Trojan horse

yoyoazer Messages postés 37 Statut Membre -  
dragon592004 Messages postés 49 Statut Membre -
svp aider moi pour se probleme

19 réponses

  1. regis59
     
    Demandé ainsi, je crois que tu as de nombreuses chances d avoir des reponses !!
    0
  2. yoyoazer Messages postés 37 Statut Membre 2
     
    commen je peut réparé ce probléme et merci d'avance
    0
  3. regis59
     
    salut,
    tu es peut etre timide ou tu es peut etre lent a taper mais ne crois tu pas que si tu nous exposer un peu plus ton probleme, nos recherches seront plus ciblées , ce qui permettrait de resoudre ton probleme rapidement et efficacement non?

    si tu veux je t aide !!
    Quel systeme d exploitation?
    As tu un pare feu?
    as tu spybot et/ou ad aware?
    Quel est ton anti virus?
    qui te signale ce trojan?

    Voila je t ai orienté maintenant repond moi a ceci

    Merci, bon courage
    0
  4. yoyoazer Messages postés 37 Statut Membre 2
     
    1-xp
    2-norton antivirus
    3-
    nom de l'objet c\windows\systeme32\nfip.exe
    nom deu virus trojan horse
    action effectuée impossible de réparer ce fichier
    j'est appuyer ok

    nom de l'objet c\windows\systeme32\nfip.exe
    nom deu virus trojan horse
    action effectuée l'accès au fichier a été refusé
    ok

    nom de l'objet c\windows\appgz.exe
    nom deu virus trojan horse
    action effectuée impossible de réparer ce fichier
    ok
    nom de l'objet c\windows\appgz.exe
    nom deu virus trojan horse
    action effectuée l'accès au fichier a été refusé
    ok
    4- pas spybot et je ne sait c'est qoui pare feu,
    dernere analyse

    Incident Status Location

    Adware:Adware/MyWebSearch No disinfected C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll
    Adware:Adware/MyWebSearch No disinfected C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    Adware:Adware/FunWeb No disinfected C:\Program Files\MSN Messenger\RICHED20.dll
    Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    Adware:Adware/MyWebSearch No disinfected C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    Adware:Adware/SaveNow No disinfected Windows Registry
    Adware:Adware/Gator No disinfected C:\Program Files\Fichiers communs\CMEII
    Adware:Adware/nCase No disinfected C:\Temp\FLEOK
    Spyware:Spyware/Dyfuca No disinfected Windows Registry
    Spyware:Spyware/ISTbar No disinfected C:\Program Files\ISTbar
    Adware:Adware/PowerScan No disinfected Windows Registry
    Adware:Adware/SAHAgent No disinfected C:\DOCUME~1\AZAHAQ\LOCALS~1\Temp\SAHUpdate
    Adware:Adware/CWS No disinfected C:\Documents and Settings\AZAHAQ\Favoris\Fun & Games\Betting.lnk
    Adware:Adware/BHO No disinfected Windows Registry
    Adware:Adware/Apropos No disinfected C:\DOCUME~1\AZAHAQ\LOCALS~1\Temp\cfout.txt
    Adware:Adware/SearchAid No disinfected Windows Registry
    Adware:Adware/SideFind No disinfected C:\Program Files\SideFind
    Adware:Adware/NavHelper No disinfected Windows Registry
    Adware:Adware/Comet No disinfected C:\Program Files\Comet
    Adware:Adware/Alexa-Toolbar No disinfected C:\Program Files\Alexa Toolbar
    Adware:Adware/WUpd No disinfected C:\Program Files\Media Access
    Spyware:Spyware/YourSiteBar No disinfected Windows Registry
    Spyware:Spyware/Petro-Line No disinfected C:\WINDOWS\Downloaded Program Files\inst2.dll
    Adware:Adware/CWS.Aboutblank No disinfected Windows Registry
    Virus:Trj/Lowzones.BV Disinfected C:\Documents and Settings\AZAHAQ\Application Data\sgrunt\disinstalla.htm
    Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\AZAHAQ\Local Settings\Temp\SahUpdate\aj8sml3fo_.exe
    Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\AZAHAQ\Local Settings\Temp\SahUpdate\h63v2629j_.exe
    Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\AZAHAQ\Local Settings\Temp\SahUpdate\lcp4q80t9_.dll
    Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\AZAHAQ\Local Settings\Temp\SahUpdate\setup4003.cab[lcp4q80t9_.dll]
    Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\AZAHAQ\Local Settings\Temp\SahUpdate\setup4003.cab[aj8sml3fo_.exe]
    Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\AZAHAQ\Local Settings\Temp\SahUpdate\setup4003.cab[uu1en13ec_.exe]
    Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\AZAHAQ\Local Settings\Temp\SahUpdate\setup4003.cab[h63v2629j_.exe]
    Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\AZAHAQ\Local Settings\Temp\SahUpdate\uu1en13ec_.exe
    Adware:Adware/Comet No disinfected C:\Program Files\Comet\Update\supdate.cab[comutil.dll]
    Adware:Adware/Comet No disinfected C:\Program Files\Comet\Update\supdate.cab[csadzap.dll]
    Adware:Adware/Comet No disinfected C:\Program Files\Comet\Update\supdate.cab[csinst.dll]
    Adware:Adware/Comet No disinfected C:\Program Files\Comet\Update\supdate.cab[cstray.exe]
    Adware:Adware/Sqwire No disinfected C:\Program Files\common files\romw\romwd\romwc.dll
    Adware:Adware/Gator No disinfected C:\Program Files\DashBar\DbAu.exe
    Adware:Adware/Gator No disinfected C:\Program Files\DashBar\DBUninstaller.exe
    Adware:Adware/Gator No disinfected C:\Program Files\Fichiers communs\CMEII\CMEIIAPI.dll
    Adware:Adware/Gator No disinfected C:\Program Files\Fichiers communs\CMEII\GIocl.dll
    Adware:Adware/Gator No disinfected C:\Program Files\Fichiers communs\CMEII\GIoclClient.dll
    Adware:Adware/Gator No disinfected C:\Program Files\Fichiers communs\CMEII\GObjs.dll
    Adware:Adware/Gator No disinfected C:\Program Files\Fichiers communs\CMEII\GStore.dll
    Adware:Adware/Gator No disinfected C:\Program Files\Fichiers communs\CMEII\GStoreServer.dll
    Adware:Adware/Gator No disinfected C:\Program Files\Fichiers communs\GMT\DashBar.dll
    Adware:Adware/Gator No disinfected C:\Program Files\Fichiers communs\GMT\gtrawbm.fil
    Adware:Adware/Gator No disinfected C:\Program Files\Fichiers communs\jplelall\hraarthn\ndlbbtlt.exe
    Adware:Adware/Gator No disinfected C:\Program Files\Fichiers communs\jplelall\jjfatlcjda\eblpbhjcr.exe
    Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccC.dll
    Adware:Adware/FunWeb No disinfected C:\Program Files\MSN Messenger\riched20.dll
    Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    Adware:Adware/SideFind No disinfected C:\Program Files\SideFind\sfbho.dll
    Adware:Adware/Gator No disinfected C:\Program Files\WebSecureAlert\WebSecureAlert.exe
    Adware:Adware/Gator No disinfected C:\Program Files\WebSecureAlert\WSAHelper.dll
    Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
    Spyware:Spyware/Petro-Line No disinfected C:\WINDOWS\Downloaded Program Files\inst2.dll
    Spyware:Spyware/Petro-Line No disinfected C:\WINDOWS\Downloaded Program Files\inst2.inf
    Adware:Adware/123Messenger No disinfected C:\WINDOWS\Downloaded Program Files\msa64chk.inf
    Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\Downloaded Program Files\UniDist.inf
    Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\2b3fsk0h.dll
    Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\bln02nqv.exe
    Adware:Adware/FunWeb No disinfected C:\WINDOWS\system32\f3PSSavr.scr
    Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\tsuninst.exe
    Adware:Adware/EasySearch No disinfected C:\WINDOWS\wdzhv.dll
    Adware:Adware/Trymedia No disinfected F:\logiciel téléchargé\HongKong_Mahjong1024-dm.exe
    Adware:Adware/Trymedia No disinfected F:\logiciel téléchargé\Bej2Setup_TryGames-dm.exe
    Adware:Adware/Trymedia No disinfected F:\logiciel téléchargé\Hitman2SilentAssassinSetup-dm.exe
    Adware:Adware/Trymedia No disinfected F:\logiciel téléchargé\WormsFortsSetup-dm.exe
    Adware:Adware/Trymedia No disinfected F:\logiciel téléchargé\Nouveau dossier\WildfireSetup-dm 1.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. yoyoazer Messages postés 37 Statut Membre 2
     
