virus Bloodhound.W32.EP

Le
XpressX
je suis infecter par le
virus Bloodhound.W32.EP



que doige supprimer

voici mon rapport Merci



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:08:21, on 19/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
C:Program FilesFichiers communsSymantec SharedccProxy.exe
C:Program FilesFichiers communsSymantec
SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
C:Program FilesFichiers communsSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesFichiers communsSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:Program FilesFichiers communsMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesNorton Internet SecurityNorton AntiVirusavapsvc.exe
C:WINDOWSsystem32vsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32RunDLL32.exe
C:Program FilesFichiers communsSymantec SharedccApp.exe
C:WINDOWSsystem32ctfmon.exe
C:Program
FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:Program FilesDAEMON Toolsdaemon.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesScanWizard 5ScannerFinder.exe
C:Program FilesWindows Desktop SearchWindowsSearch.exe
C:WINDOWSsystem32IcoSauve.exe
C:Program FilesXfirexfire.exe
C:Program FilesWindows Desktop SearchWindowsSearchIndexer.exe
C:Program FilesFichiers communsLogitechkhalsharedKHALMNPR.EXE
C:Program FilesFichiers communsSymantec SharedSecurity
ConsoleNSCSRVCE.EXE
C:Program FilesMSN Messengerusnsvc.exe
C:PROGRA~1NORTON~1NORTON~1avw32.exe
C:Program FilesWindows Desktop SearchWindowsSearchFilter.exe
C:Program FilesMicrosoft ActiveSyncWcescomm.exe
C:PROGRA~1MI3AA1~1apimgr.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesLavasoftAd-Aware SE ProfessionalAd-Aware.exe
C:PROGRA~1LavasoftAD-AWA~1Ad-Watch.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesFichiers communsMicrosoft SharedWindows
LiveWLLoginProxy.exe
C:Documents and SettingspascalLocal SettingsTemporary Internet
FilesContent.IE5NESE7ECKHiJackThis_v2[1].exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://www.google.fr/ie
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://www.google.fr
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.windowsxlive.net
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkIdi157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkIdT896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkIdT896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.windowsxlive.net
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
http://www.google.fr/ie
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) =
http://www.google.fr/search?q=%s
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program
FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -
C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} -
C:Program FilesWindows Desktop SearchdsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:Program FilesJavajre1.6.0binssv.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesFichiers
communsMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program
FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program
filesgooglegoogletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program
FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Norton Internet Security 2006 -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} -
C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..RunOnce: [nltide1] cmd.exe /C move /Y
"%SystemRoot%System32syssetub.dll" "%SystemRoot%System32syssetup.dll"
(User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..RunOnce: [nltide2] cmd.exe /C rundll32
advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..RunOnce: [nltide1] cmd.exe /C move /Y
"%SystemRoot%System32syssetub.dll" "%SystemRoot%System32syssetup.dll"
(User 'SERVICE RÉSEAU')
O4 - Startup: IcoSauve.lnk = C:WINDOWSsystem32IcoSauve.exe
O4 - Startup: Xfire.lnk = C:Program FilesXfirexfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Scanner Finder.lnk = C:Program FilesScanWizard
5ScannerFinder.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:Program FilesWindows
Desktop SearchWindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.6.0binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.6.0binssv.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network
Diagnosticxpnetdiag.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
C:Program FilesYahoo!Commonyinsthelper.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) -
Symantec Corporation - C:Program FilesNorton Internet
SecurityccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
owner - C:Program FilesFichiers communsSymantec SharedccSvcHst.exe (file
missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:Program
FilesNorton Internet SecuritycomHost.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique
(dmadmin) - Unknown owner - C:WINDOWSSystem32dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner -
C:WINDOWSsystem32services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program
FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown
owner - C:WINDOWSsystem32imapi.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown
owner - C:Program FilesFichiers communsSymantec SharedccSvcHst.exe (file
missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program
FilesFichiers communsSymantec
SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown
owner - C:WINDOWSsystem32mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec
Corporation - C:Program FilesNorton Internet SecurityNorton
AntiVirusavapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSecurity
ConsoleNSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:WINDOWSsystem32vsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner -
C:WINDOWSsystem32services.exe
O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance
(RDSessMgr) - Unknown owner - C:WINDOWSsystem32sessmgr.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program
FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner -
C:WINDOWSSystem32SCardSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
Software - C:Program FilesAlcohol SoftAlcohol
120StarWindStarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program
FilesFichiers communsSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown
owner - C:WINDOWSsystem32smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner -
C:WINDOWSSystem32vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner -
C:WINDOWSsystem32wbemwmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media
(WMPNetworkSvc) - Unknown owner - C:Program FilesWindows Media
PlayerWMPNetwk.exe

--
End of file - 12481 bytes
Vidéos High-Tech et Jeu Vidéo
Téléchargements
Vos réponses
Gagnez chaque mois un abonnement Premium avec GNT : Inscrivez-vous !
Trier par : date / pertinence
f-11823
Le #1661328
"XpressX" 46275cef$0$25917$

Bonjour,


je suis infecter par le
virus Bloodhound.W32.EP



que doige supprimer


http://www.hijackthis.de/fr

'TTENTION analyse faite par robot, tu peux virer tous les fuzzy, ok?

reste a voir + tard

--
ber

f11bfv
Le #1661327
"XpressX" 46275cef$0$25917$
je suis infecter par le
virus Bloodhound.W32.EP



que doige supprimer


voir ici aussi, ouppsss !!

http://www.secuser.com/faq/virus/index.htm#bloodhound

Mihamina (R12y) Rakotomandimby
Le #1661326
f11bfv -
voir ici aussi, ouppsss !!


Tu peux _aussi_ faire un cancel ou un supersedes de ton post:
http://www.usenet-fr.net/fur/comp/usenet/annulation.html

f-11823
Le #1661325
"Mihamina (R12y) Rakotomandimby" dans le message de news: 1499121.

Tu peux _aussi_ faire un cancel ou un supersedes de ton post:
http://www.usenet-fr.net/fur/comp/usenet/annulation.html


oui, merci

Publicité
Poster une réponse
Anonyme