[Virus] Infecté par Win32/Hidrag.A
Résolu
Ketmo
Messages postés
77
Statut
Membre
-
Séb08 Messages postés 18169 Date d'inscription Statut Contributeur Dernière intervention -
Séb08 Messages postés 18169 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour!
J'ai un soucis avec le ver Hidrag...En fait, j'ai un disque dur portable que j'avais apporté chez un pote et que j'ai branché sur son PC qui, en fait était infecté par Hidrag. Du coup le ver s'est propagé sur mon disque dur portable mais, ensuite, en le rebranchant sur mon PC, le ver est resté sur le disque dur portable, il ne s'est pas mit sur mon PC...(j'espère que c'est pas trop mal expliqué).
Donc en fait, les fichiers .exe sont sont infestés, mais le fichier de "base" n'est pas là...
J'ai lu différents messages d'aide, sur ce forum et sur d'autres mais le problème persiste...
Donc j'aimerais savoir s'il existe une solution à ce problème autre que le formatage...?
Merci d'avance.
J'ai un soucis avec le ver Hidrag...En fait, j'ai un disque dur portable que j'avais apporté chez un pote et que j'ai branché sur son PC qui, en fait était infecté par Hidrag. Du coup le ver s'est propagé sur mon disque dur portable mais, ensuite, en le rebranchant sur mon PC, le ver est resté sur le disque dur portable, il ne s'est pas mit sur mon PC...(j'espère que c'est pas trop mal expliqué).
Donc en fait, les fichiers .exe sont sont infestés, mais le fichier de "base" n'est pas là...
J'ai lu différents messages d'aide, sur ce forum et sur d'autres mais le problème persiste...
Donc j'aimerais savoir s'il existe une solution à ce problème autre que le formatage...?
Merci d'avance.
Configuration: - ASUSTek Computer INC. P4B533 - Intel Pentium 4 CPU 2.42GHz - Maxtor 9.5GB(int.), SAMSUNG 29GB(int.), Maxtor 250GB(ext.) - 512MB DDR-SDRAM - NVIDIA GeForce4 MX 440SE AGP8X - Win. XP Pro SP2
35 réponses
- 1
- 2
Suivant
Résumé de la discussion
Problème rencontré: un virus Hidrag aurait été propagé d'un PC infecté vers un disque dur portable, rendant les fichiers .exe infectés et le fichier de base apparemment absent, avec une recherche de solution sans formatage.
Des éléments de réponse essentiels évoquent l'usage de multiples outils antivirus et utilitaires (Kaspersky, HijackThis, Ad-Aware, Spybot, CCleaner) et la consultation des journaux pour identifier les éléments malveillants.
Plusieurs échanges recommandent de relancer des scans et d'analyser les rapports pour repérer les entrées suspectes et les entrées démarrant automatiquement, afin de nettoyer sans réinstaller le système.
En cas d'infection persistante, certains proposent des tests hors ligne et l'examen des systèmes de fichiers pour repérer des traces résiduelles, clés de registre malicieuses, des processus invisibles.
-
Slt,
télécharge HijackThis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo (merci à Balltrap) :
instalation hijackthis
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
-
Bonjour!
Désolé, j'étais absent hier soir. Mais voilà le scan HijackThis que je viens de faire.
Logfile of HijackThis v1.99.1
Scan saved at 12:55:55, on 12/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://fr.yahoo.com/"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A6D7CD41-9FE9-3BC7-1616-DA6F7A4D6670} - (no file)
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHelper.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O2 - BHO: (no name) - {FD1438E7-0237-3F9F-402F-C189BE98FEBC} - (no file)
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
O4 - HKLM\..\Run: [SpywareStopper] C:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Style plan tick name] C:\Documents and Settings\All Users\Application Data\StoreReadmeStylePlan\Tool store.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~2\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: teleir_cert -
O16 - DPF: Yahoo! Euchre -
O16 - DPF: Yahoo! MahJong Solitaire -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: msctl32.dll - msctl32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe -
Quelqu'un pourrait-il me donner un petit coup de main pour le lo HijackThis?
J'avoue que je ne sais pas trop quoi faire... -
Scannnes ton PC avec ces log et vires tout ce qu'ils te trouvent :
(Les mettre à jour avant de les lancer).
