

Ranma
Membres-
Compteur de contenus
8 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Ranma
-
Zolob virus recalcitrant!
Ranma a répondu à un(e) sujet de Ranma dans Analyses et éradication malwares
Voici le rapport panda: Incident Status Location Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt[] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\fnac\Bureau\Docs divers\smithfraud\SmitfraudFix\SmitfraudFix\Process.exe Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\fnac\Cookies\fnac@ads.pointroll[1].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\fnac\Cookies\fnac@as1.falkag[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\fnac\Cookies\fnac@atdmt[2].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\fnac\Cookies\fnac@counter4.sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\fnac\Cookies\fnac@sextracker[1].txt Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\fnac\Cookies\fnac@weborama[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\fnac\Cookies\fnac@xiti[1].txt Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK.dll Voila, merci -
Zolob virus recalcitrant!
Ranma a répondu à un(e) sujet de Ranma dans Analyses et éradication malwares
S. birkoff voici les rapports que tu m'a demandé: ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 23:42:14, 04/04/2006 + Somme de contrôle: 480BB3DA + Résultats du scan: C:\Documents and Settings\fnac\Cookies\fnac@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder C:\Documents and Settings\fnac\Cookies\fnac@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder ::Fin du rapport je sais pas si ça va t'aider en tout cas merci a toi pour ton aide! -
Zolob virus recalcitrant!
Ranma a répondu à un(e) sujet de Ranma dans Analyses et éradication malwares
Je vais effectué tes conseils ça risque de prendre un peu de temps je fais ça le plus vite possible. EN tout cas encore merci à toi. -
Zolob virus recalcitrant!
Ranma a répondu à un(e) sujet de Ranma dans Analyses et éradication malwares
Ok voici le rapport smithfraud: SmitFraudFix v2.27 Rapport fait à 18:56:16,29, 02/04/2006 Executé à partir de C:\Documents and Settings\fnac\Bureau\Docs divers\smithfraud\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\hp????.tmp PRESENT ! C:\WINDOWS\system32\msvol.tlb PRESENT ! C:\WINDOWS\system32\ncompat.tlb PRESENT ! C:\WINDOWS\system32\ot.ico PRESENT ! C:\WINDOWS\system32\ts.ico PRESENT ! C:\WINDOWS\system32\1024\ PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\fnac\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\fnac\Favoris C:\Documents and Settings\fnac\Favoris\Antivirus Test Online.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" [HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}"="Wheel Mouse Optical Driver" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Merci pour ton aide. -
Zolob virus recalcitrant!
Ranma a répondu à un(e) sujet de Ranma dans Analyses et éradication malwares
Quand au processus C//: windows32/ nvctrel.exe il ne semble plus être présent mais bon j'y comprend pas grand chose je vous avouerai. -
Zolob virus recalcitrant!
Ranma a répondu à un(e) sujet de Ranma dans Analyses et éradication malwares
S.Birkoff merci pour ton aide: j'ai effectué un scan ewido: Résultats du scan: HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\CLSID\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Nettoyer et sauvegarder HKU\S-1-5-21-1123561945-1547161642-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Nettoyer et sauvegarder HKU\S-1-5-21-1123561945-1547161642-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Nettoyer et sauvegarder HKU\S-1-5-21-1123561945-1547161642-725345543-1005\Software\Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D} -> Adware.SpyFalcon : Nettoyer et sauvegarder HKU\S-1-5-21-1123561945-1547161642-725345543-1005_Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D} -> Adware.SpyFalcon : Nettoyer et sauvegarder :mozilla.7:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder :mozilla.21:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder :mozilla.29:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder :mozilla.31:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder :mozilla.35:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder :mozilla.39:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder :mozilla.40:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.48:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Clickbank : Nettoyer et sauvegarder :mozilla.50:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder :mozilla.51:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.52:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.53:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.57:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.58:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder :mozilla.71:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder :mozilla.72:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder :mozilla.73:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder :mozilla.74:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder :mozilla.75:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder :mozilla.76:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder :mozilla.80:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder :mozilla.83:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder :mozilla.88:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder :mozilla.89:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder :mozilla.90:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder :mozilla.95:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder :mozilla.106:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.107:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.114:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.115:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.127:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder :mozilla.128:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder :mozilla.129:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder :mozilla.130:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder :mozilla.142:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder :mozilla.145:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyer et sauvegarder :mozilla.146:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyer et sauvegarder :mozilla.148:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder :mozilla.149:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder :mozilla.150:C:\Documents and Settings\fnac\Application Data\Mozilla\Firefox\Profiles\nbqgu5qd.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder C:\Documents and Settings\fnac\Cookies\fnac@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder C:\Documents and Settings\fnac\Cookies\fnac@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder C:\Documents and Settings\fnac\Cookies\fnac@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder C:\Documents and Settings\fnac\Cookies\fnac@counter9.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\fnac\Cookies\fnac@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Nettoyer et sauvegarder C:\Documents and Settings\fnac\Cookies\fnac@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\fnac\Cookies\fnac@sexlist[1].txt -> TrackingCookie.Sexlist : Nettoyer et sauvegarder C:\Documents and Settings\fnac\Cookies\fnac@sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\fnac\Cookies\fnac@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder voici le rapport hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 15:09:33, on 02/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Wireless 11Mbps Network\XPFix.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Wiziway\Clicker\TagClick.exe C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\fnac\Bureau\Docs divers\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll (file missing) O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing) O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Alice] C:\Program Files\Wireless 11Mbps Network\XPFix.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Clicker] C:\Program Files\Wiziway\Clicker\TagClick.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll (file missing) O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6223F7AC-9221-498D-BBAE-8034D7095962}: NameServer = 80.118.192.100,80.118.196.36 O17 - HKLM\System\CCS\Services\Tcpip\..\{D262F96E-029C-4176-9DD0-F6CB0D924C05}: NameServer = 80.118.192.100,80.118.196.36 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Nvc\BIN\NJEEVES.EXE (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe (file missing) O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\NORMAN\Nvc\BIN\nvcoas.exe (file missing) O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe Bon je sais pas ce qu'est smithfraud car dans plusieurs scan il m'a été révélé comme objet infecté donc j'hésite à le retélécharger... merci pour vos conseils pour la suite de l'opération. -
Zolob virus recalcitrant!
