A voir également:
- Analyse Hijack + ISTBar indélogeable !!!!
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Analyse batterie pc - Guide
- Analyse composant pc - Guide
- Analyse composant pc en ligne - Guide
7 réponses
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
105
27 févr. 2006 à 23:10
27 févr. 2006 à 23:10
Bonsoir Catherine,
Je vois d'emblée que vous n'avez pas la dernière version de HijackThis.
1/ Scanne ton PC avec cet antivirus en ligne :
http://www.bitdefender.com/scan8/ie.html
Clique sur "I Agree" et scanne tout le PC.
Copie/colle le rapport sur le forum.
Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
2/ Télécharge HijackThis : http://www.01net.com/telecharger/windows/Internet/internet_utlitaire/fiches/29061.html
- Installe le dans son propre dossier.
Par exemple, C:\HijackThis
Choisis l'option "do a scan and a logfile", il va te générer un rapport, copie et colle sur le forum.
Regarde la démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Bonne nuit.
Je vois d'emblée que vous n'avez pas la dernière version de HijackThis.
1/ Scanne ton PC avec cet antivirus en ligne :
http://www.bitdefender.com/scan8/ie.html
Clique sur "I Agree" et scanne tout le PC.
Copie/colle le rapport sur le forum.
Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
2/ Télécharge HijackThis : http://www.01net.com/telecharger/windows/Internet/internet_utlitaire/fiches/29061.html
- Installe le dans son propre dossier.
Par exemple, C:\HijackThis
Choisis l'option "do a scan and a logfile", il va te générer un rapport, copie et colle sur le forum.
Regarde la démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Bonne nuit.
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
28 févr. 2006 à 04:19
28 févr. 2006 à 04:19
hello
attention
2 pare-feu !!
Personal Firewall V9 & Trend Micro Personal Firewall
donc ménage à faire
désactiver pour l analyse
TeaTimer.exe de Spybot
attention
2 pare-feu !!
Personal Firewall V9 & Trend Micro Personal Firewall
donc ménage à faire
désactiver pour l analyse
TeaTimer.exe de Spybot
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
105
28 févr. 2006 à 09:26
28 févr. 2006 à 09:26
Salut ara,
Je ne sais pas comme Toi, mais moi je ne vois pas uniquement le problème des deux firewalls installés, il y a également des infections et des mises à jour à effectuer !!
Je n'ai pas regardé son log entièrement, je me suis focalisé spécialement sur le début.
Je pense donc qu'un scan en ligne préliminaire ne fera pas de mal, suivit d'un nouveau log avec la dernière version HijackThis.
Tu as opéré une dernière intervention à 04h46 donc je pense que tu dois encore dormir.
Bonne nuit.
Je ne sais pas comme Toi, mais moi je ne vois pas uniquement le problème des deux firewalls installés, il y a également des infections et des mises à jour à effectuer !!
Je n'ai pas regardé son log entièrement, je me suis focalisé spécialement sur le début.
Je pense donc qu'un scan en ligne préliminaire ne fera pas de mal, suivit d'un nouveau log avec la dernière version HijackThis.
Tu as opéré une dernière intervention à 04h46 donc je pense que tu dois encore dormir.
Bonne nuit.
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
28 févr. 2006 à 18:52
28 févr. 2006 à 18:52
re kris
ns sommes ok
il faut au préalable nettoyer un max par des solutions simples
avant de s attaquer à l'hijack
oui , ai vu 1.99.0 a.l.d 1.99.1, sa version est obsoléte
suis resté tard cette nuit devant un blem de mémoire ou de dd,voire les 2 ensemble - le gros caca , quoi !
ns sommes ok
il faut au préalable nettoyer un max par des solutions simples
avant de s attaquer à l'hijack
oui , ai vu 1.99.0 a.l.d 1.99.1, sa version est obsoléte
suis resté tard cette nuit devant un blem de mémoire ou de dd,voire les 2 ensemble - le gros caca , quoi !
Bonjour,
Désolée du retard mais j'ai beaucoup de problèmes pour me connecter à Internet.