1/ Ad-Aware (gratuit) :
Téléchargement :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
Le patch en Français pour Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
2/ Spybot (gratuit) :
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
Téléchargement :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
3/ a-squared free (gratuit)
Téléchargement :
http://www.emsisoft.net/fr/software/download/
4/ ewido (dowload)
Téléchargement :
http://www.ewido.net/fr/download/
5/ cleanup40 (nettoyeur de cookies+temps+tempos+prefetch+historique+etc..) (gratuit)
Démo :
http://pageperso.aol.fr/balltrap34/democleanup.htm
Téléchargement :
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
6/ ccleaner (gratuit)
Tutorial là :
http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
Téléchargement : http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Et remet un Hijack je repasserai dans la soirée ou peut être avant.
Tu sais on est Dimanche et c'est pas evident de trouver du temps...
@+
-
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
C'est vrai, désolé d'avoir été si impatient.
Mais merci beaucoup en tout cas ;) -
Re,
As tu scanné avec les logs que je t'ai mis ? -
Je suis en train de le faire.
Je te recontacte dès que c'est terminé
Merci ;)
A tt! -
Bonsoir!
Voilà le log d'HijackThis!
Logfile of HijackThis v1.99.1
Scan saved at 21:52:42, on 12/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref( -
Ton log n'est pas complet...
Si tu as installé MSN+ tu peux déja le désinstaller et le réinstaller sans accepter les sponsors... -
Comme ceci :
http://theroot.chez-alice.fr/imgs/tuto/msgplus.jpg
Remets un log Hijack STP.
Sinon on verra ca demain...
-
J'ai du m'absenter ce soir, c'est pour ça que je reviens un peu tard.
Je n'ai pas installé MSN+...
J'ai refais un scan avec HijackThis.
Logfile of HijackThis v1.99.1
Scan saved at 02:00:37, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://fr.yahoo.com/"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A6D7CD41-9FE9-3BC7-1616-DA6F7A4D6670} - (no file)
O2 - BHO: (no name) - {FD1438E7-0237-3F9F-402F-C189BE98FEBC} - (no file)
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
O4 - HKLM\..\Run: [SpywareStopper] C:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Style plan tick name] C:\Documents and Settings\All Users\Application Data\StoreReadmeStylePlan\Tool store.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~2\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: teleir_cert -
O16 - DPF: Yahoo! Euchre -
O16 - DPF: Yahoo! MahJong Solitaire -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ,
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe-
Salut,
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O2 - BHO: (no name) - {A6D7CD41-9FE9-3BC7-1616-DA6F7A4D6670} - (no file)
O2 - BHO: (no name) - {FD1438E7-0237-3F9F-402F-C189BE98FEBC} - (no file)
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Style plan tick name] C:\Documents and Settings\All Users\Application Data\StoreReadmeStylePlan\Tool store.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~2\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
Desinstalles AVG car il ne faut qu'un anti-virus sur un Pc si non ça crée des conflits.
Fais ce scan anti-virus en ligne et colles le rapport ici une fois qu'il à finit stp
http://www.bitdefender.com/scan8/ie.html
Puis en même temps colles un nouveau rapport hijackthis
A++
-
-
Bonjour,
J'ai fais un scan avec BitDefender...mais malheureusement (au bout de 6h, car mon ordi a un peu bugué), mon ordi a planté alors qu'il ne restait que quelques minutes. Néanmoins, BitDefender a supprimé tous les "mauvais" fichiers qu'il a trouvé.
Je mets un rapport HijackThis en attendant de refaire un scan avec BitDefender.
Logfile of HijackThis v1.99.1
Scan saved at 18:54:34, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://fr.yahoo.com/"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [SpywareStopper] C:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: teleir_cert -
O16 - DPF: Yahoo! Euchre -
O16 - DPF: Yahoo! MahJong Solitaire -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ,
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe-
Salut,
Oki, pas grave pour le moment..
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O16 - DPF: teleir_cert -
O16 - DPF: Yahoo! Euchre -
O16 - DPF: Yahoo! MahJong Solitaire -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -
Fais ceci:
¤Telecharges et installes ceci, dans la colonne de gauche cliques sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs
CCleaner:
http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
¤Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis cliques sur "lancer le nettoyage"
Si tu as encore Ewido fais un scan avec puis colles le rapport ici stp
(Ewido:
http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/31851.html)
Puis colles le rapport d'Ewido ici avec un nouveau rapport hijackthis ;-) (penses à redemarrer avant)
A++
-
-
Re.,
Voilà le rapport Ewido (après redémarrage):
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 22:28:11, 13/03/2006
+ Somme de contrôle: 734A085C
+ Résultats du scan:
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\Program Files\WildTangent\Components\SystemConfig0100.dll -> Spyware.WinAD : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\cd_htm.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\bdedata2.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\bdefdi.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\chktrust.exe -> Spyware.BargainBuddy : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\bdeload.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\BDESac10.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\BDESac24.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\bdeinsta25.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\BDE\Cache\bdedetect1.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\BDE\bdeviewer.exe -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\BDE\b3dsetup.exe -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\BDE\bdedetect1.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll -> Spyware.WildTangent : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll -> Spyware.WildTangent : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\altnet\download manager\altnetuninstall.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\altnet\download manager\asmend.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\altnet\Points Manager\sysdetect.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\Common Files\updater\delupdat.exe -> Downloader.Keenal : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\WINDOWS\system32\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\Program Files\altnet\download manager\altnetuninstall.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\Program Files\altnet\download manager\asmend.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\Program Files\altnet\Points Manager\sysdetect.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\WINDOWS\system32\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\Program Files\altnet\download manager\altnetuninstall.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\Program Files\altnet\download manager\asmend.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\Program Files\altnet\Points Manager\sysdetect.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\WINDOWS\system32\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1076100897.ssb/C:\Documents and Settings\VICTOR\Local Settings\Temp\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1076100897.ssb/C:\Documents and Settings\VICTOR\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1076100897.ssb/C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1076100897.ssb/C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1107007840.ssb/C:\Program Files\Bargain Buddy\bbchk.exe -> Spyware.BargainBuddy : Nettoyer et sauvegarder
C:\Program Files\PestPatrol\Quarantine\20060308222603.zip/Program Files/NavExcel/NavHelper/v2.0.4c/NHUpdater.exe -> Spyware.NavExcel : Nettoyer et sauvegarder
C:\WINDOWS\system32\drivers\i386p.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.k : Nettoyer et sauvegarder
G:\Programmes\Abandonware\Super Nes\ActRaiser (F).SRM -> Dropper.Small.u : Nettoyer et sauvegarder
::Fin du rapport
Faut-il que je redémarre avant de poster le rapport d'HijackThis? -
Je poste quand même un rapport HijackThis, sans avoir redémarré, au cas où...:
Logfile of HijackThis v1.99.1
Scan saved at 22:39:19, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://fr.yahoo.com/"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [SpywareStopper] C:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ,
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe-
Fais ce scan anti-virus en ligne et colles le rapport ici une fois qu'il à finit stp
http://www.bitdefender.com/scan8/ie.html
-
-
Bonjour!
Me re voilà avec le rapport de BitDefender:
BitDefender Online Scanner
Scan report generated at: Tue, Mar 14, 2006 - 05:10:40
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;
Statistics
Time
05:42:30
Files
950883
Folders
10687
Boot Sectors
9
Archives
7673
Packed Files
46108
Results
Identified Viruses
7
Infected Files
53
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
53
Engines Info
Virus Definitions
313388
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Dis moi si il faut que je colle le rapport complet. (parce qu'il est énorme) -
En fait j'ai mis le rapport complet, pensant que c'est quand même judicieux. C'est sûr qu'il est un peu grand, mais c'est mieux.
Scanned File
Status
C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Re: Your website][Date: Mon, 1 Mar 2004 11:39:19 +0100]=>(MIME part)=>your_website.pif
Infected with: Win32.Netsky.D@mm
C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Re: Your website][Date: Mon, 1 Mar 2004 11:39:19 +0100]=>(MIME part)=>your_website.pif
Disinfection failed
C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Re: Your website][Date: Mon, 1 Mar 2004 11:39:19 +0100]=>(MIME part)=>your_website.pif
Deleted
C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Re: Your website][Date: Mon, 1 Mar 2004 11:39:19 +0100]=>(MIME part)
Updated
C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)
Updated
C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed
C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Blanche neige et ...les sexe nains]=>(MIME part)=>sexynain.scr
Infected with: I-Worm.Hybris.G
C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Blanche neige et ...les sexe nains]=>(MIME part)=>sexynain.scr
Disinfection failed
C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Blanche neige et ...les sexe nains]=>(MIME part)=>sexynain.scr
Deleted
C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Blanche neige et ...les sexe nains]=>(MIME part)
Updated
C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)
Updated
C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\11.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\11.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\11.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\13.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\13.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\13.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\15.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\15.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\15.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\17.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\17.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\17.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\19.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\19.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\19.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1B.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1B.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1B.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1D.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1D.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1D.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1F.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1F.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1F.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\21.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\21.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\21.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\22.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\22.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\22.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\25.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\25.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\25.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\26.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\26.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\26.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\29.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\29.