[virus] highjackthis
Martiniquais
-
Séb08 Messages postés 18169 Date d'inscription Statut Contributeur Dernière intervention -
Séb08 Messages postés 18169 Date d'inscription Statut Contributeur Dernière intervention -
Voila j'ai des soucis avec deux virus et je pense plusieurs programme je ne peux lire les streamings en plus si une personne pouvez m'aidez dans la galère ou je me suis installé lol merci pour tous ceux qui pourrons m'aidez!Voila mon rapport bitdefender et highjackthis
Options d'analyse
Détection
[X] Analyser le secteur de boot
[X] Analyser les archives
[X] Analyser les fichiers en paquets
[X] Analyser la messagerie
Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;
Action
Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Copier
[ ] Déplacer dans le dossier infectés
[ ] Renommer
[ ] Demander l'action
Seconde action
[ ] Ignorer
[ ] Effacer
[ ] Copier
[X] Déplacer dans le dossier infectés
[ ] Renommer
[ ] Demander l'action
Options d'analyse
[X] Activer les alertes
[X] Activer l'heuristique
[ ] Afficher tous les fichiers dans le journal
[X] Fichier journal : I:\Program Files\Softwin\BitDefender9\Logs\vscan_1157457341.log
Options d'analyse Spyware
[X] Processus mémoire
[X] Clés de registres
[X] Cookies
Sommaire :
I:\Documents and Settings\MAXIME\Menu Démarrer\Programmes\eChanblard\Patcher WinXP SP2.lnk=>K:\Logiciels\eChanblard\EvID4226Patch.exe Infecté avec: Backdoor.Virkel.A
I:\Documents and Settings\MAXIME\Menu Démarrer\Programmes\eChanblard\Patcher WinXP SP2.lnk=>K:\Logiciels\eChanblard\EvID4226Patch.exe Désinfection impossible
I:\Documents and Settings\MAXIME\Menu Démarrer\Programmes\eChanblard\Patcher WinXP SP2.lnk=>K:\Logiciels\eChanblard\EvID4226Patch.exe Déplacement impossible
Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 21:14:30, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\Program Files\Conversions Plus\FORMATM.EXE
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Program Files\Spyware Doctor\sdhelp.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
I:\Program Files\Softwin\BitDefender9\vsserv.exe
I:\WINDOWS\System32\alg.exe
I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
I:\WINDOWS\VM_STI.EXE
I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
I:\Program Files\Winamp\winampa.exe
I:\WINDOWS\system32\rundll32.exe
I:\WINDOWS\system32\ctfmon.exe
I:\program files\valve\steam\steam.exe
I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
I:\Program Files\Spyware Doctor\swdoctor.exe
I:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
I:\Program Files\Philips\SPC 200NC PC Camera\TrayMin.exe
I:\WINDOWS\explorer.exe
I:\Program Files\Windows Media Player\wmplayer.exe
I:\PROGRA~1\MOZILL~1\FIREFOX.EXE
I:\WINDOWS\notepad.exe
I:\Documents and Settings\MAXIME\Bureau\Général\Applications\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - I:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] I:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDNewsAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [a-squared] "I:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "i:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "I:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = I:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAID Manager.lnk = ?