Voici le rapport Bitdefender (mais j'ai oublié de désactiver l'anti pop-up) :
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:18:55
Files
245189
Folders
3387
Boot Sectors
2
Archives
2868
Packed Files
28948
Results
Identified Viruses
24
Infected Files
32
Suspect Files
1
Warnings
0
Disinfected
0
Deleted Files
29
Engines Info
Virus Definitions
289403
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Infected with: Backdoor.RBot.28AF9287
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Deleted
C:\msnupdatess.exe=>(CAB Sfx r)
Update failed
C:\WINDOWS\SYSTEM32\o
Infected with: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\o
Disinfection failed
C:\WINDOWS\SYSTEM32\o
Delete failed
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
Infected with: Backdoor.SDBot.AMV
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
Disinfection failed
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
Deleted
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
Infected with: Trojan.Mutech.E
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
Disinfection failed
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
Deleted
C:\WINDOWS\SYSTEM32\TFTP1332
Infected with: Backdoor.Sdbot.MA
C:\WINDOWS\SYSTEM32\TFTP1332
Disinfection failed
C:\WINDOWS\SYSTEM32\TFTP1332
Deleted
C:\WINDOWS\SYSTEM32\c.bat
Infected with: Backdoor.BotGet.FtpA.Gen
C:\WINDOWS\SYSTEM32\c.bat
Deleted
C:\WINDOWS\SYSTEM32\.pif
Infected with: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\.pif
Deleted
C:\WINDOWS\SYSTEM32\1.bat
Infected with: Backdoor.BotGet.FtpA.Gen
C:\WINDOWS\SYSTEM32\1.bat
Deleted
C:\WINDOWS\SYSTEM32\i
Suspected of: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\i
Disinfection failed
C:\WINDOWS\SYSTEM32\i
Deleted
C:\WINDOWS\SYSTEM32\mpsys.exe
Infected with: Trojan.Dropper.Juntador.E
C:\WINDOWS\SYSTEM32\mpsys.exe
Deleted
C:\WINDOWS\SYSTEM32\.a
Infected with: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\.a
Deleted
C:\WINDOWS\SYSTEM32\SVKP.sys
Infected with: Backdoor.Rbot.CBD
C:\WINDOWS\SYSTEM32\SVKP.sys
Disinfection failed
C:\WINDOWS\SYSTEM32\SVKP.sys
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Infected with: Virtool.HiddenRun.C
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Infected with: Trojan.Flood.22016
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Detected with: Application.SlimFTP.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Infected with: Virtool.Xscan.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Infected with: MemScan:Virtool.HiddenRun.B
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Detected with: Application.Sniffer.DaSniff
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Infected with: Virtool.Xscan.Plugin
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Infected with: Trojan.Mirc.Flood.J
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Infected with: IRC-Worm.Randon.T
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ntvdmn.exe
Infected with: Backdoor.SDBot.838A8352
C:\WINDOWS\SYSTEM32\ntvdmn.exe
Deleted
C:\WINDOWS\SYSTEM32\perfont.exe
Infected with: Trojan.Mutech.E
C:\WINDOWS\SYSTEM32\perfont.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\perfont.exe
Delete failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Infected with: Backdoor.RBot.1ED74066
C:\WINDOWS\SYSTEM32\msnservex.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Delete failed
C:\WINDOWS\SYSTEM32\down.com
Infected with: Trojan.Dropper.Dos.Rute.D
C:\WINDOWS\SYSTEM32\down.com
Disinfection failed
C:\WINDOWS\SYSTEM32\down.com
Deleted
C:\WINDOWS\win32ssr.exe
Infected with: Backdoor.SDBot.AMV
C:\WINDOWS\win32ssr.exe
Disinfection failed
C:\WINDOWS\win32ssr.exe
Delete failed
C:\WINDOWS\HELP\Tours\van32.exe
Infected with: Virtool.HiddenRun.C
C:\WINDOWS\HELP\Tours\van32.exe
Disinfection failed
C:\WINDOWS\HELP\Tours\van32.exe
Deleted
C:\WINDOWS\HELP\Tours\dat\nt_user.dic
Infected with: Trojan.Mirc.Flood.J
C:\WINDOWS\HELP\Tours\dat\nt_user.dic
Disinfection failed
C:\WINDOWS\HELP\Tours\dat\nt_user.dic
Deleted
C:\U.exe
Infected with: Trojan.Mutech.E
C:\U.exe
Disinfection failed
C:\U.exe
Deleted
C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
Infected with: Trojan.Win95.Flashkiller
C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
Disinfection failed
C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.EI
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Backdoor.RBot.3DFE4021
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.DU
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Disinfection failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
Et voici le log Hijack :
Logfile of HijackThis v1.99.1
Scan saved at 22:07:12, on 01/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\msnservex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\perfont.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\win32ssr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP Client autorisé\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noos.fr/abonnes.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [System Service] real.exe
O4 - HKLM\..\Run: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnservex.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [System Service] real.exe
O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnservex.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\OFFICE\1036\PHDINTL.DLL/phdContext.htm
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125517162534
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Evaluation Service - Evalution Customer - C:\Program Files\Fichiers communs\Evalution Customer Shared\Service\Evaluation Service FileName.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe
O23 - Service: Windows HWinfo Loader - Unknown owner - C:\WINDOWS\iexplre.exe (file missing)
Merci de votre aide.
Désolée du retard mais j'ai beaucoup de problèmes pour me connecter à Internet.
