Probleme antivirus Gold !

Résolu/Fermé
seb028 Messages postés 1 Statut Membre -  
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
Bonjour,
je viens d'etre infecté par antivirus gold, avec le fond d'ecran noir et la croix blanche sur rond rouge qui me drige vers un lien ie antivirus gold.
Comment puis je le supprimer ?

Merci de vos reponses !

Seb
A voir également:

25 réponses

Précédent
  • 1
  • 2
Réponse 21 / 25
ness
 
salut nicolas,

pour que quelqu'un puisse t'aider il faut que tu fasses une demande sur le général en y joignant ton hijack !! on te donnera les marches à suivre très rapidement.

bonne continuation.
0
Réponse 22 / 25
paco
 
salut
comme l'indique ce topic moi aussi...
c'est un foutu problème, mais si vous pouviez m'aider cela me ferait une belle jambe, meri beaucoup!

voici mon hijack
Logfile of HijackThis v1.99.1
Scan saved at 17:10:42, on 30/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\apilo32.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINDOWS\system32\javaek32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\hookdump.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
E:\Programmes\Programmes\MyE\MyIE.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\P@cO\LOCALS~1\Temp\Rar$EX00.438\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0DF97C19-5FBD-BE15-697B-42AA2347B4A7} - C:\WINDOWS\system32\crke.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [MyIE.exe] E:\Programmes\Programmes\MyE\MyIE.exe
O4 - HKLM\..\Run: [javaek32.exe] C:\WINDOWS\system32\javaek32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C994899-0154-43A1-850B-E550BCC065E5}: NameServer = 212.27.32.5,213.228.0.168
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apilo32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
0
Réponse 23 / 25
Utilisateur anonyme
 
salut paco

met hijackthis dans un dossier que tu aura crée pour l'occasion, car sinon en cas de fausses manip impossible de revenir en arriere.
Pour l'instant il est dans :
C:\DOCUME~1\P@cO\LOCALS~1\Temp\Rar$EX00.438\HijackThis.exe

ensuite reposte un log

a+
0
Réponse 24 / 25
paco
 
bon voila
je l'ai mis dans un dossier sur le bureau et dans mes documents.
Je l'ai encore retélécherager pour pouvoir l'utiliser car je ne peux acceder a mes dossiers (chaque fois que je clique, une image blanche puis retour au bureau)

voila mon nouveau log:

Logfile of HijackThis v1.99.1
Scan saved at 17:28:25, on 30/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\apilo32.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINDOWS\system32\javaek32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\hookdump.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
E:\Programmes\Programmes\MyE\MyIE.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\P@cO\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0DF97C19-5FBD-BE15-697B-42AA2347B4A7} - C:\WINDOWS\system32\crke.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [MyIE.exe] E:\Programmes\Programmes\MyE\MyIE.exe
O4 - HKLM\..\Run: [javaek32.exe] C:\WINDOWS\system32\javaek32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C994899-0154-43A1-850B-E550BCC065E5}: NameServer = 212.27.32.5,213.228.0.168
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apilo32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 25
Utilisateur anonyme
 
salut

Télécharge ces logiciels et met les à jours(important):

aboutbuster:
http://www.malwarebytes.biz/index.php?page=downloads
Pour le mettre à jours:
clic sur "update"
puis clic sur "check for update"
Si une nouvelle version est disponible clic sur "downloaded update"

CWShredder:
http://cwshredder.net/bin/CWShredder.exe
http://www.majorgeeks.com/download3019.html

Ne les utilise pas pour le moment.

_________________________________

Déconnecte toi d'internet.

 Vide le cache d'Internet Explorer et supprime les cookies:

* Panneau de configuration >> Options internet >> Onglet "Général"
- Clic sur [supprimer les cookies]
- Clic sur [Supprimer les fichiers] en cochant la case "Supprimer tout le contenu hors connexion"

__________________________________

 Redémarre en mode sans échec
Laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.

 Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
Cocher " afficher les fichiers et dossiers cachés "
Décocher " masquer les extentions des fichiers dont le type est connu
Décocher " masquer les fichiers protégés du système"
Valide

___________________________________

Dans le menu Demarrer>Executer >tape: Services.msc
recherche le service avec cette orthographe exacte:
Network Security Service (NSS)
Double clic dessus et clic sur [arreter] puis dans :
type de demarrage --> sélectionne désactivé.