    j'attend votre aide svp et merci bien
    0
  7. regis59
     
    ok, difficile de te suivre dans tes propos , normal?

    alors fais cela deja:
    lance un scan chez RAV :
    http://www.ravantivirus.com/scan/

    Clique sur "To continue without subscribing click here" et attends quelques minutes.
    Lorsque "Ready" est affiché dans "status", coche la case "Autoclean" puis clique sur "Scan my PC"
    A la fin de l'analyse, copie/colle le rapport ici
    0
  8. Troell Messages postés 71 Date d'inscription   Statut Membre 6
     
    vide tes fichiers temps et tempory internet file sur tous les utilisateur
    utilise ceci pour le faire
    http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
    -------------
    installe ca, met a jour et scan tous ce qu il trouve:

    Ad-Aware :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html

    Le patch en Français pour Ad-Aware :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html

    Spybot :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html

    --------------------------------------------------------------------------
    lance un scan chez RAV :
    http://www.ravantivirus.com/scan/

    Clique sur "To continue without subscribing click here" et attends quelques minutes.
    Lorsque "Ready" est affiché dans "status", coche la case "Autoclean" puis clique sur "Scan my PC"
    A la fin de l'analyse, copie/colle le rapport ici

    telecharge hijackthis:
    http://www.merijn.org/files/hijackthis.zip
    Dezippe le dans un dossier prévu a cet effet.
    Par exemple C:\hijackthis
    lance le puis:
    clic sur "do a system scan and save logfile" et pas autre chose
    fais un copier coller du log entier ici

    Troell
    0
  9. yoyoazer
     
    Scan started at 04/19/2005 17:25:01

    Scanning memory...
    Scanning boot sectors...
    Scanning files...
    C:\WINDOWS\Adulti.exe - Trojan:Win32/Dialer.B -> Infected
    C:\WINDOWS\DirectX.log->ADS:tvwkae - TrojanDownloader:Win32/WinShow.AK -> Suspicious
    C:\WINDOWS\jydng.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
    C:\WINDOWS\KB823559.log->ADS:eafwxa - TrojanDownloader:Win32/WinShow.AK -> Suspicious
    C:\WINDOWS\KB842773.log->ADS:hifytv - TrojanDownloader:Win32/WinShow.AK -> Suspicious
    C:\WINDOWS\lhoyh.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
    C:\WINDOWS\Q811630.log->ADS:nwbpjw - TrojanDownloader:Win32/WinShow.AK -> Suspicious
    C:\WINDOWS\wdzhv.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
    C:\WINDOWS\_default.pif->ADS:cjgtwk - TrojanDownloader:Win32/WinShow.AK -> Suspicious
    C:\WINDOWS\system32\gigay.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
    C:\WINDOWS\system32\kyqwx.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

    Scanned
    ============================
    Objects: 35474
    Directories: 4635
    Archives: 935
    Size(Kb): -1653965
    Infected files: 1

    Found
    ============================
    Viruses found: 1
    Suspicious files: 10
    Disinfected files: 0
    Mail files: 95
    0
  10. yoyoazer Messages postés 37 Statut Membre 2
     
    voila l analyse que direr vous et merci d'avance svp
    0
  11. yoyoazer Messages postés 37 Statut Membre 2
     