Voici le rapport Bitdefender (mais j'ai oublié de désactiver l'anti pop-up) :
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:18:55
Files
245189
Folders
3387
Boot Sectors
2
Archives
2868
Packed Files
28948
Results
Identified Viruses
24
Infected Files
32
Suspect Files
1
Warnings
0
Disinfected
0
Deleted Files
29
Engines Info
Virus Definitions
289403
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Infected with: Backdoor.RBot.28AF9287
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Deleted
C:\msnupdatess.exe=>(CAB Sfx r)
Update failed
C:\WINDOWS\SYSTEM32\o
Infected with: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\o
Disinfection failed
C:\WINDOWS\SYSTEM32\o
Delete failed
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
Infected with: Backdoor.SDBot.AMV
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
Disinfection failed
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ST2NKT23\rp5[1].exe
Deleted
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
Infected with: Trojan.Mutech.E
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
Disinfection failed
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01KH2LCP\tds[1].exe
Deleted
C:\WINDOWS\SYSTEM32\TFTP1332
Infected with: Backdoor.Sdbot.MA
C:\WINDOWS\SYSTEM32\TFTP1332
Disinfection failed
C:\WINDOWS\SYSTEM32\TFTP1332
Deleted
C:\WINDOWS\SYSTEM32\c.bat
Infected with: Backdoor.BotGet.FtpA.Gen
C:\WINDOWS\SYSTEM32\c.bat
Deleted
C:\WINDOWS\SYSTEM32\.pif
Infected with: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\.pif
Deleted
C:\WINDOWS\SYSTEM32\1.bat
Infected with: Backdoor.BotGet.FtpA.Gen
C:\WINDOWS\SYSTEM32\1.bat
Deleted
C:\WINDOWS\SYSTEM32\i
Suspected of: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\i
Disinfection failed
C:\WINDOWS\SYSTEM32\i
Deleted
C:\WINDOWS\SYSTEM32\mpsys.exe
Infected with: Trojan.Dropper.Juntador.E
C:\WINDOWS\SYSTEM32\mpsys.exe
Deleted
C:\WINDOWS\SYSTEM32\.a
Infected with: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\SYSTEM32\.a
Deleted
C:\WINDOWS\SYSTEM32\SVKP.sys
Infected with: Backdoor.Rbot.CBD
C:\WINDOWS\SYSTEM32\SVKP.sys
Disinfection failed
C:\WINDOWS\SYSTEM32\SVKP.sys
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Infected with: Virtool.HiddenRun.C
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Infected with: Trojan.Flood.22016
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Detected with: Application.SlimFTP.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Infected with: Virtool.Xscan.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Infected with: MemScan:Virtool.HiddenRun.B
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Detected with: Application.Sniffer.DaSniff
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Infected with: Virtool.Xscan.Plugin
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Infected with: Trojan.Mirc.Flood.J
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Infected with: IRC-Worm.Randon.T
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ntvdmn.exe
Infected with: Backdoor.SDBot.838A8352
C:\WINDOWS\SYSTEM32\ntvdmn.exe
Deleted
C:\WINDOWS\SYSTEM32\perfont.exe
Infected with: Trojan.Mutech.E
C:\WINDOWS\SYSTEM32\perfont.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\perfont.exe
Delete failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Infected with: Backdoor.RBot.1ED74066
C:\WINDOWS\SYSTEM32\msnservex.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Delete failed
C:\WINDOWS\SYSTEM32\down.com
Infected with: Trojan.Dropper.Dos.Rute.D
C:\WINDOWS\SYSTEM32\down.com
Disinfection failed
C:\WINDOWS\SYSTEM32\down.com
Deleted
C:\WINDOWS\win32ssr.exe
Infected with: Backdoor.SDBot.AMV
C:\WINDOWS\win32ssr.exe
Disinfection failed
C:\WINDOWS\win32ssr.exe
Delete failed
C:\WINDOWS\HELP\Tours\van32.exe
Infected with: Virtool.HiddenRun.C
C:\WINDOWS\HELP\Tours\van32.exe
Disinfection failed
C:\WINDOWS\HELP\Tours\van32.exe
Deleted
C:\WINDOWS\HELP\Tours\dat\nt_user.dic
Infected with: Trojan.Mirc.Flood.J
C:\WINDOWS\HELP\Tours\dat\nt_user.dic
Disinfection failed
C:\WINDOWS\HELP\Tours\dat\nt_user.dic
Deleted
C:\U.exe
Infected with: Trojan.Mutech.E
C:\U.exe
Disinfection failed
C:\U.exe
Deleted
C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
Infected with: Trojan.Win95.Flashkiller
C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
Disinfection failed
C:\Program Files\QuarkXPress Passport\SETUP\INSTALL.EXE
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.EI
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Backdoor.RBot.3DFE4021
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.DU
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Disinfection failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
Et voici le log Hijack :
Logfile of HijackThis v1.99.1
Scan saved at 22:07:12, on 01/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\msnservex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\perfont.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\win32ssr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP Client autorisé\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noos.fr/abonnes.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [System Service] real.exe
O4 - HKLM\..\Run: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnservex.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [System Service] real.exe
O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnservex.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\OFFICE\1036\PHDINTL.DLL/phdContext.htm
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125517162534
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Evaluation Service - Evalution Customer - C:\Program Files\Fichiers communs\Evalution Customer Shared\Service\Evaluation Service FileName.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe
O23 - Service: Windows HWinfo Loader - Unknown owner - C:\WINDOWS\iexplre.exe (file missing)