Il se peut, après avoir redémarrer en mode sans echec, que le nom du fichier des lignes R0, R1 ait changé de nom, dans ce cas note son nouveau nom pour pouvoir le supprimer apres avoir fait les fix avec hijack.

 Lance hijackthis:
cocher les cases au début des lignes suivantes

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qyzqe.dll/sp.html#55135
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0DF97C19-5FBD-BE15-697B-42AA2347B4A7} - C:\WINDOWS\system32\crke.dll
O4 - HKLM\..\Run: [javaek32.exe] C:\WINDOWS\system32\javaek32.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


valider avec [fix checked]

____________________________________


 Recherche et supprime:

Dans le cas ou tu utiliserais la fonction Rechercher:
Assure toi que dans:
Tous les fichiers et tous les dossiers >> Options avancées
• Rechercher dans les dossiers systemes <- DOIT ETRE COCHE !
• Rechercher dans les fichiers et les dossiers cachés <- DOIT ETRE COCHE !
• Rechercher dans les sous-dossiers <- DOIT ETRE COCHE !

Essaye de supprimer les fichiers en suivant le chemin des fichiers infectés avec l'explorateur, plutot que d'utiliser la fonction "Rechercher"

/!\ Attention à l'orthographe et l'endroit ou se trouvent les fichiers, car certains fichiers portent pratiquement le meme nom que des fichiers sains, voire exactement le meme, mais dans des dossiers différents.

S'ils sont présents, supprime:

C:\r.exe
C:\WINDOWS\screen.html
C:\WINDOWS\qyzqe.dll
C:\WINDOWS\system32\crke.dll
C:\WINDOWS\system32\javaek32.exe
C:\WINDOWS\System32\hookdump.exe
C:\WINDOWS\System32\srpcsrv32.dll
C:\WINDOWS\System32\runsrv32.dll
C:\WINDOWS\System32\txfdb32.dll
C:\WINDOWS\System32\spoolsrv32.exe
C:\WINDOWS\System32\runsrv32.exe
C:\WINDOWS\Web\desktop.html
C:\WINDOWS\apilo32.exe
____________________________________


Ensuite, tres important:

:: Supprimer les fichiers temporaires ::

Manuellement:

* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Temp
* C:\Windows\Temp
vider tout le contenu des dossiers en gras.

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

Ou avec Cleanup:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe

* Ne pas oublier de vider la corbeille !

_____________________________________

Une fois fait, lance Aboutbuster 2 fois

puis lance cwshredder(clic sur fix)

_____________________________________

Redemarre normalement et relance Aboutbuster

reposte un hijack pour vérifier l'évolution.

Redemarre normalement, et remet tes parametres web par défaut:
panneau de configuration >> options internet >> programmes
clic sur "rétablir les parametres web"

et vérifie ceci:

Démarrer > panneau de configuration > affichage
clic sur l'onglet bureau
clic sur personnalisation du bureau
clic sur l'onglet Web
supprime tout ce qui se trouve ici, sauf "Ma page d'acceuil" qui doit rester DECOCHE
une fois fait, ca doit etre comme sur cette image:
http://get.yourfile.net/ie52977.gif

et ensuite fais un scan AV ici:
http://www.ravantivirus.com/scan/
Clic sur "To continue without subscribing click here"
Lorsque "Ready" est affiché dans "status", clic sur "Scan my PC".
A la fin de l'analyse, copier/coller le rapport ici + un nouveau rapport hijackthis

Ne pas oublier après les manips de recacher les fichiers systeme dans les options des dossiers.
Pour des raisons de sécurité, laisse visible les extentions des fichiers.

a+
0
paco
 
merci
bon ben voila j'ai fait tout ce que tu mas dit
voila le scan hijack:

Logfile of HijackThis v1.99.1
Scan saved at 19:11:15, on 30/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\P@cO\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C994899-0154-43A1-850B-E550BCC065E5}: NameServer = 212.27.32.5,213.228.0.168
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe




par contre j'ai fait le scan antivirus on line et ya tout qui est infecté (tout program files etc...) le log etait trop long a recopier.
C'est pas jojo donc
0
Utilisateur anonyme > paco
 
salut

tu peux mettre une partie du rapport de rav stp ?