    Logfile of HijackThis v1.99.1
    Scan saved at 18:02:14, on 04/19/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\PROGRA~1\NORTON~2\NORTON~3\GHOSTS~2.EXE
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\System32\locator.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Documents and Settings\AZAHAQ\Application Data\sgrunt\IE4321.exe
    C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
    C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbWeatherOnTray.exe
    C:\windows\system32\iutjqcknd.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\syslm32.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Fichiers communs\GMT\GMT.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\RECYCLER\NPROTECT\00004699.EXE
    C:\RECYCLER\NPROTECT\00004699.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\AZAHAQ\LOCALS~1\Temp\Rar$EX03.078\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qowyy.dll/sp.html#45635
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qowyy.dll/sp.html#45635
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qowyy.dll/sp.html#45635
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qowyy.dll/sp.html#45635
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qowyy.dll/sp.html#45635
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qowyy.dll/sp.html#45635
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qowyy.dll/sp.html#45635
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O2 - BHO: (no name) - {C8F47880-52EF-4AA6-8D33-E43E9369AC13} - C:\WINDOWS\system32\iewy.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\AZAHAQ\Application Data\sgrunt\IE4321.exe
    O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
    O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /démarrage /planificateur
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbWeatherOnTray.exe
    O4 - HKLM\..\Run: [Media Server] C:\Documents and Settings\AZAHAQ\Local Settings\Temp\RarSFX0\Media Jukebox\Media Server.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [iutjqcknd] c:\windows\system32\iutjqcknd.exe -start
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SpySpotter] C:\Program Files\SpySpotter\SpySpotter.exe
    O4 - HKLM\..\Run: [syslm32.exe] C:\WINDOWS\system32\syslm32.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\RunOnce: [crxs.exe] C:\WINDOWS\crxs.exe
    O4 - HKLM\..\RunOnce: [d3ct.exe] C:\WINDOWS\d3ct.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [romw] C:\PROGRA~1\COMMON~1\romw\romwm.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Ted] C:\Program Files\Track Eraser Deluxe\ted.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Startup: RegFreeze.lnk = C:\Program Files\RegFreeze\regfreeze.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: MP3Chansons - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\MP3Chansons (file missing)
    O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O15 - Trusted Zone: www.master69.biz
    O15 - Trusted Zone: www.sgrunt.biz
    O15 - Trusted Zone: www.xbeta69.com
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
    O16 - DPF: Interface Chat Voila - http://chat14.x-echo.com/version5/Applet/vchatsign.cab
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {00000000-0000-0000-0000-000020050000} - http://212.239.40.73/cla/sms.exe
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
    O16 - DPF: {08C818C3-2F1E-11D0-9223-00A0244D2920} (ChartFX IE Client Object) - http://www.finaccess.co.ma/download/cfxax.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c18.cab
    O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/a054f6ce/enter.cab
    O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_FR_XP.cab
    O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/2/fr/SysWebTelecomInt.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111112517264
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://69.93.148.2:1995/talk.cab
    O16 - DPF: {6B78B13A-6E99-4588-8EAB-C2399B202022} (iVocalize Web Conference 4 Setup) - http://www.aviamost.com/entrance/iv4.cab
    O16 - DPF: {869518C3-FBA5-4D75-8A14-7047437E9498} (Jacques Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Bernadette.cab
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {A7A9CFBE-98E6-4C37-BEC6-B060597B7831} (iVocalize Internet Conference 4 Setup) - http://www.aviamost.com/entrance/ivsetup4.cab
    O16 - DPF: {AFCF364F-F730-4B1E-B2D5-80F9172FBC44} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1039_FR_XP.cab
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://centra.englishtown.com/main/Install/en/US/CentraDownloader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1058_XP.cab
    O16 - DPF: {C1C3CC42-F029-49A2-91C2-C043DFAE3C96} (Samson Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Dalila.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
    O16 - DPF: {D9CA5D65-52BE-4790-BEA3-F3E2F5A76B02} - http://62.97.81.200/dll/clickweb.cab
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/604067.exe
    O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/cab/14/fr/SysWebTelecomInt.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.sgrunt.biz/closer/close.exe
    O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\d3ai.exe (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\GHOSTS~2.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    0
  12. yoyoazer Messages postés 37 Statut Membre 2
     