Merci de votre aide.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
2 mars 2006 à 20:38
2 mars 2006 à 20:38
re
1/ IE est à màj via WindowsUpdate - ta version est obsoléte
2/fixe ces lignes
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125517162534
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
3/ démar+exécuter+tape services.msc+ok
dans le menu déroulant tu cherches
"Win32Sr"
"Windows HWinfo Loader "
tu désactives ces 2 programmes
4/poursuite de l audit aprés bouffer
1/ IE est à màj via WindowsUpdate - ta version est obsoléte
2/fixe ces lignes
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125517162534
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
3/ démar+exécuter+tape services.msc+ok
dans le menu déroulant tu cherches
"Win32Sr"
"Windows HWinfo Loader "
tu désactives ces 2 programmes
4/poursuite de l audit aprés bouffer
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
3 mars 2006 à 02:00
3 mars 2006 à 02:00
refais
http://www.bitdefender.fr/bd/site/search.php#
que je sache ce qui reste à enlever
colle rapport bien sur
http://www.bitdefender.fr/bd/site/search.php#
que je sache ce qui reste à enlever
colle rapport bien sur
Bonsoir,
Voici le rapport Bitdefender :
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:15:14
Files
245632
Folders
3398
Boot Sectors
2
Archives
2891
Packed Files
28973
Results
Identified Viruses
15
Infected Files
15
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
15
Engines Info
Virus Definitions
292665
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Infected with: Backdoor.RBot.28AF9287
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Deleted
C:\msnupdatess.exe=>(CAB Sfx r)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Infected with: Virtool.HiddenRun.C
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Infected with: Trojan.Flood.22016
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Detected with: Application.SlimFTP.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Infected with: Virtool.Xscan.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Infected with: MemScan:Virtool.HiddenRun.B
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Detected with: Application.Sniffer.DaSniff
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Infected with: Virtool.Xscan.Plugin
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Infected with: Trojan.Mirc.Flood.J
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Infected with: IRC-Worm.Randon.T
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Infected with: Backdoor.RBot.1ED74066
C:\WINDOWS\SYSTEM32\msnservex.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Delete failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
Infected with: Backdoor.SDBot.AMV
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.EI
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Backdoor.RBot.3DFE4021
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.DU
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Disinfection failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
Voici le rapport Bitdefender :
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:15:14
Files
245632
Folders
3398
Boot Sectors
2
Archives
2891
Packed Files
28973
Results
Identified Viruses
15
Infected Files
15
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
15
Engines Info
Virus Definitions
292665
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Infected with: Backdoor.RBot.28AF9287
C:\msnupdatess.exe=>(CAB Sfx r)=>newpec.exe
Deleted
C:\msnupdatess.exe=>(CAB Sfx r)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Infected with: Virtool.HiddenRun.C
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\van32.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Infected with: Trojan.Flood.22016
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\eoputr.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Detected with: Application.SlimFTP.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\ipcfg.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Infected with: Virtool.Xscan.A
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\roudstid.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Infected with: MemScan:Virtool.HiddenRun.B
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\repcale.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Detected with: Application.Sniffer.DaSniff
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\orrl.exe
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Infected with: Virtool.Xscan.Plugin
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\plugin\090-ntpass.xpn
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Infected with: Trojan.Mirc.Flood.J
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\dat\nt_user.dic
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Infected with: IRC-Worm.Randon.T
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Disinfection failed
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)=>help\Tours\coder.sus
Deleted
C:\WINDOWS\SYSTEM32\ver.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Infected with: Backdoor.RBot.1ED74066
C:\WINDOWS\SYSTEM32\msnservex.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\msnservex.exe
Delete failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
Infected with: Backdoor.SDBot.AMV
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.EI
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT=>(Embedded EXE g)
Deleted
C:\Program Files\Trend Micro\Internet Security 12\backup\S\50831001.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Backdoor.RBot.3DFE4021
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Dyfuca.DU
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Disinfection failed
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT=>(Embedded EXE g)
Deleted
C:\Documents and Settings\HP Client autorisé\Mes documents\tsc\backup\T\50202000.DAT
Update failed