a+
0
paco
 
Scan started at 30/06/2005 21:15:26

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Adobe\Illustrator 7.0.1\Illustrator.exe - Win32/HLLP.Jeefo -> Infected
C:\articque\cdbase\c_et_d.exe - Win32/HLLP.Jeefo -> Infected
C:\articque\cdnum\Cdnum.exe - Win32/HLLP.Jeefo -> Infected
C:\ATI\SUPPORT\wxp-w2k-catalyst-8-02-040515a-015958c\issetup.exe - Win32/HLLP.Jeefo -> Infected
C:\ATI\SUPPORT\wxp-w2k-catalyst-8-02-040515a-015958c\CPanel\Setup.exe - Win32/HLLP.Jeefo -> Infected
C:\ATI\SUPPORT\wxp-w2k-catalyst-8-02-040515a-015958c\Driver\Setup.exe - Win32/HLLP.Jeefo -> Infected
C:\ATI\SUPPORT\wxp-w2k-catalyst-8-02-040515a-015958c\WDM\setup.exe - Win32/HLLP.Jeefo -> Infected
C:\Documents and Settings\Administrateur\Bureau\SteamInstall.exe - Win32/HLLP.Jeefo -> Infected
C:\Documents and Settings\Administrateur\Local Settings\Temp\CDASilentInstall0500.exe - Win32/HLLP.Jeefo -> Infected
C:\Documents and Settings\P@cO\Bureau\ad aware.exe - Win32/HLLP.Jeefo -> Infected
C:\Documents and Settings\P@cO\Bureau\HijackThis.exe - Win32/HLLP.Jeefo -> Infected
C:\Documents and Settings\P@cO\Bureau\KillBox.exe - Win32/HLLP.Jeefo -> Infected
C:\Documents and Settings\P@cO\Bureau\spybotsd14.exe - Win32/HLLP.Jeefo -> Infected
C:\Documents and Settings\P@cO\Bureau\hijackthis\HijackThis.exe - Win32/HLLP.Jeefo -> Infected
C:\Documents and Settings\P@cO\Bureau\Hoster\Hoster.exe - Win32/HLLP.Jeefo -> Infected
C:\Documents and Settings\P@cO\Mes documents\hijackthis\HijackThis.exe - Win32/HLLP.Jeefo -> Infected
C:\Documents and Settings\P@cO\Mes documents\IUP\EV2\anglais\Folding@Home503.EXE - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\setup.exe - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\AudioDrv\nvuaudio.exe - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\AudioDrv\nvumpu.exe - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\Ethernet\NRM\setup.exe - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\Ethernet\NRM\Win2K\nvunrm.exe - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\Ethernet\NRM\WinXP\nvunrm.exe - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\Ethernet\Win2K\nvuenet.exe - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\Ethernet\WinXP\nvuenet.exe - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\GART\nvugart.exe - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\IDE\Win2K\NvRaidMan.exe - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\IDE\Win2K\nvuide.exe - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\IDE\WinXP\NvRaidMan.exe - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\IDE\WinXP\nvuide.exe - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\MemCtl\nvumctl.exe - Win32/HLLP.Jeefo -> Infected
C:\NVIDIA\nForceWin2KXP\4.24\SMBus\nvusmb.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Ahead\CoverDesigner\CoverDes.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Ahead\Nero ToolKit\CDSpeed.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Ahead\Nero ToolKit\DriveSpeed.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Ahead\Nero ToolKit\InfoTool.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\ArcSoft\Camera Suite\PhotoImpression\PhotoImpression.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\ArcSoft\Camera Suite\VideoImpression\ArcRegister.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\ArcSoft\Camera Suite\VideoImpression\vi20.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\ArcSoft\Camera Suite\Web Registration\ArcRegister.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\ArcSoft\ShowBiz\ArcRegister.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\ArcSoft\ShowBiz\CheckUpdate.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\ArcSoft\ShowBiz\ShowBiz.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\CameraWindow\CameraLauncher.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\CameraWindow\CamMenuLaunch.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\CameraWindow\MCDU.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\CSCLIB\CDPROC.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\CSCLIB\CDPROCMN.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\PhotoRecord\Help\Glorious_Tutorial.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\PhotoRecord\Help\Tutorial.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\PhotoRecord\OpPrintCom\OpPrintServer.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\PhotoStitch\360view.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\PhotoStitch\Launcher.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\PhotoStitch\stitch.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\PhotoStitch\Viewer.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\RAW Image Task\RAWImage.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\RemoteCapture Task\RCTask.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\ZoomBrowser EX\Program\dbconverter.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbScreenSaver.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\carto\MAPINFOW.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\carto\AddUser\setup.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\carto\Seagate Crystal Reports\CCCHART.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\carto\Seagate Crystal Reports\CRW32.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\carto\Seagate Crystal Reports\CRWCHK32.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\carto\Seagate Crystal Reports\DEXPERT.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\carto\Seagate Crystal Reports\DSX32.