Aller au contenu

syntax

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    27

  • Inscription

  • Dernière visite

Tout ce qui a été posté par syntax

  1. syntax
    salut Tornado pour la killbox, je l'ai bien exécuté en mode sans échec, si je me souviens bien, j'ai même essayé plusieurs fois mais j'ai l'impression que le logiciel a juste fait une copie du fichier infecté, si bien que j'avais plusieurs fichiers infectés détectés par Antivir (celui d'origine et les autres dans le répertoire Killbox) sinon pour la barre des taches Baidu, je veux bien la supprimer si elle comporte des risques. Que dois-je faire ? où en est-tu avec ta procédure ? A+
  2. syntax
    Bonsoir je suis nouveau venu sur le forum. J'ai besoin de votre aide car j'ai été infecté par le cheval de troie "hacktool rootkit". C'est le fichier C:\WINDOWS\system32\drivers\BDGuard.SYS qui a été infecté. J'ai essayé plusieurs choses comme Killbox, mais sans succès. J'ai Norton comme antivirus. Suivant votre procédure, j'ai analysé mon disque avec Antivir puis HijackThis. Antivir dit m'avoir supprimé (deleted) le fichier infecté mais je le retrouve encore sur mon PC. Voici le rapport du scanning Antivir, celui d'HijackThis suivra après dans ce mail : Report file date: vendredi 28 avril 2006 17:49 Jobname: 'Manual Selection' Scanning for 369564 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 1) [5.1.2600] Username: Propriétaire Computer name: HPATHLON3000 Version informations: AVSCAN.EXE : 7.0.0.30 536616 21/03/2006 13:48:28 AVSCAN.DLL : 7.0.0.30 40488 21/03/2006 13:48:28 LUKE.DLL : 7.0.0.30 114728 21/03/2006 13:48:28 LUKERES.DLL : 7.0.0.30 25600 21/03/2006 13:48:28 ANTIVIR0.VDF : 6.32.0.60 4323840 27/03/2006 09:11:45 ANTIVIR1.VDF : 6.34.0.209 1930240 28/04/2006 09:00:48 ANTIVIR2.VDF : 6.34.1.1 89600 28/04/2006 09:00:48 ANTIVIR3.VDF : 6.34.1.20 29184 28/04/2006 09:00:48 AVEWIN32.DLL : 7.0.0.8 1171968 28/04/2006 09:00:48 AVPREF.DLL : 6.34.0.0 38440 18/01/2006 12:06:00 AVREP.DLL : 6.34.1.20 2371624 28/04/2006 09:00:48 AVPACK32.DLL : 7.0.0.4 335912 28/04/2006 09:00:48 AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:49 NETNW.DLL : 6.32.0.0 9768 27/09/2005 07:56:49 Start of the scan: vendredi 28 avril 2006 17:49 Start scanning boot sectors: Boot sector 'C:' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 42 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\!KillBox\BDGuard.SYS [DETECTION] Is the Trojan horse TR/RKit.Agent.BO [iNFO] The file was deleted! C:\!KillBox\BDGuard.SYS( 1) [DETECTION] Is the Trojan horse TR/RKit.Agent.BO [iNFO] The file was deleted! C:\!KillBox\BDGuard.SYS( 2) [DETECTION] Is the Trojan horse TR/RKit.Agent.BO [iNFO] The file was deleted! C:\Documents and Settings\Propriétaire\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\Propriétaire\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Program Files\Free.fr\Dialer\Dialer.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was moved to '44b3400f.qua'! C:\Program Files\Norton AntiVirus\Quarantine\000E244A [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 C:\Program Files\Norton AntiVirus\Quarantine\02115FE2 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 C:\Program Files\Norton AntiVirus\Quarantine\03187B0D [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 C:\Program Files\Norton AntiVirus\Quarantine\04F703B7 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 C:\Program Files\Norton AntiVirus\Quarantine\05947651 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 C:\Program Files\Norton AntiVirus\Quarantine\0638240A [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 C:\Program Files\Norton AntiVirus\Quarantine\06CD632C [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 C:\Program Files\Norton AntiVirus\Quarantine\07A759ED [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 C:\Program Files\Norton AntiVirus\Quarantine\07CE51C1 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 C:\Program Files\Norton AntiVirus\Quarantine\0A3A4F86 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 C:\Program Files\Norton AntiVirus\Quarantine\0B0F7A93 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\0CDD2D34 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\10BA09F3 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\10F23711 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\11931D17 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\129E7197 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\12C6696C [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\14BA3D00 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\14C864F1 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\15E90945 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\176B6F03 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\178C12DF [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\192C2CAA [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\1B804338 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\1DE407B1 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\1F4715A0 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\1F616583 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\1FFF786F [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\20B64696 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\20DA146F [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\20F13A56 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\26FD30F3 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\27080783 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\27B10EC8 