
BitDefender Online Scanner
Scan report generated at: Tue, Nov 01, 2005 - 11:44:55
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:09:30
Files
56154
Folders
2336
Boot Sectors
3
Archives
657
Packed Files
65
Results
Identified Viruses
7
Infected Files
14
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
14
Engines Info
Virus Definitions
194753
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
2
Archive plugins
10
Unpack plugins
1
E-mail plugins
1
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028043.exe
Infected with: GenPack:Trojan.Agent.AY
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028043.exe
Disinfection failed
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028043.exe
Deleted
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028051.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028051.exe
Disinfection failed
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028051.exe
Deleted
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028058.exe
Infected with: GenPack:Trojan.Agent.AY
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028058.exe
Disinfection failed
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028058.exe
Deleted
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028064.exe
Infected with: Trojan.Downloader.Agent.AE
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028064.exe
Disinfection failed
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028064.exe
Deleted
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028080.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028080.exe
Disinfection failed
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028080.exe
Deleted
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028082.dll
Infected with: Backdoor.Padobot.U
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028082.dll
Disinfection failed
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028082.dll
Deleted
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028083.dll
Infected with: Trojan.P2e.AK
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028083.dll
Disinfection failed
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028083.dll
Deleted
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028084.dll
Infected with: Trojan.Downloader.Wintrim.CN
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028084.dll
Disinfection failed
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP14\A0028084.dll
Deleted
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP5\A0026264.scr
Infected with: Win32.Netsky.P@mm
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP5\A0026264.scr
Deleted
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP5\A0026265.scr
Infected with: Win32.Netsky.P@mm
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP5\A0026265.scr
Deleted
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP5\A0026270.scr
Infected with: Win32.Netsky.P@mm
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP5\A0026270.scr
Deleted
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP5\A0026278.scr
Infected with: Win32.Netsky.P@mm
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP5\A0026278.scr
Deleted
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP5\A0026279.scr
Infected with: Win32.Netsky.P@mm
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP5\A0026279.scr
Deleted
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP5\A0026280.scr
Infected with: Win32.Netsky.P@mm
C:\System Volume Information\_restore{5DC80C59-49F1-4A09-B4FE-95487FF3B9A5}\RP5\A0026280.scr
Deleted
et le rapport de hijack
Logfile of HijackThis v1.99.1
Scan saved at 11:23:49, on 01/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C0C0E63-62EB-40D9-AAD1-6DF86D0E9B42} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {660F4CE9-8F5B-4448-A06A-91E8A406B0F3} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {67932DD9-E43A-4924-BE91-A8C216523096} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {7D720571-96DC-4BFD-8A44-B071FAD080A1} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {80167A3E-8F21-4A5E-8A58-5D1CC75CF437} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {97F071D8-DBB6-48D2-8EA8-D794E3FA32A5} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {AF8C9219-B80F-4560-B97F-1E45E4722B00} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {BD36B744-2B80-4F78-B073-72D0CE6BF62E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {E00EA0FA-83E4-46C7-967C-95E89C533A96} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {E4AA2416-0824-4540-BC10-89600569F64C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O4 - HKLM\..\Run: [Zone Alarm] vsmon.exe
O4 - HKLM\..\Run: [Microsoft IT Update] SVCHSST.exe
O4 - HKLM\..\Run: [mswkork Service] msework.exe
O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32sD.exe
O4 - HKLM\..\Run: [Microsoft Update Client] videon_32.exe
O4 - HKLM\..\Run: [MS Autoloader 32] MSAuto32.exe
O4 - HKLM\..\Run: [regsrv] scvhost.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe
O4 - HKLM\..\RunServices: [Microsoft IT Update] SVCHSST.exe
O4 - HKLM\..\RunServices: [mswkork Service] msework.exe
O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32sD.exe
O4 - HKLM\..\RunServices: [Microsoft Update Client] videon_32.exe
O4 - HKLM\..\RunServices: [MS Autoloader 32] MSAuto32.exe
O4 - HKLM\..\RunServices: [regsrv] scvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft IT Update] SVCHSST.exe
O4 - HKCU\..\Run: [Zone Alarm] vsmon.exe
O4 - HKCU\..\Run: [mswkork Service] msework.exe
O4 - HKCU\..\Run: [NVIDIA Video drivers] video_32sD.exe
O4 - HKCU\..\Run: [Microsoft Update Client] videon_32.exe
O4 - HKCU\..\Run: [MS Autoloader 32] MSAuto32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Interface Chat Voila - http://chat14.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://zephyr.alizes.rapsodie.fr/iNotes6.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeFullInstaller.exe
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://www.alloticket.com/MicroPaiement/kit/WebInstall.dll
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/604485.exe
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
Merci de ton aide