O4 - Global Startup: TrayMin.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "I:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MacFormatService - Unknown owner - I:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - I:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - I:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - I:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Merci pour l'aide que vous pourrez m'apporter
Options d'analyse
Détection
[X] Analyser le secteur de boot
[X] Analyser les archives
[X] Analyser les fichiers en paquets
[X] Analyser la messagerie
Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;
Action
Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Copier
[ ] Déplacer dans le dossier infectés
[ ] Renommer
[ ] Demander l'action
Seconde action
[ ] Ignorer
[ ] Effacer
[ ] Copier
[X] Déplacer dans le dossier infectés
[ ] Renommer
[ ] Demander l'action
Options d'analyse
[X] Activer les alertes
[X] Activer l'heuristique
[ ] Afficher tous les fichiers dans le journal
[X] Fichier journal : I:\Program Files\Softwin\BitDefender9\Logs\vscan_1157457341.log
Options d'analyse Spyware
[X] Processus mémoire
[X] Clés de registres
[X] Cookies
Sommaire :
I:\Documents and Settings\MAXIME\Menu Démarrer\Programmes\eChanblard\Patcher WinXP SP2.lnk=>K:\Logiciels\eChanblard\EvID4226Patch.exe Infecté avec: Backdoor.Virkel.A
I:\Documents and Settings\MAXIME\Menu Démarrer\Programmes\eChanblard\Patcher WinXP SP2.lnk=>K:\Logiciels\eChanblard\EvID4226Patch.exe Désinfection impossible
I:\Documents and Settings\MAXIME\Menu Démarrer\Programmes\eChanblard\Patcher WinXP SP2.lnk=>K:\Logiciels\eChanblard\EvID4226Patch.exe Déplacement impossible
Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 21:14:30, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\Program Files\Conversions Plus\FORMATM.EXE
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Program Files\Spyware Doctor\sdhelp.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
I:\Program Files\Softwin\BitDefender9\vsserv.exe
I:\WINDOWS\System32\alg.exe
I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
I:\WINDOWS\VM_STI.EXE
I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
I:\Program Files\Winamp\winampa.exe
I:\WINDOWS\system32\rundll32.exe
I:\WINDOWS\system32\ctfmon.exe
I:\program files\valve\steam\steam.exe
I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
I:\Program Files\Spyware Doctor\swdoctor.exe
I:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
I:\Program Files\Philips\SPC 200NC PC Camera\TrayMin.exe
I:\WINDOWS\explorer.exe
I:\Program Files\Windows Media Player\wmplayer.exe
I:\PROGRA~1\MOZILL~1\FIREFOX.EXE
I:\WINDOWS\notepad.exe
I:\Documents and Settings\MAXIME\Bureau\Général\Applications\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - I:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] I:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDNewsAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [a-squared] "I:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "i:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "I:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = I:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAID Manager.lnk = ?
O4 - Global Startup: TrayMin.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "I:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MacFormatService - Unknown owner - I:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - I:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - I:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - I:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Merci pour l'aide que vous pourrez m'apporter
A voir également:
- [virus] highjackthis
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
13 réponses
Salut,
supprime ces fichiers:
K:\Logiciels\eChanblard\EvID4226Patch.exe
Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système et colle le rapport ici avec un nouveau rapport hijackthis
Ewido: (reste gratuit après la période d'essai)
Télécharger Ewido Security Suite
supprime ces fichiers:
K:\Logiciels\eChanblard\EvID4226Patch.exe
Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système et colle le rapport ici avec un nouveau rapport hijackthis
Ewido: (reste gratuit après la période d'essai)
Télécharger Ewido Security Suite
ok je le fais et je reviens mais je n'arrive pas a supprimer le fichier dont tu me parle il me dit impossible de lire ...... en tout cas je reviens et merci pour ton aide a toute de suite
il faut que tu le supprime en mode sans echec alors s'il fait de la resistance
Si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui-ci tapote la touche f8, à l'écran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers qui persistaient, vides ta corbeille et redemarres normalement
Si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui-ci tapote la touche f8, à l'écran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers qui persistaient, vides ta corbeille et redemarres normalement
slt martiniquais,
Evite de claquer plusieurs messages sous des pseudos différents...
Merci
Au passage slt Boule ! ;-)
Evite de claquer plusieurs messages sous des pseudos différents...
Merci
Au passage slt Boule ! ;-)
https://www.cjoint.com/?jgklvu5lfQ
je suis plutot du genre :
http://www.ktm.info/img/SebastianKrywult1.jpg
A+ ;-))
je suis plutot du genre :
http://www.ktm.info/img/SebastianKrywult1.jpg
A+ ;-))
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
donc voila le résultat après le fichier supprimé
Logfile of HijackThis v1.99.1
Scan saved at 01:12:14, on 06/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\ewido anti-spyware 4.0\guard.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\Program Files\Conversions Plus\FORMATM.EXE
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Program Files\Spyware Doctor\sdhelp.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
I:\Program Files\Softwin\BitDefender9\vsserv.exe
I:\WINDOWS\System32\alg.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
I:\WINDOWS\VM_STI.EXE
I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
I:\Program Files\Winamp\winampa.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\a-squared Anti-Malware\a2guard.exe
I:\Program Files\ewido anti-spyware 4.0\ewido.exe
I:\WINDOWS\system32\ctfmon.exe
I:\program files\valve\steam\steam.exe
I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
I:\Program Files\Spyware Doctor\swdoctor.exe
I:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
I:\Program Files\Philips\SPC 200NC PC Camera\TrayMin.exe
I:\PROGRA~1\MOZILL~1\FIREFOX.EXE
I:\Documents and Settings\MAXIME\Bureau\Général\Applications\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - I:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] I:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDNewsAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [a-squared] "I:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "i:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "I:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = I:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAID Manager.lnk = ?
O4 - Global Startup: TrayMin.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "I:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - I:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MacFormatService - Unknown owner - I:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - I:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - I:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - I:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
et ewido
-------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 00:38:05 06/09/2006
+ Scan result:
HKU\S-1-5-21-682003330-1078081533-2147153767-1004\Software\Prodiff\rmxnavigator\shopping\\sh163 -> Adware.Locators : No action taken.
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : No action taken.
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : No action taken.
HKLM\SOFTWARE\WhenUSave\Partners\OSST -> Adware.SaveNow : No action taken.
I:\Program Files\Save -> Adware.SaveNow : No action taken.
I:\Program Files\Save\ACM.dll -> Adware.SaveNow : No action taken.
I:\Program Files\Save\Save.exe -> Adware.SaveNow : No action taken.
I:\Program Files\Save\SaveUninst.exe -> Adware.SaveNow : No action taken.
I:\Program Files\Save\ffext.mod -> Adware.SaveNow : No action taken.
I:\Program Files\Save\save.htm -> Adware.SaveNow : No action taken.
:mozilla.10:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.11:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.12:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.13:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.14:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.8:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.9:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.82:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.83:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
I:\Documents and Settings\MAXIME\Cookies\maxime@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.30:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.19:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.20:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.21:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.22:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.61:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.31:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.32:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.33:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.34:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
I:\Documents and Settings\MAXIME\Cookies\maxime@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
::Report end
alors ça donne quoi?merci
Logfile of HijackThis v1.99.1
Scan saved at 01:12:14, on 06/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\ewido anti-spyware 4.0\guard.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\Program Files\Conversions Plus\FORMATM.EXE
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Program Files\Spyware Doctor\sdhelp.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
I:\Program Files\Softwin\BitDefender9\vsserv.exe
I:\WINDOWS\System32\alg.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
I:\WINDOWS\VM_STI.EXE
I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
I:\Program Files\Winamp\winampa.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\a-squared Anti-Malware\a2guard.exe
I:\Program Files\ewido anti-spyware 4.0\ewido.exe
I:\WINDOWS\system32\ctfmon.exe
I:\program files\valve\steam\steam.exe
I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
I:\Program Files\Spyware Doctor\swdoctor.exe
I:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
I:\Program Files\Philips\SPC 200NC PC Camera\TrayMin.exe
I:\PROGRA~1\MOZILL~1\FIREFOX.EXE
I:\Documents and Settings\MAXIME\Bureau\Général\Applications\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - I:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] I:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDNewsAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [a-squared] "I:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "i:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "I:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = I:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAID Manager.lnk = ?
O4 - Global Startup: TrayMin.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "I:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - I:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MacFormatService - Unknown owner - I:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - I:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - I:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - I:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
et ewido
-------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 00:38:05 06/09/2006
+ Scan result:
HKU\S-1-5-21-682003330-1078081533-2147153767-1004\Software\Prodiff\rmxnavigator\shopping\\sh163 -> Adware.Locators : No action taken.
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : No action taken.
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : No action taken.
HKLM\SOFTWARE\WhenUSave\Partners\OSST -> Adware.SaveNow : No action taken.
I:\Program Files\Save -> Adware.SaveNow : No action taken.
I:\Program Files\Save\ACM.dll -> Adware.SaveNow : No action taken.
I:\Program Files\Save\Save.exe -> Adware.SaveNow : No action taken.
I:\Program Files\Save\SaveUninst.exe -> Adware.SaveNow : No action taken.
I:\Program Files\Save\ffext.mod -> Adware.SaveNow : No action taken.
I:\Program Files\Save\save.htm -> Adware.SaveNow : No action taken.
:mozilla.10:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.11:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.12:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.13:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.14:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.8:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.9:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.82:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.83:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
I:\Documents and Settings\MAXIME\Cookies\maxime@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.30:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.19:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.20:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.21:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.22:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.61:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.31:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.32:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.33:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.34:I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
I:\Documents and Settings\MAXIME\Cookies\maxime@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
::Report end
alors ça donne quoi?merci
obn va faire un peu le nettoyage, rien ne sera supprimé sauf si indiqué
---
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - I:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] I:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [a-squared] "I:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "I:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = I:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAID Manager.lnk = ?
O4 - Global Startup: TrayMin.lnk = ?
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - I:\Program Files\Spyware Doctor\sdhelp.exe
Clic sur demarrer, executer, tape: services.msc ,cherche dans la liste ces lignes et regle les sur "désactivé"
PC Tools Spyware Doctor
France Telecom Routing Table Service <inutile pas de soucis
Redemarre en mode sans echec et désinstalle ce programme:
Spyware Doctor
Refais un scan avec Ewido et supprime tout!
Fais ce nettoyage: (à faire réguliérement)
¤Telecharges et installes ceci:
CCleaner:
Ccleaner
dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes
¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
---
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - I:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] I:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [a-squared] "I:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "I:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = I:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAID Manager.lnk = ?
O4 - Global Startup: TrayMin.lnk = ?
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - I:\Program Files\Spyware Doctor\sdhelp.exe
Clic sur demarrer, executer, tape: services.msc ,cherche dans la liste ces lignes et regle les sur "désactivé"
PC Tools Spyware Doctor
France Telecom Routing Table Service <inutile pas de soucis
Redemarre en mode sans echec et désinstalle ce programme:
Spyware Doctor
Refais un scan avec Ewido et supprime tout!
Fais ce nettoyage: (à faire réguliérement)
¤Telecharges et installes ceci:
CCleaner:
Ccleaner
dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes
¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
qu'en penses-tu?
Logfile of HijackThis v1.99.1
Scan saved at 03:01:10, on 06/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Conversions Plus\FORMATM.EXE
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
I:\Program Files\Softwin\BitDefender9\vsserv.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
I:\WINDOWS\system32\rundll32.exe
I:\program files\valve\steam\steam.exe
I:\PROGRA~1\MOZILL~1\FIREFOX.EXE
I:\Documents and Settings\MAXIME\Bureau\Général\Applications\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BDNewsAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Steam] "i:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "I:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - I:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MacFormatService - Unknown owner - I:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - I:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - I:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
merci
Logfile of HijackThis v1.99.1
Scan saved at 03:01:10, on 06/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Conversions Plus\FORMATM.EXE
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
I:\Program Files\Softwin\BitDefender9\vsserv.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
I:\WINDOWS\system32\rundll32.exe
I:\program files\valve\steam\steam.exe
I:\PROGRA~1\MOZILL~1\FIREFOX.EXE
I:\Documents and Settings\MAXIME\Bureau\Général\Applications\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BDNewsAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Steam] "i:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "I:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - I:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MacFormatService - Unknown owner - I:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - I:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - I:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
merci
ça semble correct :-)
fais ceci pour verifier et ça devrait être ok
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
_Online Scanner
_Kaspersky Online Scanner
_My Computer
https://www.kaspersky.fr/downloads
A++
fais ceci pour verifier et ça devrait être ok
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
_Online Scanner
_Kaspersky Online Scanner
_My Computer
https://www.kaspersky.fr/downloads
A++
ton lien m'envois pour scanner juste un fichier et quand j'essai le scan intégrale une fenetre s'ouvre avec a la fin accept ou decline mais qd je clique sur accept rien et pourtant pas de popup
Wednesday, September 06, 2006 7:26:35 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/09/2006
Kaspersky Anti-Virus database records: 208395
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
Scan Statistics
Total number of scanned objects 72510
Number of viruses found 1
Number of infected objects 1 / 0
Number of suspicious objects 0
Duration of the scan process 00:40:54
Infected Object Name Virus Name Last Action
I:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
I:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
I:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
I:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
I:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
I:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
I:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\history.dat Object is locked skipped
I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\parent.lock Object is locked skipped
I:\Documents and Settings\MAXIME\Cookies\index.dat Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\Cache\_CACHE_001_ Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\Cache\_CACHE_002_ Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\Cache\_CACHE_003_ Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\Cache\_CACHE_MAP_ Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Historique\History.IE5\MSHist012006090620060907\index.dat Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Temp\Perflib_Perfdata_988.dat Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
I:\Documents and Settings\MAXIME\ntuser.dat Object is locked skipped
I:\Documents and Settings\MAXIME\ntuser.dat.LOG Object is locked skipped
I:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
I:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
I:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
I:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
I:\Program Files\Softwin\BitDefender9\asdict.dat Object is locked skipped
I:\Program Files\Softwin\BitDefender9\aspdict.dat Object is locked skipped
I:\Program Files\Valve\Steam\Steam.log Object is locked skipped
I:\Program Files\Valve\Steam\SteamApps\winui.gcf Object is locked skipped
I:\Program Files\Valve\Steam\SteamLogs\SteamStats.log Object is locked skipped
I:\Program Files\WinRAR\WinRAR.exe Infected: Trojan-Spy.Win32.Lydra.be skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\System Volume Information\_restore{1E7E6B6F-5175-44DB-B4B5-56759FE99E15}\RP277\A0098004.exe Object is locked skipped
I:\System Volume Information\_restore{1E7E6B6F-5175-44DB-B4B5-56759FE99E15}\RP277\change.log Object is locked skipped
I:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
I:\WINDOWS\SchedLgU.Txt Object is locked skipped
I:\WINDOWS\SoftwareDistribution\EventCache\{CA1567A7-D886-49BC-A752-C2AD0D71CFBD}.bin Object is locked skipped
I:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
I:\WINDOWS\Sti_Trace.log Object is locked skipped
I:\WINDOWS\system32\0098B728_kds.xml Object is locked skipped
I:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
I:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
I:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
I:\WINDOWS\system32\config\default Object is locked skipped
I:\WINDOWS\system32\config\default.LOG Object is locked skipped
I:\WINDOWS\system32\config\SAM Object is locked skipped
I:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
I:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
I:\WINDOWS\system32\config\SECURITY Object is locked skipped
I:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
I:\WINDOWS\system32\config\software Object is locked skipped
I:\WINDOWS\system32\config\software.LOG Object is locked skipped
I:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
I:\WINDOWS\system32\config\system Object is locked skipped
I:\WINDOWS\system32\config\system.LOG Object is locked skipped
I:\WINDOWS\system32\h323log.txt Object is locked skipped
I:\WINDOWS\system32\service.exe Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
I:\WINDOWS\Temp\tmp00002b3e\tmp00000000 Object is locked skipped
I:\WINDOWS\wiadebug.log Object is locked skipped
I:\WINDOWS\wiaservc.log Object is locked skipped
I:\WINDOWS\WindowsUpdate.log Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\_restore{1E7E6B6F-5175-44DB-B4B5-56759FE99E15}\RP277\change.log Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{1E7E6B6F-5175-44DB-B4B5-56759FE99E15}\RP277\A0097861.exe Object is locked skipped
K:\System Volume Information\_restore{1E7E6B6F-5175-44DB-B4B5-56759FE99E15}\RP277\change.log Object is locked skipped
Scan process completed. et voila alors depuis bitdefender m'a parler de win 32....,behaves.....et ....virkelA
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/09/2006
Kaspersky Anti-Virus database records: 208395
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
Scan Statistics
Total number of scanned objects 72510
Number of viruses found 1
Number of infected objects 1 / 0
Number of suspicious objects 0
Duration of the scan process 00:40:54
Infected Object Name Virus Name Last Action
I:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
I:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
I:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
I:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
I:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
I:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
I:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\history.dat Object is locked skipped
I:\Documents and Settings\MAXIME\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\parent.lock Object is locked skipped
I:\Documents and Settings\MAXIME\Cookies\index.dat Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\Cache\_CACHE_001_ Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\Cache\_CACHE_002_ Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\Cache\_CACHE_003_ Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Application Data\Mozilla\Firefox\Profiles\2oxx5by3.default\Cache\_CACHE_MAP_ Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Historique\History.IE5\MSHist012006090620060907\index.dat Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Temp\Perflib_Perfdata_988.dat Object is locked skipped
I:\Documents and Settings\MAXIME\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
I:\Documents and Settings\MAXIME\ntuser.dat Object is locked skipped
I:\Documents and Settings\MAXIME\ntuser.dat.LOG Object is locked skipped
I:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
I:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
I:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
I:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
I:\Program Files\Softwin\BitDefender9\asdict.dat Object is locked skipped
I:\Program Files\Softwin\BitDefender9\aspdict.dat Object is locked skipped
I:\Program Files\Valve\Steam\Steam.log Object is locked skipped
I:\Program Files\Valve\Steam\SteamApps\winui.gcf Object is locked skipped
I:\Program Files\Valve\Steam\SteamLogs\SteamStats.log Object is locked skipped
I:\Program Files\WinRAR\WinRAR.exe Infected: Trojan-Spy.Win32.Lydra.be skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\System Volume Information\_restore{1E7E6B6F-5175-44DB-B4B5-56759FE99E15}\RP277\A0098004.exe Object is locked skipped
I:\System Volume Information\_restore{1E7E6B6F-5175-44DB-B4B5-56759FE99E15}\RP277\change.log Object is locked skipped
I:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
I:\WINDOWS\SchedLgU.Txt Object is locked skipped
I:\WINDOWS\SoftwareDistribution\EventCache\{CA1567A7-D886-49BC-A752-C2AD0D71CFBD}.bin Object is locked skipped
I:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
I:\WINDOWS\Sti_Trace.log Object is locked skipped
I:\WINDOWS\system32\0098B728_kds.xml Object is locked skipped
I:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
I:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
I:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
I:\WINDOWS\system32\config\default Object is locked skipped
I:\WINDOWS\system32\config\default.LOG Object is locked skipped
I:\WINDOWS\system32\config\SAM Object is locked skipped
I:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
I:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
I:\WINDOWS\system32\config\SECURITY Object is locked skipped
I:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
I:\WINDOWS\system32\config\software Object is locked skipped
I:\WINDOWS\system32\config\software.LOG Object is locked skipped
I:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
I:\WINDOWS\system32\config\system Object is locked skipped
I:\WINDOWS\system32\config\system.LOG Object is locked skipped
I:\WINDOWS\system32\h323log.txt Object is locked skipped
I:\WINDOWS\system32\service.exe Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
I:\WINDOWS\Temp\tmp00002b3e\tmp00000000 Object is locked skipped
I:\WINDOWS\wiadebug.log Object is locked skipped
I:\WINDOWS\wiaservc.log Object is locked skipped
I:\WINDOWS\WindowsUpdate.log Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\_restore{1E7E6B6F-5175-44DB-B4B5-56759FE99E15}\RP277\change.log Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{1E7E6B6F-5175-44DB-B4B5-56759FE99E15}\RP277\A0097861.exe Object is locked skipped
K:\System Volume Information\_restore{1E7E6B6F-5175-44DB-B4B5-56759FE99E15}\RP277\change.log Object is locked skipped
Scan process completed. et voila alors depuis bitdefender m'a parler de win 32....,behaves.....et ....virkelA
Fais ça sur chacunes de tes partitions:
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du systeme"
¤ coches la case "desactiver la Restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ decoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créer si un jour tu décides tu pourra revenir en arriere à la date que tu l'as créer donc à ce jour; en fesant la marche arriére tu pourra remettre ton ordinateur à la date ou l'on à créer ce point de restauration mais tu perdra les modifications que tu aura faites entre deux.
dis moi l'endroit exacte ou se trouve les fichiers que Bitdefender à trouvé
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du systeme"
¤ coches la case "desactiver la Restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ decoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créer si un jour tu décides tu pourra revenir en arriere à la date que tu l'as créer donc à ce jour; en fesant la marche arriére tu pourra remettre ton ordinateur à la date ou l'on à créer ce point de restauration mais tu perdra les modifications que tu aura faites entre deux.
dis moi l'endroit exacte ou se trouve les fichiers que Bitdefender à trouvé
I/windows/system32/system.exe(Behavesleike....)
