win32/boxed.DX
Forum Sécurité - Virus : win32/boxed.DX
salut j'ai un probleme depuis deja quelques temps ... mon antivirus detecte toutes les 20 minutes environs un programme nommer "win32/boxed.DX" et a chaque fois il le supprime mais il revient !
comment s'en debarasser ?
Message édité par Florp le 25-09-2006 à 19:06:06
et maintenent Win/crusc.V s'ajoute au au virus !!!
Bonsoir,
Télécharge le programme >>Hijackthis 1.99.1<<
- Dézippe-le et mets-le dans un dossier specifique (exemple : ..\Bureau\Hijackthis\Hijackthis.exe )
- Renomme le fichier HijackThis.exe par exemple en Scanner.exe
(le renommer permet de faire apparaître des infections qui se cachent dès qu'elles détecte HijackThis.exe)
- Lance Scanner.exe
- Clique sur "Do a system scan and save a logfile" et poste le rapport avec copier/coller
Répondre à esteban54
Logfile of HijackThis v1.99.1
Scan saved at 20:46:18, on 25/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Bureau\sanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Suchspur - {5D945E9A-DC10-4670-83EB-99DAA616628A} - C:\WINDOWS\system32\Suchspur.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{31BC71B2-42D9-400F-8F6B-FAA1C576B72C}: NameServer = 80.10.246.1 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{31BC71B2-42D9-400F-8F6B-FAA1C576B72C}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
Re,
1/ Télécharge et installe CCleaner
2/ Télécharge et installe ewido
Mets-le à jour (Bouton Update en haut puis bouton Start Update)
3/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
4/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O2 - BHO: Suchspur - {5D945E9A-DC10-4670-83EB-99DAA616628A} - C:\WINDOWS\system32\Suchspur.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
5/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)
6/ ensuite supprime les fichiers et/ou dossiers suivants si présents :
C:\WINDOWS\system\smss.exe
C:\WINDOWS\system32\Suchspur.dll
7/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage
8/ Lance ewido :
Bouton Scanner
Puis onglet Settings
Dans la section How to Act, clique sur Recommanded Actions. Sélectionne Quarantine.
Reviens à l'onglet Scan. Clique sur "Complete System Scan"
A la fin du scan, choisis l'option "Apply All Actions" en bas.
Clique sur "Save Report", puis "Save Report As" afin de sauvegarder le rapport sur le bureau.
9/ Redémarre normalement, poste le rapport d'ewido ainsi qu'un nouveau rapport HijackThis.
Répondre à esteban54
Logfile of HijackThis v1.99.1
Scan saved at 18:32:46, on 26/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\COMPAQ~1.FLO\LOCALS~1\Temp\71exmodul32d.5.exe
C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Bureau\sanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{31BC71B2-42D9-400F-8F6B-FAA1C576B72C}: NameServer = 80.10.246.1 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{31BC71B2-42D9-400F-8F6B-FAA1C576B72C}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
____________________________________________________________
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 18:31:21 26/09/2006
+ Scan result:
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\Cache\FD7DCF95d01 -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Bureau\backups\backup-20060926-174244-556.dll -> Adware.Stud : Error during cleaning.
C:\RECYCLER\S-1-5-21-329208656-3122602561-416316172-1008\Dc3\backup-20060926-174244-556.dll -> Adware.Stud : Cleaned with backup (quarantined).
C:\Program Files\vmntoolbar\uninstall.exe -> Adware.VMN : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Cookies\compaq_propriétaire@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Application Data\Mozilla\Firefox\Profiles\mijodqxg.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\7y2ayqk2.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
::Report end
il reste ça :
C:\DOCUME~1\COMPAQ~1.FLO\LOCALS~1\Temp\71exmodul32d.5.exe
1/ Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
2/ Redémarre en mode sans échec.
3/ Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse-la ouverte.
4/ Vide ce dossier :
C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Local Settings\Temp\
5/ Redémarre normalement et poste :
- le rapport clean situé ici : C:\rapport_clean.txt
- un nouveau rapport HJT.
Répondre à esteban54
Logfile of HijackThis v1.99.1
Scan saved at 20:14:22, on 26/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Propriétaire.FLORIAN\Bureau\sanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{31BC71B2-42D9-400F-8F6B-FAA1C576B72C}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{31BC71B2-42D9-400F-8F6B-FAA1C576B72C}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CAISafe - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe (file missing)
sa a l'air d'etre un sacré virus ! mais je te remercie de ton aide !
et le rapport C:\rapport_clean.txt stp
Répondre à esteban54
Script clean par Malekal_morte - http://www.malekal.com
Microsoft Windows XP [version 5.1.2600]
Script execute en mode sans echec
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des clefs du registre effectuee..
Plus rien d'infectieux dans ce rapport.
as-tu encore des dysfonctionnements ?
Répondre à esteban54
Non aucune detection de mon antivirus depuis que j'ai fait la derniere manipe !
merci beaucoup ! et si il reaparait je posterai ici !
Il y a 1620 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