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was deleted! C:\Program Files\Norton AntiVirus\Quarantine\27CF08A8 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44954343.qua'! C:\Program Files\Norton AntiVirus\Quarantine\280F3ED3 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44824347.qua'! C:\Program Files\Norton AntiVirus\Quarantine\298A461A [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448a434a.qua'! C:\Program Files\Norton AntiVirus\Quarantine\29D835C4 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '4496434d.qua'! C:\Program Files\Norton AntiVirus\Quarantine\29EA1DAE [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44974350.qua'! C:\Program Files\Norton AntiVirus\Quarantine\2A002AF8 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '4482435a.qua'! C:\Program Files\Norton AntiVirus\Quarantine\2BA27637 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '4493435d.qua'! C:\Program Files\Norton AntiVirus\Quarantine\30D7653D [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '46d73c3e.qua'! C:\Program Files\Norton AntiVirus\Quarantine\348D6272 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448a4354.qua'! C:\Program Files\Norton AntiVirus\Quarantine\364F4EC4 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44864358.qua'! C:\Program Files\Norton AntiVirus\Quarantine\36C363BB [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '4495435b.qua'! C:\Program Files\Norton AntiVirus\Quarantine\396C61B2 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44884360.qua'! C:\Program Files\Norton AntiVirus\Quarantine\3B741B0A [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '4489436c.qua'! C:\Program Files\Norton AntiVirus\Quarantine\3BCC08A9 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '4495436f.qua'! C:\Program Files\Norton AntiVirus\Quarantine\3D3D3A05 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44854374.qua'! C:\Program Files\Norton AntiVirus\Quarantine\3D7478B6 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44894378.qua'! C:\Program Files\Norton AntiVirus\Quarantine\3D8F53AB [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448a437c.qua'! C:\Program Files\Norton AntiVirus\Quarantine\3DA04321 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '4493437f.qua'! C:\Program Files\Norton AntiVirus\Quarantine\3DDB5EEB [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44964382.qua'! C:\Program Files\Norton AntiVirus\Quarantine\3DE55CE1 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44974385.qua'! C:\Program Files\Norton AntiVirus\Quarantine\3DEB30D9 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44974387.qua'! C:\Program Files\Norton AntiVirus\Quarantine\3E1B6111 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '4483438a.qua'! C:\Program Files\Norton AntiVirus\Quarantine\415F5D79 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44874379.qua'! C:\Program Files\Norton AntiVirus\Quarantine\42117224 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '4483437d.qua'! C:\Program Files\Norton AntiVirus\Quarantine\425239DC [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '4487437f.qua'! C:\Program Files\Norton AntiVirus\Quarantine\42E356BB [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44974382.qua'! C:\Program Files\Norton AntiVirus\Quarantine\42FD29FC [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44984384.qua'! C:\Program Files\Norton AntiVirus\Quarantine\432F352D [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44844388.qua'! C:\Program Files\Norton AntiVirus\Quarantine\4657631D [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '4487438e.qua'! C:\Program Files\Norton AntiVirus\Quarantine\46624179 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44884391.qua'! C:\Program Files\Norton AntiVirus\Quarantine\46681571 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44884394.qua'! C:\Program Files\Norton AntiVirus\Quarantine\466A5F08 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44884396.qua'! C:\Program Files\Norton AntiVirus\Quarantine\466B3F6E [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44884399.qua'! C:\Program Files\Norton AntiVirus\Quarantine\46713300 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '4489439c.qua'! C:\Program Files\Norton AntiVirus\Quarantine\46745CFD [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '4489439f.qua'! C:\Program Files\Norton AntiVirus\Quarantine\47057C51 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448243a2.qua'! C:\Program Files\Norton AntiVirus\Quarantine\47644AB5 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448843a5.qua'! C:\Program Files\Norton AntiVirus\Quarantine\48B05715 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '449443a8.qua'! C:\Program Files\Norton AntiVirus\Quarantine\496E6FD8 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448843ac.qua'! C:\Program Files\Norton AntiVirus\Quarantine\4B1321B8 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448343b8.qua'! C:\Program Files\Norton AntiVirus\Quarantine\4B376F90 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448543bb.qua'! C:\Program Files\Norton AntiVirus\Quarantine\4CD91441 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '449643bf.qua'! C:\Program Files\Norton AntiVirus\Quarantine\53BE1BB7 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '449443b2.qua'! C:\Program Files\Norton AntiVirus\Quarantine\53D96B9A [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '449643b4.qua'! C:\Program Files\Norton AntiVirus\Quarantine\54C60A29 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '449543b7.qua'! C:\Program Files\Norton AntiVirus\Quarantine\5632210D [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448543bc.qua'! C:\Program Files\Norton AntiVirus\Quarantine\59DB6F3F [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '449643c1.qua'! C:\Program Files\Norton AntiVirus\Quarantine\5A8C275F [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448a43cc.qua'! C:\Program Files\Norton AntiVirus\Quarantine\60916F47 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448b43bd.qua'! C:\Program Files\Norton AntiVirus\Quarantine\61AE73CD [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '449343c1.qua'! C:\Program Files\Norton AntiVirus\Quarantine\61D241A5 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '449643c3.qua'! C:\Program Files\Norton AntiVirus\Quarantine\62556B6C [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448743c7.qua'! C:\Program Files\Norton AntiVirus\Quarantine\648D77EE [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448a43cd.qua'! C:\Program Files\Norton AntiVirus\Quarantine\64CD19EB [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '449543d0.qua'! C:\Program Files\Norton AntiVirus\Quarantine\67E201FF [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '449743d5.qua'! C:\Program Files\Norton AntiVirus\Quarantine\681B2B41 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448343d9.qua'! C:\Program Files\Norton AntiVirus\Quarantine\691E2EE8 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448343dc.qua'! C:\Program Files\Norton AntiVirus\Quarantine\696D43FB [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448843df.qua'! C:\Program Files\Norton AntiVirus\Quarantine\698D67D7 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448a43e3.qua'! C:\Program Files\Norton AntiVirus\Quarantine\69A40DBE [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '449343e6.qua'! C:\Program Files\Norton AntiVirus\Quarantine\69C5319A [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '449543e9.qua'! C:\Program Files\Norton AntiVirus\Quarantine\6B67250D [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44884414.qua'! C:\Program Files\Norton AntiVirus\Quarantine\6B8B72E6 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448a4416.qua'! C:\Program Files\Norton AntiVirus\Quarantine\6F827488 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '448a441d.qua'! C:\Program Files\Norton AntiVirus\Quarantine\70BF7C1C [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44944409.qua'! C:\Program Files\Norton AntiVirus\Quarantine\70D62202 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '4496440d.qua'! C:\Program Files\Norton AntiVirus\Quarantine\71B24AA1 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44944412.qua'! C:\Program Files\Norton AntiVirus\Quarantine\71CC1A84 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44954416.qua'! C:\Program Files\Norton AntiVirus\Quarantine\77CF3CC7 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44954420.qua'! C:\Program Files\Norton AntiVirus\Quarantine\77D95898 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44964426.qua'! C:\Program Files\Norton AntiVirus\Quarantine\7A34278F [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44854464.qua'! C:\Program Files\Norton AntiVirus\Quarantine\7CBC09F5 [DETECTION] Contains signature of the worm WORM/NetSky.D.Dam2 [iNFO] The file was moved to '44944477.qua'! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\BDGuard.SYS [DETECTION] Is the Trojan horse TR/RKit.Agent.BO [iNFO] The file was deleted! End of the scan: vendredi 28 avril 2006 18:53 Used time: 1:03:48 min The scan has been done completely. 3564 Scanning directories 341871 Files were scanned 111 viruses and/or unwanted programs was found 28 files were deleted 0 files were repaired 73 files were moved to quarantine 0 files were renamed 13095 Archives were scanned 41 Warnings 0 Notes Et voici maintenant le rapport d'hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 19:35:21, on 28/04/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton Personal Firewall\NISUM.EXE c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Norton Personal Firewall\ccPxySvc.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE c:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ixquick.com/fra/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr10.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: °Ù¶È³¬¼¶ËÑ°Ô - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: °Ù¶È--MP3ËÑË÷ - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM O8 - Extra context menu item: °Ù¶È--´ÊµäËÑË÷ - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM O8 - Extra context menu item: °Ù¶È--¸è´ÊËÑË÷ - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM O8 - Extra context menu item: °Ù¶È--Ìù°ÉËÑË÷ - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM O8 - Extra context menu item: °Ù¶È--ͼƬËÑË÷ - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM O8 - Extra context menu item: °Ù¶È--ÍøÒ³ËÑË÷ - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM O8 - Extra context menu item: °Ù¶È--ÐÂÎÅËÑË÷ - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {062F8D88-F204-11D8-ADFD-00062919A34C} (TelechargementPhS.ActiveXPhS) - http://www.monphotoservice.com/activeX/TelechargementPhS.CAB O16 - DPF: {40576C8E-093B-11D6-A73D-004005A6F551} (HttploadDlg Class) - http://download.oreka.com/httpload_cab/020220/httpload.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28c1f8c1721bbc...RdxIE601_fr.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe Merci d'avance
×
×
  • Créer...