Merci au fait j'ai déja essayer de l'enlever en mode sans echec
Merci au fait j'ai déja essayer de l'enlever en mode sans echec
ok, fait ça alors:
Désactive la restauration du sytème de toutes tes partitions!
Telecharges Killbox:
https://www.generation-nt.com/killbox-telechargement-25430.html
Doubles clique sur killbox.exe (Pocket Killbox)
- coches: delete on reboot
dans la barre vide entre ceci: (exactement)
I:\WINDOWS\system32\system.exe
- cliques sur la croix rouge
- une fenetre va apparaitre pour confirmation cliques sur YES
- une seconde fenetre te demande si tu veux redemarrer cliques sur YES
Laisses le pc redemarrer, s'il ne redemarre pas de lui même fait le puis mets un nouveau rapport HijackThis une fois qu'il aura redemarer
Désactive la restauration du sytème de toutes tes partitions!
Telecharges Killbox:
https://www.generation-nt.com/killbox-telechargement-25430.html
Doubles clique sur killbox.exe (Pocket Killbox)
- coches: delete on reboot
dans la barre vide entre ceci: (exactement)
I:\WINDOWS\system32\system.exe
- cliques sur la croix rouge
- une fenetre va apparaitre pour confirmation cliques sur YES
- une seconde fenetre te demande si tu veux redemarrer cliques sur YES
Laisses le pc redemarrer, s'il ne redemarre pas de lui même fait le puis mets un nouveau rapport HijackThis une fois qu'il aura redemarer
merci j'ai réussi a le supprimer et voila mon rapport
Logfile of HijackThis v1.99.1
Scan saved at 16:56:09, on 07/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\ewido anti-spyware 4.0\guard.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\Program Files\Conversions Plus\FORMATM.EXE
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
I:\Program Files\Softwin\BitDefender9\vsserv.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
I:\program files\valve\steam\steam.exe
I:\WINDOWS\system32\wuauclt.exe
I:\PROGRA~1\MOZILL~1\FIREFOX.EXE
I:\Documents and Settings\MAXIME\Bureau\Général\Applications\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BDNewsAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Steam] "i:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "I:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - I:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MacFormatService - Unknown owner - I:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - I:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - I:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
alors ça donne quoi au fait merci
Logfile of HijackThis v1.99.1
Scan saved at 16:56:09, on 07/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\ewido anti-spyware 4.0\guard.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\Program Files\Conversions Plus\FORMATM.EXE
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
I:\Program Files\Softwin\BitDefender9\vsserv.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
I:\program files\valve\steam\steam.exe
I:\WINDOWS\system32\wuauclt.exe
I:\PROGRA~1\MOZILL~1\FIREFOX.EXE
I:\Documents and Settings\MAXIME\Bureau\Général\Applications\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BDNewsAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] I:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "I:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Steam] "i:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "I:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - I:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MacFormatService - Unknown owner - I:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - I:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - I:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - I:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
alors ça donne quoi au fait merci
Relance hijack clique sur "do a scan only" coche cette ligne :
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
Ensuite fais ceci :
Clique sur "démarrer" => executer =>tape services.msc double clic sur ce service :
France Telecom Routing Table Service et met le sur "désactivé" et "arrêté".
Puis recherche et supprimes ce fichier (en gras) :
I:\WINDOWS\System32\FTRTSVC.exe
Dis nous ou en sont tes probs s'il t'en reste .
A+
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
Ensuite fais ceci :
Clique sur "démarrer" => executer =>tape services.msc double clic sur ce service :
France Telecom Routing Table Service et met le sur "désactivé" et "arrêté".
Puis recherche et supprimes ce fichier (en gras) :
I:\WINDOWS\System32\FTRTSVC.exe
Dis nous ou en sont tes probs s'il t'en reste .
A+
