Virus firstadsolution - help

lagazelle · Juin 18, 2006, 3:54

Passe un coup de ewido et poste nous le rapport, ensuite repost un log hijackthis, pour voir si les lignes sont toujours présentes.

lisou_29 · Juin 18, 2006, 6:17

ewido anti-malware - Rapport de scan

Créé le: 17:48:47, 18/06/2006
Somme de contrôle: 430AFC8F
Résultats du scan:

C:\Documents and Settings\Eliz’\Cookies\eliz’@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\Eliz’\Cookies\eliz’@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Eliz’\Cookies\eliz’@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Eliz’\Cookies\eliz’@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
C:\Documents and Settings\Eliz’\Cookies\eliz’@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder

::Fin du rapport

lisou_29 · Juin 18, 2006, 6:17

Logfile of HijackThis v1.99.1
Scan saved at 18:17:29, on 18/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
D:\Trend Micro\Internet security\tmproxy.exe
D:\Trend Micro\Internet security\PccPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\fxredir.exe
D:\Trend Micro\Internet security\TMOAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Trend Micro\Internet security\pccguide.exe
D:\Trend Micro\Internet security\PCClient.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Trend Micro\Internet security\Tmntsrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eliz’\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\…\Run: [VTTimer] VTTimer.exe
O4 - HKLM\…\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\…\Run: [TM Outbreak Agent] “D:\Trend Micro\Internet security\TMOAgent.exe” /run
O4 - HKLM\…\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\…\Run: [pccguide.exe] “D:\Trend Micro\Internet security\pccguide.exe”
O4 - HKLM\…\Run: [PCClient.exe] “D:\Trend Micro\Internet security\PCClient.exe”
O4 - HKLM\…\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe I
O4 - HKLM\…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\…\Run: [first the] C:\DOCUME~1\Eliz’\APPLIC~1\Shimeq\Morewindowdvd.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\…\{680FE91D-2A4F-43DE-B175-EDCF02255F06}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O18 - Protocol: offline-8876480 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - D:\Trend Micro\Internet security\PccPfw.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - D:\Trend Micro\Internet security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - D:\Trend Micro\Internet security\tmproxy.exe

lagazelle · Juin 18, 2006, 6:45

supprime les lignes suivantes:

O4 - HKCU\…\Run: [first the] C:\DOCUME~1\Eliz’\APPLIC~1\Shimeq\Morewindowdvd.exe

puis vérifie qu’elle a bien disparu
supprime ensuite le dossier
C:\DOCUME~1\Eliz’\APPLIC~1\Shimeq\

lisou_29 · Juin 18, 2006, 8:32

je ne peux pas supprimer ce dossier a cause de lapplication morewindowdvd.exe ki sy trouve… g pu supprimer tout le reste

lisou_29 · Juin 19, 2006, 11:14

c bon g reussi! probleme resolu!
merci