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\29.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2C.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2C.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2C.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2F.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2F.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2F.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\31.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\31.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\31.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\33.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\33.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\33.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\35.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\35.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\35.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\37.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\37.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\37.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\39.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\39.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\39.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3B.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3B.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3B.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3D.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3D.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3D.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3F.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3F.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3F.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\5.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\5.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\5.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\7.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\7.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\7.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\D.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\D.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\D.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Extension Manager.exe
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Extension Manager.exe
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Extension Manager.exe
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\F.tmp
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\F.tmp
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\F.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Flash 8 Video Encoder.exe
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Flash 8 Video Encoder.exe
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Flash 8 Video Encoder.exe
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Guitar pro 4 - Update(c6).exe
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Guitar pro 4 - Update(c6).exe
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Guitar pro 4 - Update(c6).exe
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer.exe
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer.exe
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer.exe
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_3e8.VIR
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_3e8.VIR
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_3e8.VIR
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_418.VIR
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_418.VIR
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_418.VIR
Deleted
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\THUG2 crack.exe
Infected with: Win32.Jeefo.A.dam
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\THUG2 crack.exe
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\THUG2 crack.exe
Deleted
G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Detected with: Adware.Navexcel.A
G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Disinfection failed
G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Deleted
G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed
G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Detected with: Adware.Navexcel.A
G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Disinfection failed
G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Deleted
G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed
G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Detected with: Adware.Navexcel.A
G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Disinfection failed
G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Deleted
G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed
G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0005
Infected with: Trojan.Downloader.Small.APC
G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0005
Disinfection failed
G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0005
Deleted
G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)
Update failed
G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0029
Detected with: Application.Adware.NewDotNet.Dropper
G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0029
Deleted
G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)
Update failed
G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Detected with: Adware.Navexcel.A
G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Disinfection failed
G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Deleted
G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed
G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Detected with: Adware.Navexcel.A
G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Disinfection failed
G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Deleted
G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed
G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Detected with: Adware.Navexcel.A
G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Disinfection failed
G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Deleted
G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed
G:\Programmes\WarezP2P (first version downloaded).exe=>(NSIS o)=>lzma_nsis0006
Detected with: Application.Adware.NewDotNet.Dropper
G:\Programmes\WarezP2P (first version downloaded).exe=>(NSIS o)=>lzma_nsis0006
Deleted
G:\Programmes\WarezP2P (first version downloaded).exe=>(NSIS o)
Update failed
G:\Programmes\WarezP2P (v. 2.7).exe=>(NSIS o)=>lzma_nsis0030
Detected with: Application.Adware.NewDotNet.Dropper
G:\Programmes\WarezP2P (v. 2.7).exe=>(NSIS o)=>lzma_nsis0030
Deleted
G:\Programmes\WarezP2P (v. 2.7).exe=>(NSIS o)
Update failed
J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>(ZIP Sfx g)=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Infected with: Trojan.XEmu.A
J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>(ZIP Sfx g)=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Disinfection failed
J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>(ZIP Sfx g)=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Deleted
J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>(ZIP Sfx g)
Updated
J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip
Update failed
J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Infected with: Trojan.XEmu.A
J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Disinfection failed
J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Deleted
J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip
Updated
J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip
Updated-
Salut,
c'est sale! n'est ce pas ?!
Vides la quarantaine de ton anti-virus s'il reste encore quelque chose.
Puis fais ceci:
¤Telecharges et installes ceci, dans la colonne de gauche cliques sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs
CCleaner:
http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
¤Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis cliques sur "lancer le nettoyage"
Puis je te conseille de refaire vivement un nouveau scan avec Bitdefender ;-)
PS: fais le tri dans les fichiers que tu as telechargé sur Emule car tu as ramassé quelques salopries.
A++ ;-)
-
-
Désolé, j'ai dû m'absenter toute la fin de journée, mais je me mets tout de suite au boulot!!!
-
Re,
J'aimerai savoir s'il y a une alternative à BitDefender, car les fichiers Temp qu'il créer pendant le scan sont beaucoup trop lourd et du coup je manque d'espace sur le disque dur sur lequel est installé Windows, ce qui fait que l'ordi bug et je suis obligé de faire tout un tas de manip' pour effacer des fichiers afin que le scan puisse faire son petit travail...-
Salut,
Non, du moins j'pense pas Panda c'est pire :-/ essais celui là
http://www.secuser.com/outils/antivirus.htm
-
-
Salut!
J'ai fait un scan avec Secuser, et il n'a rien trouvé!!! -
'lut
Ou en sont tes soucis ?
- 1
- 2
Suivant