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\carto\Seagate Crystal Reports\RPTGLANC.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\carto\Seagate Crystal Reports\BDE32\BDECFG32.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\carto\TOOLS\EasyLoader.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\carto\UT\IMUTGUI.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\CCleaner\ccleaner.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\eMule\LinkCreator.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Fichiers communs\InstallShield\Driver\7\Intel 32\IDriver.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver2.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Fichiers communs\InstallShield\engine\6\Intel 32\IKernel.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Fichiers communs\InstallShield\engine\6\Intel 32\knlwrap.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Fichiers communs\Microsoft Shared\Office10\DW.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Fichiers communs\Microsoft Shared\web server extensions\50\bin\CFGWIZ.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Fichiers communs\Real\Update_OB\upgrdhlp.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Fichiers communs\System\Mapi\1033\CNFNOT32.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Fichiers communs\System\Mapi\1033\SCANPST.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\FlashFXP\FlashFXP.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\FlashFXP\UNWISE.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\InstallShield Installation Information\{07295ABF-1245-415A-BE06-863271753443}\Setup.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\Setup.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\InstallShield Installation Information\{22264E8C-A5BF-4BEE-BB09-EFBC8AB1231C}\Setup.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\Setup.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\InstallShield Installation Information\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}\Setup.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\Setup.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\InstallShield Installation Information\{9B94BE6F-7CA3-4C40-A266-62667FF746CC}\Setup.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\Setup.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\InterVideo\WinDVD4\WinDVD.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\K-Lite Codec Pack\3ivxConfig.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\K-Lite Codec Pack\gspot\gspot.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Mafia\Game.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Microsoft Office\Office10\GRAPH.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Microsoft Office\Office10\MCDLC.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Microsoft Office\Office10\MSACCESS.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Microsoft Office\Office10\MSIMPORT.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Microsoft Office\Office10\MSTORDB.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Microsoft Office\Office10\MSTORE.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Microsoft Office\Office10\POWERPNT.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Microsoft Office\Office10\PROFLWIZ.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Microsoft Office\Office10\VTIDB.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Microsoft Office\Office10\VTIDISC.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Microsoft Office\Office10\VTIFORM.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Microsoft Office\Office10\VTIPRES.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\mIRC\mirc.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\MSN Messenger\dw.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\NetLimiter\NetLimiter.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Netropa\Internet Receiver\Ticker\Netropa.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Netropa\Multimedia Keyboard\Menu.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Netropa\Multimedia Keyboard\MMKbdCfg.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\OnlineWormsJP\DWait.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\OnlineWormsJP\Jpatch.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\QuickTime\PictureViewer.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\QuickTime\QTInfo.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\QuickTime\QuickTimePlayer.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\QuickTime\QuickTimeUpdater.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Real\RealPlayer\realplay.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Sonic Foundry\Batch Converter 5.0\sfbatch.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Sonic Foundry\Sound Forge 5.0\forge.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Sonic Foundry Setup\Batch Converter 5\hhupd.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Sonic Foundry Setup\Batch Converter 5\msisetup.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Sonic Foundry Setup\Sound Forge 5.0b\hhupd.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Sonic Foundry Setup\Sound Forge 5.0b\msisetup.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Valve\Steam\Steam.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Valve\Steam\UNWISE.EXE - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Valve\Steam\SteamApps\phoboz06@hotmail.com\counter-strike\hlds.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Winamp\winamp.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Winamp\Plugins\wt\wtvis\wtvsWinApp.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\Winamp\wtupdates\wtwav\files\2.0.0.11\Plugins\wt\wtvis\wtvsWinApp.exe - Win32/HLLP.Jeefo -> Infected
C:\Program Files\WinRAR\Uninstall.exe - Backdoor:Win32/Poebot.E -> Suspicious
C:\Program Files\WinRAR\WinRAR.exe - Win32/HLLP.Jeefo -> Infected
C:\Team17\Worms Armageddon Demo\Landgen.exe - Win32/HLLP.Jeefo -> Infected
C:\Team17\Worms Armageddon Demo\WaDemo.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\50comupd.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\IsUn040c.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\IsUninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\svchost.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\unin040c.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\$NtUninstallKB839643$\spuninst\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\$NtUninstallKB840374$\helpctr.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\Cache\Adobe Reader 6.0\FRAMEMIN\setup.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\LastGood.Tmp\System32\nvuaudio.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdiag.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\RegisteredPackages\{B3C1B200-8F14-4C49-96D3-67425AD59914}\wmplayer.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\conf.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\dlimport.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\dw.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\dwwin.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\explorer.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\fxsclnt.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\fxscover.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\helpctr.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\icwconn1.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\logonui.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\migwiz.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\migwiz_a.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\moviemk.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\mplay32.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\msconfig.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\mspaint.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\mstsc.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\netsetup.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\osk.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\regedit.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\rsnotify.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\rstrui.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\setup_wm.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\spider.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\unregmp2.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\winhlp32.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\wmplayer.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\wordpad.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\lang\cintsetp.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\lang\imjpdsvr.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\lang\imjpinst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\lang\imjpmig.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\lang\imjprw.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\lang\imjputy.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\ServicePackFiles\i386\lang\tintsetp.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\0434e2b240e051f10ffd1350cfc53961\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\0434e2b240e051f10ffd1350cfc53961\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\06a2d1b76b7b4ec3bc435a8feaaf766f\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\06a2d1b76b7b4ec3bc435a8feaaf766f\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\12a6656285c2311e0b0d8330747299a4\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\12a6656285c2311e0b0d8330747299a4\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\1448ae21a6b10d097b9da21748e4aaf4\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\1448ae21a6b10d097b9da21748e4aaf4\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\23e3f66e5660f16f52de7bb365a4a4e4\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\23e3f66e5660f16f52de7bb365a4a4e4\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\2d8fc848af9a74c38214a74bbd0d3449\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\2d8fc848af9a74c38214a74bbd0d3449\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\3509997e3e6a8246e4309117b264fb4f\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\3509997e3e6a8246e4309117b264fb4f\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\3785f1ad0230e231b0e7dc1f4bb81cd1\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\3785f1ad0230e231b0e7dc1f4bb81cd1\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\403c4e2b7b47c8f01395bb03da97fc27\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\403c4e2b7b47c8f01395bb03da97fc27\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\56012d31c96d963f1694e6518da575e4\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\56012d31c96d963f1694e6518da575e4\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\669a548efc4108bd52d01367f9c63f36\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\669a548efc4108bd52d01367f9c63f36\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\6de99da1687e4b34b1646d9e901a58e4\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\6de99da1687e4b34b1646d9e901a58e4\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\85edc023096735764b42f7ffe25be521\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\85edc023096735764b42f7ffe25be521\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\a75615662719042fee44f24837582cca\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\a75615662719042fee44f24837582cca\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\afc0ed0368831627df3ce347a8770190\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\afc0ed0368831627df3ce347a8770190\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\b770739863e860682d6bc39806056a95\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\b770739863e860682d6bc39806056a95\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\bf2caed7b2b2a5b40c9de5f57c934aa9\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\bf2caed7b2b2a5b40c9de5f57c934aa9\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\cec1737ba5291f1f04cb808fe874b28d\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\cec1737ba5291f1f04cb808fe874b28d\backup\sp1qfe\wordpad.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\cec1737ba5291f1f04cb808fe874b28d\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\d405d73df8319a24f56e417ff95c409b\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\d405d73df8319a24f56e417ff95c409b\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\d503d96f06aaba242a764e78c3ce887b\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\d503d96f06aaba242a764e78c3ce887b\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\e4071318d3cedbcecbe5d93fffa862d9\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\e4071318d3cedbcecbe5d93fffa862d9\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\f60f46350b6153a92d2bd75ede609ea8\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\f60f46350b6153a92d2bd75ede609ea8\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\f8b2635238dcfae73eb06d137b97cf02\spuninst.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\f8b2635238dcfae73eb06d137b97cf02\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1c7a2d3b95cc7cdc3218df53de81aaca\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2e28501dd06e74a8262c66091d4e0e61\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\66e4e99bc47cb91f7cd1672084b92521\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6c57fca5b21b90dbf9f354dbbe292922\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9102d8045dc871e1d021f4aa26de2fe6\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\989820a9c0116f263c3fe02357eb0454\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\aa5e30c9c629be6e595c0c04f3e98649\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b364b19821a2c816b378c45feda8fc75\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bbf3c446b901b8b6232e62cedf8da11a\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\cca6e0db115772ad566b80e67cde16da\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\cdd43aafefbb92c8831499cd2a010dd9\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\cff91aa07a894a7384583a6469eb3150\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d1b29ea9af60865342221d1a1dac1909\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fb6a7b21c891154ce159d5da7b84e0e9\update\update.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\system32\MafiaSetup.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\system32\MRT.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\system32\netsetup.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\system32\nvumpu.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\system32\sndstorm.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\system32\wuauclt1.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\system32\QuickTime\QTPluginInstaller.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\nvuaudio.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\twain_32\QuickCam\HVideoS.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\wt\wtcda\wtcdatt.exe - Win32/HLLP.Jeefo -> Infected
C:\WINDOWS\wt\wtupdates\wtcda\files\4.0.0.370\wtcdatt.exe - Win32/HLLP.Jeefo -> Infected
E:\jeux\yetisports1.exe - Win32/HLLP.Jeefo -> Infected
E:\jeux\yetisports2.exe - Win32/HLLP.Jeefo -> Infected
E:\jeux\yetisports3.exe - Win32/HLLP.Jeefo -> Infected
E:\jeux\yetisports4.exe - Win32/HLLP.Jeefo -> Infected
E:\jeux\yetisports5.exe - Win32/HLLP.Jeefo -> Infected
E:\jeux\Worms Armageddon All Weapons Unblocked Cracked Xp Patch By Lupen\wormsarm\clokspl.exe - Win32/HLLP.Jeefo -> Infected
E:\jeux\Worms Armageddon All Weapons Unblocked Cracked Xp Patch By Lupen\wormsarm\Landgen.exe - Win32/HLLP.Jeefo -> Infected
E:\jeux\Worms Armageddon All Weapons Unblocked Cracked Xp Patch By Lupen\wormsarm\User\BankEditor.exe - Win32/HLLP.Jeefo -> Infected
E:\Musique\Ambient\Air\BO - The virgin Suicides\AIR - The virgin Suicides\Audioconvert
0
Utilisateur anonyme > paco
 
ouahou !

on dirait que tout tes progs sont infectés:
supprime C:\WINDOWS\svchost.exe <- attention, ne confond pas avec celui qui est dans C:\WINDOWS\system32

redemarre le pc et fais un scan chez rav en cochant autoclean

a+
0
balltrap34 Messages postés 16241 Statut Contributeur sécurité 332 > Utilisateur anonyme
 
salut paco utilise ce fix pour jeeffo
http://www.sophos.fr/support/cleaners/jeefogui.com
enregistre le et execute le
0

Discussions similaires

question sur le site asphaltgold (contrefaçon?)
mrt.emma -
Nutty -

5 réponses
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
" Échec de l'analyse antivirus " la solution.
bazfile -
bazfile -

0 réponse
Échec de l'analyse anti virus.
alice1414 -
bazfile -

3 réponses