    merci et j'attend votre réponse car je suis vraiment déranger par ce virus
    0
  13. regis59
     
    salut,

    supprime ce qui est en gras !
    C:\WINDOWS\Adulti.exe
    C:\WINDOWS\DirectX.log
    C:\WINDOWS\jydng.dll
    C:\WINDOWS\KB823559.log
    C:\WINDOWS\KB842773.log
    C:\WINDOWS\lhoyh.dll
    C:\WINDOWS\Q811630.log
    C:\WINDOWS\wdzhv.dll
    C:\WINDOWS\_default.pif
    C:\WINDOWS\system32\gigay.dll
    C:\WINDOWS\system32\kyqwx.dll

    ensuite passe ad aware + spybot; refais un scan avec RAV pour verif

    a++
    0
  14. yoyoazer Messages postés 37 Statut Membre 2
     
    ensuite passe ad aware + spybot; comment ca je n'est pas compris
    j'ai instaler Spybot - Search & Destroy il na pas terminer la reparation il me demande
    l'application ou la DLLC:\WINDOWS\Systeme32\msegcompicl.dll n'est pas une image windows valide .vérifie a l'aide de votre disquete d'instalation et merci d'avance
    0
  15. yoyoazer Messages postés 37 Statut Membre 2
     
    regis59 merci de ton aide mais ce probleme est tjs la
    maitenant ja fait l'analyse je l'envois dés qui'elle se términe
    0
  16. yoyoazer Messages postés 37 Statut Membre 2
     
    Scan started at 04/19/2005 22:09:20

    Scanning memory...
    Scanning boot sectors...
    Scanning files...
    C:\Documents and Settings\AZAHAQ\Local Settings\Temporary Internet Files\Content.IE5\O9EVCPMN\closer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected

    Scanned
    ============================
    Objects: 34599
    Directories: 3028
    Archives: 1276
    Size(Kb): -590873
    Infected files: 1

    Found
    ============================
    Viruses found: 1
    Suspicious files: 0
    Disinfected files: 0
    Mail files: 98
    0
  17. regis59
     
    re,
    vide tes fichiers temps et tempory internet file sur tous les utilisateur
    utilise ceci pour le faire
    http://pageperso.aol.fr/Balltrap34/CleanUp312.exe

    ensuite fais le manuellement:
    tu vas dans outil internet et clik sur supprimer cookies+fichiers temp+historique !

    et refais scan immediat !
    0
  18. yoyoazer Messages postés 37 Statut Membre 2
     
    d'accord et merci
    0
  19. yoyoazer Messages postés 37 Statut Membre 2
     
    Scanned
    ============================
    Objects: 34599
    Directories: 3028
    Archives: 1276
    Size(Kb): -590873
    Infected files: 0

    Found
    ============================
    Viruses found: 0
    Suspicious files: 0
    Disinfected files: 0
    Mail files: 97
    0
  20. yoyoazer Messages postés 37 Statut Membre 2
     
    mai le probleme il est tjs merci
    0
    1. dragon592004 Messages postés 49 Statut Membre 1
       
      salut yoyoazer faite comme regis59 vous la dit
      supprime ce qui est en gras !
      C:\WINDOWS\Adulti.exe
      C:\WINDOWS\DirectX.log
      C:\WINDOWS\jydng.dll
      C:\WINDOWS\KB823559.log
      C:\WINDOWS\KB842773.log
      C:\WINDOWS\lhoyh.dll
      C:\WINDOWS\Q811630.log
      C:\WINDOWS\wdzhv.dll
      C:\WINDOWS\_default.pif
      C:\WINDOWS\system32\gigay.dll
      C:\WINDOWS\system32\kyqwx.dll

      ensuite passe ad aware + spybot; refais un scan avec RAV pour verif deconnecte vous d'internet
      le tranjan horse sais un cheval de Troie téléchargeur de fichier (trojan horse downloader). éssayer aussi en mode sans echec
      0