Ranma a répondu à un(e) sujet de Ranma dans Analyses et éradication malwares
Merci pour vos conseils Mais je suis perdu, vous me donnez deux conseils différents. Au final je dois faire quoi? refaire un scan hijackthis ou refaire un scan antivir ou avast en mode sans échec? Merci pour votre aide. -
mesdames et messieurs bonjour, J' ai suivi cette rubrique et les conseils qui y sont prodigués afin de résoudre mon problème de virus. J'ai donc suivi les recommendatioins à la lettre. A savoir un scan antivir sous mode sans échec. et un scan Hijackthis en mode normal. Je vous poste les deux rapports. Tout fois il semble que le virus zolob trojan demeure sur ma machine. j'attends vos conseils si possible: Rapport Anti vir Report file date: samedi 1 avril 2006 09:01 Jobname: 'Local Drives' Scanning for 345627 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: fnac Computer name: FNAC-WN4KNF6VC6 Version informations: AVSCAN.EXE : 7.0.0.30 536616 21/03/2006 13:48:28 AVSCAN.DLL : 7.0.0.30 40488 21/03/2006 13:48:28 LUKE.DLL : 7.0.0.30 114728 21/03/2006 13:48:28 LUKERES.DLL : 7.0.0.30 25600 21/03/2006 13:48:28 ANTIVIR0.VDF : 6.32.0.60 4323840 27/03/2006 09:11:45 ANTIVIR1.VDF : 6.34.0.105 1669120 01/04/2006 06:22:20 ANTIVIR2.VDF : 6.34.0.106 1536 01/04/2006 06:22:20 ANTIVIR3.VDF : 6.34.0.126 38912 01/04/2006 06:22:20 AVEWIN32.DLL : 7.0.0.3 1167872 28/02/2006 16:06:46 AVPREF.DLL : 6.34.0.0 38440 18/01/2006 12:06:00 AVREP.DLL : 6.34.0.100 2461736 27/03/2006 09:11:50 AVPACK32.DLL : 6.33.0.6 331816 09/01/2006 09:03:37 AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:49 NETNW.DLL : 6.32.0.0 9768 27/09/2005 07:56:49 Start of the scan: samedi 1 avril 2006 09:01 Start scanning boot sectors: Boot sector 'C:' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 59 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\fnac\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\fnac\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\fnac\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\fnac\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\fnac\Local Settings\Temp\Process.exe [DETECTION] Contains signature of the SPR/Processor.20 program [iNFO] The file was deleted! C:\Documents and Settings\fnac\Local Settings\Temp\SmitfraudFix.zip [0] Archive type: ZIP --> SmitfraudFix/Process.exe [DETECTION] Contains signature of the SPR/Processor.20 program [iNFO] The file was deleted! C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\hpAC8B.tmp [DETECTION] Is the Trojan horse TR/Drop.Zlob.GW.1 [iNFO] The file was deleted! C:\WINDOWS\system32\ldFDB9.tmp [DETECTION] Is the Trojan horse TR/Drop.Zlob.JT.2 [iNFO] The file was deleted! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! The path D:\ could not be found! Le périphérique n'est pas prêt. End of the scan: samedi 1 avril 2006 13:00 Used time: 3:58:47 min The scan has been done completely. 3521 Scanning directories 147195 Files were scanned 4 viruses and/or unwanted programs was found 4 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 766 Archives were scanned 38 Warnings 0 Notes Logfile of HijackThis v1.99.1 Scan saved at 13:25:47, on 01/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvctrl.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Wireless 11Mbps Network\XPFix.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Wiziway\Clicker\TagClick.exe C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\fnac\Bureau\Docs divers\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll (file missing) O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpAC8B.tmp (file missing) O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing) O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Alice] C:\Program Files\Wireless 11Mbps Network\XPFix.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Clicker] C:\Program Files\Wiziway\Clicker\TagClick.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll (file missing) O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6223F7AC-9221-498D-BBAE-8034D7095962}: NameServer = 80.118.192.100,80.118.196.36 O17 - HKLM\System\CCS\Services\Tcpip\..\{D262F96E-029C-4176-9DD0-F6CB0D924C05}: NameServer = 80.118.192.100,80.118.196.36 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Nvc\BIN\NJEEVES.EXE (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe (file missing) O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\NORMAN\Nvc\BIN\nvcoas.exe (file missing) O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe