Sujet Précédent Sujet Suivant

[Virus] Infecté par Win32/Hidrag.A

Résolu/Fermé
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007 - 11 mars 2006 à 21:34
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 - 26 nov. 2006 à 23:23
Bonjour!

J'ai un soucis avec le ver Hidrag...En fait, j'ai un disque dur portable que j'avais apporté chez un pote et que j'ai branché sur son PC qui, en fait était infecté par Hidrag. Du coup le ver s'est propagé sur mon disque dur portable mais, ensuite, en le rebranchant sur mon PC, le ver est resté sur le disque dur portable, il ne s'est pas mit sur mon PC...(j'espère que c'est pas trop mal expliqué).
Donc en fait, les fichiers .exe sont sont infestés, mais le fichier de "base" n'est pas là...
J'ai lu différents messages d'aide, sur ce forum et sur d'autres mais le problème persiste...
Donc j'aimerais savoir s'il existe une solution à ce problème autre que le formatage...?

Merci d'avance.

35 réponses

  • 1
  • 2
Réponse 1 / 35
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429
11 mars 2006 à 22:45
Slt,

télécharge HijackThis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo (merci à Balltrap) :
instalation hijackthis
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage
0
Réponse 2 / 35
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007
12 mars 2006 à 12:56
Bonjour!

Désolé, j'étais absent hier soir. Mais voilà le scan HijackThis que je viens de faire.

Logfile of HijackThis v1.99.1
Scan saved at 12:55:55, on 12/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://fr.yahoo.com/"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A6D7CD41-9FE9-3BC7-1616-DA6F7A4D6670} - (no file)
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHelper.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O2 - BHO: (no name) - {FD1438E7-0237-3F9F-402F-C189BE98FEBC} - (no file)
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
O4 - HKLM\..\Run: [SpywareStopper] C:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Style plan tick name] C:\Documents and Settings\All Users\Application Data\StoreReadmeStylePlan\Tool store.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~2\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: teleir_cert -
O16 - DPF: Yahoo! Euchre -
O16 - DPF: Yahoo! MahJong Solitaire -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: msctl32.dll - msctl32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
0
Réponse 3 / 35
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007
12 mars 2006 à 14:17
Quelqu'un pourrait-il me donner un petit coup de main pour le lo HijackThis?
J'avoue que je ne sais pas trop quoi faire...
0
Réponse 4 / 35
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429
12 mars 2006 à 16:16
Scannnes ton PC avec ces log et vires tout ce qu'ils te trouvent :

(Les mettre à jour avant de les lancer).

1/ Ad-Aware (gratuit) :
Téléchargement :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
Le patch en Français pour Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
2/ Spybot (gratuit) :
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
Téléchargement :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
3/ a-squared free (gratuit)
Téléchargement :
http://www.emsisoft.net/fr/software/download/
4/ ewido (dowload)
Téléchargement :
http://www.ewido.net/fr/download/
5/ cleanup40 (nettoyeur de cookies+temps+tempos+prefetch+historique+etc..) (gratuit)
Démo :
http://pageperso.aol.fr/balltrap34/democleanup.htm
Téléchargement :
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
6/ ccleaner (gratuit)
Tutorial là :
http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
Téléchargement : http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

Et remet un Hijack je repasserai dans la soirée ou peut être avant.
Tu sais on est Dimanche et c'est pas evident de trouver du temps...

@+


0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 35
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007
12 mars 2006 à 16:20
C'est vrai, désolé d'avoir été si impatient.
Mais merci beaucoup en tout cas ;)
0
Réponse 6 / 35
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429
12 mars 2006 à 18:43
Re,

As tu scanné avec les logs que je t'ai mis ?
0
Réponse 7 / 35
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007
12 mars 2006 à 19:24
Je suis en train de le faire.
Je te recontacte dès que c'est terminé
Merci ;)
A tt!
0
Réponse 8 / 35
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007
12 mars 2006 à 21:59
Bonsoir!
Voilà le log d'HijackThis!

Logfile of HijackThis v1.99.1
Scan saved at 21:52:42, on 12/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref(
0
Réponse 9 / 35
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429
12 mars 2006 à 22:04
Ton log n'est pas complet...

Si tu as installé MSN+ tu peux déja le désinstaller et le réinstaller sans accepter les sponsors...
0
Réponse 10 / 35
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429
12 mars 2006 à 22:20
Comme ceci :

http://theroot.chez-alice.fr/imgs/tuto/msgplus.jpg

Remets un log Hijack STP.

Sinon on verra ca demain...
0
Réponse 11 / 35
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007
13 mars 2006 à 02:01
J'ai du m'absenter ce soir, c'est pour ça que je reviens un peu tard.
Je n'ai pas installé MSN+...
J'ai refais un scan avec HijackThis.


Logfile of HijackThis v1.99.1
Scan saved at 02:00:37, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://fr.yahoo.com/"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A6D7CD41-9FE9-3BC7-1616-DA6F7A4D6670} - (no file)
O2 - BHO: (no name) - {FD1438E7-0237-3F9F-402F-C189BE98FEBC} - (no file)
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
O4 - HKLM\..\Run: [SpywareStopper] C:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Style plan tick name] C:\Documents and Settings\All Users\Application Data\StoreReadmeStylePlan\Tool store.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~2\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: teleir_cert -
O16 - DPF: Yahoo! Euchre -
O16 - DPF: Yahoo! MahJong Solitaire -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ,
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
0
Utilisateur anonyme
13 mars 2006 à 02:26
Salut,

Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

O2 - BHO: (no name) - {A6D7CD41-9FE9-3BC7-1616-DA6F7A4D6670} - (no file)
O2 - BHO: (no name) - {FD1438E7-0237-3F9F-402F-C189BE98FEBC} - (no file)
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Style plan tick name] C:\Documents and Settings\All Users\Application Data\StoreReadmeStylePlan\Tool store.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~2\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe


Desinstalles AVG car il ne faut qu'un anti-virus sur un Pc si non ça crée des conflits.

Fais ce scan anti-virus en ligne et colles le rapport ici une fois qu'il à finit stp

http://www.bitdefender.com/scan8/ie.html

Puis en même temps colles un nouveau rapport hijackthis

A++

0
Réponse 12 / 35
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007
13 mars 2006 à 18:53
Bonjour,

J'ai fais un scan avec BitDefender...mais malheureusement (au bout de 6h, car mon ordi a un peu bugué), mon ordi a planté alors qu'il ne restait que quelques minutes. Néanmoins, BitDefender a supprimé tous les "mauvais" fichiers qu'il a trouvé.
Je mets un rapport HijackThis en attendant de refaire un scan avec BitDefender.


Logfile of HijackThis v1.99.1
Scan saved at 18:54:34, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://fr.yahoo.com/"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [SpywareStopper] C:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: teleir_cert -
O16 - DPF: Yahoo! Euchre -
O16 - DPF: Yahoo! MahJong Solitaire -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ,
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
0
Utilisateur anonyme
13 mars 2006 à 19:22
Salut,

Oki, pas grave pour le moment..

Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O16 - DPF: teleir_cert -
O16 - DPF: Yahoo! Euchre -
O16 - DPF: Yahoo! MahJong Solitaire -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -


Fais ceci:

¤Telecharges et installes ceci, dans la colonne de gauche cliques sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs

CCleaner:
http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

¤Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis cliques sur "lancer le nettoyage"


Si tu as encore Ewido fais un scan avec puis colles le rapport ici stp

(Ewido:
http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/31851.html)

Puis colles le rapport d'Ewido ici avec un nouveau rapport hijackthis ;-) (penses à redemarrer avant)

A++
0
Réponse 13 / 35
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007
13 mars 2006 à 22:30
Re.,
Voilà le rapport Ewido (après redémarrage):


---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 22:28:11, 13/03/2006
+ Somme de contrôle: 734A085C

+ Résultats du scan:

C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\Program Files\WildTangent\Components\SystemConfig0100.dll -> Spyware.WinAD : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\cd_htm.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\bdedata2.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\bdefdi.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\chktrust.exe -> Spyware.BargainBuddy : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\bdeload.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\BDESac10.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\BDESac24.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\bdeinsta25.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\BDE\Cache\bdedetect1.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\BDE\bdeviewer.exe -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\BDE\b3dsetup.exe -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\BDE\bdedetect1.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll -> Spyware.WildTangent : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll -> Spyware.WildTangent : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\altnet\download manager\altnetuninstall.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\altnet\download manager\asmend.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\altnet\Points Manager\sysdetect.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\Common Files\updater\delupdat.exe -> Downloader.Keenal : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\WINDOWS\system32\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\Program Files\altnet\download manager\altnetuninstall.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\Program Files\altnet\download manager\asmend.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\Program Files\altnet\Points Manager\sysdetect.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\WINDOWS\system32\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\Program Files\altnet\download manager\altnetuninstall.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\Program Files\altnet\download manager\asmend.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\Program Files\altnet\Points Manager\sysdetect.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\WINDOWS\system32\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1076100897.ssb/C:\Documents and Settings\VICTOR\Local Settings\Temp\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1076100897.ssb/C:\Documents and Settings\VICTOR\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1076100897.ssb/C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1076100897.ssb/C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1107007840.ssb/C:\Program Files\Bargain Buddy\bbchk.exe -> Spyware.BargainBuddy : Nettoyer et sauvegarder
C:\Program Files\PestPatrol\Quarantine\20060308222603.zip/Program Files/NavExcel/NavHelper/v2.0.4c/NHUpdater.exe -> Spyware.NavExcel : Nettoyer et sauvegarder
C:\WINDOWS\system32\drivers\i386p.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.k : Nettoyer et sauvegarder
G:\Programmes\Abandonware\Super Nes\ActRaiser (F).SRM -> Dropper.Small.u : Nettoyer et sauvegarder


::Fin du rapport


Faut-il que je redémarre avant de poster le rapport d'HijackThis?
0
Réponse 14 / 35
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007
13 mars 2006 à 22:38
Je poste quand même un rapport HijackThis, sans avoir redémarré, au cas où...:


Logfile of HijackThis v1.99.1
Scan saved at 22:39:19, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://fr.yahoo.com/"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [SpywareStopper] C:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ,
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
0
Utilisateur anonyme
13 mars 2006 à 22:42
Fais ce scan anti-virus en ligne et colles le rapport ici une fois qu'il à finit stp

http://www.bitdefender.com/scan8/ie.html
0
Réponse 15 / 35
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007
14 mars 2006 à 12:55
Bonjour!
Me re voilà avec le rapport de BitDefender:


BitDefender Online Scanner



Scan report generated at: Tue, Mar 14, 2006 - 05:10:40





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;







Statistics

Time
05:42:30

Files
950883

Folders
10687

Boot Sectors
9

Archives
7673

Packed Files
46108




Results

Identified Viruses
7

Infected Files
53

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
53




Engines Info

Virus Definitions
313388

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Dis moi si il faut que je colle le rapport complet. (parce qu'il est énorme)
0
Réponse 16 / 35
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007
14 mars 2006 à 13:08
En fait j'ai mis le rapport complet, pensant que c'est quand même judicieux. C'est sûr qu'il est un peu grand, mais c'est mieux.

Scanned File
Status

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Re: Your website][Date: Mon, 1 Mar 2004 11:39:19 +0100]=>(MIME part)=>your_website.pif
Infected with: Win32.Netsky.D@mm

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Re: Your website][Date: Mon, 1 Mar 2004 11:39:19 +0100]=>(MIME part)=>your_website.pif
Disinfection failed

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Re: Your website][Date: Mon, 1 Mar 2004 11:39:19 +0100]=>(MIME part)=>your_website.pif
Deleted

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Re: Your website][Date: Mon, 1 Mar 2004 11:39:19 +0100]=>(MIME part)
Updated

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)
Updated

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Blanche neige et ...les sexe nains]=>(MIME part)=>sexynain.scr
Infected with: I-Worm.Hybris.G

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Blanche neige et ...les sexe nains]=>(MIME part)=>sexynain.scr
Disinfection failed

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Blanche neige et ...les sexe nains]=>(MIME part)=>sexynain.scr
Deleted

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Blanche neige et ...les sexe nains]=>(MIME part)
Updated

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)
Updated

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\11.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\11.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\11.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\13.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\13.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\13.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\15.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\15.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\15.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\17.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\17.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\17.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\19.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\19.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\19.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1B.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1B.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1B.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1D.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1D.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1D.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1F.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1F.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1F.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\21.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\21.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\21.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\22.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\22.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\22.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\25.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\25.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\25.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\26.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\26.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\26.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\29.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\29.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\29.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2C.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2C.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2C.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2F.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2F.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2F.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\31.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\31.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\31.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\33.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\33.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\33.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\35.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\35.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\35.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\37.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\37.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\37.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\39.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\39.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\39.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3B.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3B.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3B.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3D.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3D.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3D.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3F.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3F.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3F.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\5.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\5.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\5.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\7.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\7.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\7.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\D.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\D.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\D.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Extension Manager.exe
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Extension Manager.exe
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Extension Manager.exe
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\F.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\F.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\F.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Flash 8 Video Encoder.exe
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Flash 8 Video Encoder.exe
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Flash 8 Video Encoder.exe
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Guitar pro 4 - Update(c6).exe
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Guitar pro 4 - Update(c6).exe
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Guitar pro 4 - Update(c6).exe
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer.exe
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer.exe
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer.exe
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_3e8.VIR
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_3e8.VIR
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_3e8.VIR
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_418.VIR
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_418.VIR
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_418.VIR
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\THUG2 crack.exe
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\THUG2 crack.exe
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\THUG2 crack.exe
Deleted

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Detected with: Adware.Navexcel.A

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Disinfection failed

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Deleted

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Detected with: Adware.Navexcel.A

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Disinfection failed

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Deleted

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Detected with: Adware.Navexcel.A

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Disinfection failed

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Deleted

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed

G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0005
Infected with: Trojan.Downloader.Small.APC

G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0005
Disinfection failed

G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0005
Deleted

G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)
Update failed

G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0029
Detected with: Application.Adware.NewDotNet.Dropper

G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0029
Deleted

G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)
Update failed

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Detected with: Adware.Navexcel.A

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Disinfection failed

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Deleted

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Detected with: Adware.Navexcel.A

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Disinfection failed

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Deleted

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Detected with: Adware.Navexcel.A

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Disinfection failed

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Deleted

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed

G:\Programmes\WarezP2P (first version downloaded).exe=>(NSIS o)=>lzma_nsis0006
Detected with: Application.Adware.NewDotNet.Dropper

G:\Programmes\WarezP2P (first version downloaded).exe=>(NSIS o)=>lzma_nsis0006
Deleted

G:\Programmes\WarezP2P (first version downloaded).exe=>(NSIS o)
Update failed

G:\Programmes\WarezP2P (v. 2.7).exe=>(NSIS o)=>lzma_nsis0030
Detected with: Application.Adware.NewDotNet.Dropper

G:\Programmes\WarezP2P (v. 2.7).exe=>(NSIS o)=>lzma_nsis0030
Deleted

G:\Programmes\WarezP2P (v. 2.7).exe=>(NSIS o)
Update failed

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>(ZIP Sfx g)=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Infected with: Trojan.XEmu.A

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>(ZIP Sfx g)=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Disinfection failed

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>(ZIP Sfx g)=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Deleted

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>(ZIP Sfx g)
Updated

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip
Update failed

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Infected with: Trojan.XEmu.A

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Disinfection failed

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Deleted

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip
Updated

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip
Updated
0
Utilisateur anonyme
14 mars 2006 à 18:04
Salut,

c'est sale! n'est ce pas ?!

Vides la quarantaine de ton anti-virus s'il reste encore quelque chose.

Puis fais ceci:

¤Telecharges et installes ceci, dans la colonne de gauche cliques sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs

CCleaner:
http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

¤Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis cliques sur "lancer le nettoyage"


Puis je te conseille de refaire vivement un nouveau scan avec Bitdefender ;-)

PS: fais le tri dans les fichiers que tu as telechargé sur Emule car tu as ramassé quelques salopries.

A++ ;-)
0
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429 > Utilisateur anonyme
14 mars 2006 à 18:11
Slt Boule,

Pourquoi ce changement de pseudo ?
0
Utilisateur anonyme > Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023
14 mars 2006 à 18:15
Salut Seb,

( mdrr) bah j'ai reçu la newsletter du site! cela me servant pas j'ai voulu m'y desinscrire en utilisant le liens, et quand j'ai voulu revenir il acceptait plus mon pseudo n'y mon mot de passe .. voilà pourquoi ce changement :-(
0
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429 > Utilisateur anonyme
14 mars 2006 à 18:19
OK

;D
0
Réponse 17 / 35
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007
14 mars 2006 à 23:06
Désolé, j'ai dû m'absenter toute la fin de journée, mais je me mets tout de suite au boulot!!!
0
Réponse 18 / 35
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007
14 mars 2006 à 23:17
Re,
J'aimerai savoir s'il y a une alternative à BitDefender, car les fichiers Temp qu'il créer pendant le scan sont beaucoup trop lourd et du coup je manque d'espace sur le disque dur sur lequel est installé Windows, ce qui fait que l'ordi bug et je suis obligé de faire tout un tas de manip' pour effacer des fichiers afin que le scan puisse faire son petit travail...
0
Utilisateur anonyme
15 mars 2006 à 03:47
Salut,

Non, du moins j'pense pas Panda c'est pire :-/ essais celui là

http://www.secuser.com/outils/antivirus.htm
0
Réponse 19 / 35
Ketmo Messages postés 77 Date d'inscription mardi 24 janvier 2006 Statut Membre Dernière intervention 17 mai 2007
15 mars 2006 à 14:31
Salut!

J'ai fait un scan avec Secuser, et il n'a rien trouvé!!!
0
Réponse 20 / 35
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429
15 mars 2006 à 18:43
'lut

Ou en sont tes soucis ?
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
infecté par HackTool:Win32/AutoKMS
fredo1968 -
fredo1968 -

5 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses