Analyse navilog
vévé
-
veve -
veve -
Bonjour tout le monde,
j'ai plusieurs pbs sur mon pc :
Isass.exe dans les processus, que je dois fermer manuellemnt pour pouvoir me connecter à internet
accès à windows update impossible
scan adaware qui se bloque en cours de route..
j'ai fais un scan navilog ( ci-dessous )
des âmes charitables pour m'aider ?
merci d'avance.
Search Navipromo version 2.0.3 commencé le 28/06/2007 à 23:05:25,51
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\manue\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.
[+] Started on 06/28/07 at 23:05:28.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .........................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 06/28/07 at 23:09:51 (return code = 0).
*** Recherche fichiers ***
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
*** Analyse Terminé le 28/06/2007 à 23:11:51,35 ***
j'ai plusieurs pbs sur mon pc :
Isass.exe dans les processus, que je dois fermer manuellemnt pour pouvoir me connecter à internet
accès à windows update impossible
scan adaware qui se bloque en cours de route..
j'ai fais un scan navilog ( ci-dessous )
des âmes charitables pour m'aider ?
merci d'avance.
Search Navipromo version 2.0.3 commencé le 28/06/2007 à 23:05:25,51
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\manue\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.
[+] Started on 06/28/07 at 23:05:28.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .........................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 06/28/07 at 23:09:51 (return code = 0).
*** Recherche fichiers ***
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
*** Analyse Terminé le 28/06/2007 à 23:11:51,35 ***
A voir également:
- Analyse navilog
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Analyse et réparation disque dur externe - Guide
- Échec de l'analyse antivirus. ✓ - Forum Antivirus
5 réponses
Bonjour
Tu peux désinstaller Navilog rien à signaler !
Fais ceci pour vérifier
Télécharge HijackThis :
---> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe
Installe le dans son propre dossier :
- clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
Puis copie et colle ici le rapport qu'il va te générer.
Démo pour HijackThis si besoin :
http://pageperso.aol.fr/balltrap34/demohijack.htm
Tu peux désinstaller Navilog rien à signaler !
Fais ceci pour vérifier
Télécharge HijackThis :
---> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe
Installe le dans son propre dossier :
- clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
Puis copie et colle ici le rapport qu'il va te générer.
Démo pour HijackThis si besoin :
http://pageperso.aol.fr/balltrap34/demohijack.htm
merci boulepate
ci dessous rappor thijack
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:40:20, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\hjrevy.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\manue\Bureau\hi jac\abcde.exe
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\Isass.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S83.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\hjrevy.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Startup: Aide mémoire.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
ci dessous rappor thijack
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:40:20, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\hjrevy.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\manue\Bureau\hi jac\abcde.exe
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\Isass.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S83.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\hjrevy.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Startup: Aide mémoire.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Clic sur démarrer, rechercher, tous les fichiers et dosiers, cherche et supprime :
- hjrevy.exe
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
- hjrevy.exe
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
le scan bit defender est fait : ( j'ai mis le rapport du scan et le rapport que bit defender demande à envoyer à la fin du scan en ligne)
merci beaucoup pour ton aide mr boulepate
BitDefender Online Scanner - Real Time Virus Report
Generated at: Tue, Jul 03, 2007 - 08:04:45
Scan Info
Scanned Files
291252
Infected Files
19
Virus Detected
DeepScan:Generic.Sdbot.7D37E8D4
1
MemScan:Backdoor.Agent.YRG
1
Trojan.Downloader.Istbar.ER
2
Backdoor.PoeBot.IE
3
Trojan.Bagle.BK
1
Win32.Mixor.J@mm
1
Backdoor.Agent.YRG
1
Backdoor.IrcBot.HA
1
JS.Feebs.Gen
1
Exploit.Iframe.Vulnerability.B
2
MemScan:Adware.Winad.A
1
Trojan.Dropper.Small.Nm.Dam.2
4
BitDefender Online Scanner
Scan report generated at: Tue, Jul 03, 2007 - 03:25:17
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
04:43:44
Files
286175
Folders
4514
Boot Sectors
2
Archives
49605
Packed Files
7659
Results
Identified Viruses
12
Infected Files
19
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
19
Engines Info
Virus Definitions
636450
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 583)=>[Subject: organism prohibitively][Date: Sat, 1 Jul 2006 13:04:08 +0530]=>(MIME part)=>mail.zip=>msg.hta
Infected with: JS.Feebs.Gen
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 583)=>[Subject: organism prohibitively][Date: Sat, 1 Jul 2006 13:04:08 +0530]=>(MIME part)=>mail.zip=>msg.hta
Disinfection failed
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 583)=>[Subject: organism prohibitively][Date: Sat, 1 Jul 2006 13:04:08 +0530]=>(MIME part)=>mail.zip=>msg.hta
Deleted
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 583)=>[Subject: organism prohibitively][Date: Sat, 1 Jul 2006 13:04:08 +0530]=>(MIME part)=>mail.zip
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 583)=>[Subject: organism prohibitively][Date: Sat, 1 Jul 2006 13:04:08 +0530]=>(MIME part)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 583)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 1902)=>[Subject: Crazy way to say I Luv U][Date: Mon, 22 Jan 2007 17:02:48 +0200]=>(MIME part)=>greeting card.exe
Infected with: Win32.Mixor.J@mm
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 1902)=>[Subject: Crazy way to say I Luv U][Date: Mon, 22 Jan 2007 17:02:48 +0200]=>(MIME part)=>greeting card.exe
Disinfection failed
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 1902)=>[Subject: Crazy way to say I Luv U][Date: Mon, 22 Jan 2007 17:02:48 +0200]=>(MIME part)=>greeting card.exe
Deleted
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 1902)=>[Subject: Crazy way to say I Luv U][Date: Mon, 22 Jan 2007 17:02:48 +0200]=>(MIME part)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 1902)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 9)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Mon, 17 Jan 2005 11:37:52 +0100]=>(MIME part)=>(MIME part)=>(message body)
Infected with: Exploit.Iframe.Vulnerability.B
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 9)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Mon, 17 Jan 2005 11:37:52 +0100]=>(MIME part)=>(MIME part)=>(message body)
Disinfection failed
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 9)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Mon, 17 Jan 2005 11:37:52 +0100]=>(MIME part)=>(MIME part)=>(message body)
Deleted
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 9)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Mon, 17 Jan 2005 11:37:52 +0100]=>(MIME part)=>(MIME part)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 9)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Mon, 17 Jan 2005 11:37:52 +0100]=>(MIME part)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 9)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 26)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Fri, 21 Jan 2005 11:12:27 +0100]=>(MIME part)=>(MIME part)=>(message body)
Infected with: Exploit.Iframe.Vulnerability.B
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 26)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Fri, 21 Jan 2005 11:12:27 +0100]=>(MIME part)=>(MIME part)=>(message body)
Disinfection failed
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 26)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Fri, 21 Jan 2005 11:12:27 +0100]=>(MIME part)=>(MIME part)=>(message body)
Deleted
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 26)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Fri, 21 Jan 2005 11:12:27 +0100]=>(MIME part)=>(MIME part)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 26)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Fri, 21 Jan 2005 11:12:27 +0100]=>(MIME part)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 26)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 1404)=>[Subject: Josias][Date: Thu, 15 Dec 2005 10:32:05 -0600]=>(MIME part)=>Nathaniel.zip=>S3700020.exe
Infected with: Trojan.Bagle.BK
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 1404)=>[Subject: Josias][Date: Thu, 15 Dec 2005 10:32:05 -0600]=>(MIME part)=>Nathaniel.zip=>S3700020.exe
Disinfection failed
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 1404)=>[Subject: Josias][Date: Thu, 15 Dec 2005 10:32:05 -0600]=>(MIME part)=>Nathaniel.zip=>S3700020.exe
Deleted
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 1404)=>[Subject: Josias][Date: Thu, 15 Dec 2005 10:32:05 -0600]=>(MIME part)=>Nathaniel.zip
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 1404)=>[Subject: Josias][Date: Thu, 15 Dec 2005 10:32:05 -0600]=>(MIME part)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 1404)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox
Updated
C:\System Volume Information\_restore{1A72CD5B-C4DD-422F-BF7F-623F8D65D7BB}\RP5\A0007290.exe
Infected with: Backdoor.PoeBot.IE
C:\System Volume Information\_restore{1A72CD5B-C4DD-422F-BF7F-623F8D65D7BB}\RP5\A0007290.exe
Deleted
C:\t5r4e3w2q1.exe=>(ZIP Sfx o)=>YourSiteBar.exe
Infected with: Trojan.Downloader.Istbar.ER
C:\t5r4e3w2q1.exe=>(ZIP Sfx o)=>YourSiteBar.exe
Disinfection failed
C:\t5r4e3w2q1.exe=>(ZIP Sfx o)=>YourSiteBar.exe
Deleted
C:\t5r4e3w2q1.exe=>(ZIP Sfx o)
Updated
C:\t5r4e3w2q1.exe
Update failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic4.exe
Infected with: Trojan.Dropper.Small.Nm.Dam.2
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic4.exe
Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic4.exe
Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)
Updated
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>YourSiteBar.exe
Infected with: Trojan.Downloader.Istbar.ER
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>YourSiteBar.exe
Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>YourSiteBar.exe
Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)
Updated
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>Loudcash.exe
Infected with: MemScan:Adware.Winad.A
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>Loudcash.exe
Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>Loudcash.exe
Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)
Updated
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic1.exe
Infected with: Trojan.Dropper.Small.Nm.Dam.2
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic1.exe
Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic1.exe
Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)
Updated
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic2.exe
Infected with: Trojan.Dropper.Small.Nm.Dam.2
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic2.exe
Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic2.exe
Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)
Updated
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic3.exe
Infected with: Trojan.Dropper.Small.Nm.Dam.2
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic3.exe
Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic3.exe
Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)
Updated
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe
Update failed
C:\WINDOWS\system32\eyzorjvz.exe
Infected with: Backdoor.PoeBot.IE
C:\WINDOWS\system32\eyzorjvz.exe
Deleted
C:\WINDOWS\system32\hdng.exe
Infected with: Backdoor.IrcBot.HA
C:\WINDOWS\system32\hdng.exe
Disinfection failed
C:\WINDOWS\system32\hdng.exe
Deleted
C:\WINDOWS\system32\Isass.exe
Infected with: MemScan:Backdoor.Agent.YRG
C:\WINDOWS\system32\Isass.exe
Disinfection failed
C:\WINDOWS\system32\Isass.exe
Deleted
C:\WINDOWS\system32\kvmsrqn.exe
Infected with: Backdoor.PoeBot.IE
C:\WINDOWS\system32\kvmsrqn.exe
Deleted
C:\WINDOWS\system32\tnn.exe
Infected with: DeepScan:Generic.Sdbot.7D37E8D4
C:\WINDOWS\system32\tnn.exe
Disinfection failed
C:\WINDOWS\system32\tnn.exe
Deleted
C:\WINDOWS\system32\xlqrldn.exe
Infected with: Backdoor.Agent.YRG
C:\WINDOWS\system32\xlqrldn.exe
Disinfection failed
C:\WINDOWS\system32\xlqrldn.exe
Deleted
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
merci beaucoup pour ton aide mr boulepate
BitDefender Online Scanner - Real Time Virus Report
Generated at: Tue, Jul 03, 2007 - 08:04:45
Scan Info
Scanned Files
291252
Infected Files
19
Virus Detected
DeepScan:Generic.Sdbot.7D37E8D4
1
MemScan:Backdoor.Agent.YRG
1
Trojan.Downloader.Istbar.ER
2
Backdoor.PoeBot.IE
3
Trojan.Bagle.BK
1
Win32.Mixor.J@mm
1
Backdoor.Agent.YRG
1
Backdoor.IrcBot.HA
1
JS.Feebs.Gen
1
Exploit.Iframe.Vulnerability.B
2
MemScan:Adware.Winad.A
1
Trojan.Dropper.Small.Nm.Dam.2
4
BitDefender Online Scanner
Scan report generated at: Tue, Jul 03, 2007 - 03:25:17
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
04:43:44
Files
286175
Folders
4514
Boot Sectors
2
Archives
49605
Packed Files
7659
Results
Identified Viruses
12
Infected Files
19
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
19
Engines Info
Virus Definitions
636450
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 583)=>[Subject: organism prohibitively][Date: Sat, 1 Jul 2006 13:04:08 +0530]=>(MIME part)=>mail.zip=>msg.hta
Infected with: JS.Feebs.Gen
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 583)=>[Subject: organism prohibitively][Date: Sat, 1 Jul 2006 13:04:08 +0530]=>(MIME part)=>mail.zip=>msg.hta
Disinfection failed
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 583)=>[Subject: organism prohibitively][Date: Sat, 1 Jul 2006 13:04:08 +0530]=>(MIME part)=>mail.zip=>msg.hta
Deleted
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 583)=>[Subject: organism prohibitively][Date: Sat, 1 Jul 2006 13:04:08 +0530]=>(MIME part)=>mail.zip
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 583)=>[Subject: organism prohibitively][Date: Sat, 1 Jul 2006 13:04:08 +0530]=>(MIME part)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 583)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 1902)=>[Subject: Crazy way to say I Luv U][Date: Mon, 22 Jan 2007 17:02:48 +0200]=>(MIME part)=>greeting card.exe
Infected with: Win32.Mixor.J@mm
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 1902)=>[Subject: Crazy way to say I Luv U][Date: Mon, 22 Jan 2007 17:02:48 +0200]=>(MIME part)=>greeting card.exe
Disinfection failed
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 1902)=>[Subject: Crazy way to say I Luv U][Date: Mon, 22 Jan 2007 17:02:48 +0200]=>(MIME part)=>greeting card.exe
Deleted
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 1902)=>[Subject: Crazy way to say I Luv U][Date: Mon, 22 Jan 2007 17:02:48 +0200]=>(MIME part)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox=>(message 1902)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\kyqlr6pc.manue\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 9)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Mon, 17 Jan 2005 11:37:52 +0100]=>(MIME part)=>(MIME part)=>(message body)
Infected with: Exploit.Iframe.Vulnerability.B
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 9)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Mon, 17 Jan 2005 11:37:52 +0100]=>(MIME part)=>(MIME part)=>(message body)
Disinfection failed
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 9)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Mon, 17 Jan 2005 11:37:52 +0100]=>(MIME part)=>(MIME part)=>(message body)
Deleted
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 9)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Mon, 17 Jan 2005 11:37:52 +0100]=>(MIME part)=>(MIME part)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 9)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Mon, 17 Jan 2005 11:37:52 +0100]=>(MIME part)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 9)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 26)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Fri, 21 Jan 2005 11:12:27 +0100]=>(MIME part)=>(MIME part)=>(message body)
Infected with: Exploit.Iframe.Vulnerability.B
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 26)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Fri, 21 Jan 2005 11:12:27 +0100]=>(MIME part)=>(MIME part)=>(message body)
Disinfection failed
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 26)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Fri, 21 Jan 2005 11:12:27 +0100]=>(MIME part)=>(MIME part)=>(message body)
Deleted
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 26)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Fri, 21 Jan 2005 11:12:27 +0100]=>(MIME part)=>(MIME part)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 26)=>[Subject: Mail Delivery (failure tropee.herve@nu][Date: Fri, 21 Jan 2005 11:12:27 +0100]=>(MIME part)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 26)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 1404)=>[Subject: Josias][Date: Thu, 15 Dec 2005 10:32:05 -0600]=>(MIME part)=>Nathaniel.zip=>S3700020.exe
Infected with: Trojan.Bagle.BK
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 1404)=>[Subject: Josias][Date: Thu, 15 Dec 2005 10:32:05 -0600]=>(MIME part)=>Nathaniel.zip=>S3700020.exe
Disinfection failed
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 1404)=>[Subject: Josias][Date: Thu, 15 Dec 2005 10:32:05 -0600]=>(MIME part)=>Nathaniel.zip=>S3700020.exe
Deleted
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 1404)=>[Subject: Josias][Date: Thu, 15 Dec 2005 10:32:05 -0600]=>(MIME part)=>Nathaniel.zip
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 1404)=>[Subject: Josias][Date: Thu, 15 Dec 2005 10:32:05 -0600]=>(MIME part)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox=>(message 1404)
Updated
C:\Documents and Settings\manue\Application Data\Thunderbird\Profiles\qi51n4bo.default\Mail\Local Folders\Inbox
Updated
C:\System Volume Information\_restore{1A72CD5B-C4DD-422F-BF7F-623F8D65D7BB}\RP5\A0007290.exe
Infected with: Backdoor.PoeBot.IE
C:\System Volume Information\_restore{1A72CD5B-C4DD-422F-BF7F-623F8D65D7BB}\RP5\A0007290.exe
Deleted
C:\t5r4e3w2q1.exe=>(ZIP Sfx o)=>YourSiteBar.exe
Infected with: Trojan.Downloader.Istbar.ER
C:\t5r4e3w2q1.exe=>(ZIP Sfx o)=>YourSiteBar.exe
Disinfection failed
C:\t5r4e3w2q1.exe=>(ZIP Sfx o)=>YourSiteBar.exe
Deleted
C:\t5r4e3w2q1.exe=>(ZIP Sfx o)
Updated
C:\t5r4e3w2q1.exe
Update failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic4.exe
Infected with: Trojan.Dropper.Small.Nm.Dam.2
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic4.exe
Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic4.exe
Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)
Updated
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>YourSiteBar.exe
Infected with: Trojan.Downloader.Istbar.ER
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>YourSiteBar.exe
Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>YourSiteBar.exe
Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)
Updated
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>Loudcash.exe
Infected with: MemScan:Adware.Winad.A
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>Loudcash.exe
Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>Loudcash.exe
Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)
Updated
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic1.exe
Infected with: Trojan.Dropper.Small.Nm.Dam.2
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic1.exe
Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic1.exe
Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)
Updated
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic2.exe
Infected with: Trojan.Dropper.Small.Nm.Dam.2
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic2.exe
Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic2.exe
Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)
Updated
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic3.exe
Infected with: Trojan.Dropper.Small.Nm.Dam.2
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic3.exe
Disinfection failed
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)=>SimpleTraffic3.exe
Deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe=>(ZIP Sfx o)
Updated
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AJ81QR\Executable[1].exe
Update failed
C:\WINDOWS\system32\eyzorjvz.exe
Infected with: Backdoor.PoeBot.IE
C:\WINDOWS\system32\eyzorjvz.exe
Deleted
C:\WINDOWS\system32\hdng.exe
Infected with: Backdoor.IrcBot.HA
C:\WINDOWS\system32\hdng.exe
Disinfection failed
C:\WINDOWS\system32\hdng.exe
Deleted
C:\WINDOWS\system32\Isass.exe
Infected with: MemScan:Backdoor.Agent.YRG
C:\WINDOWS\system32\Isass.exe
Disinfection failed
C:\WINDOWS\system32\Isass.exe
Deleted
C:\WINDOWS\system32\kvmsrqn.exe
Infected with: Backdoor.PoeBot.IE
C:\WINDOWS\system32\kvmsrqn.exe
Deleted
C:\WINDOWS\system32\tnn.exe
Infected with: DeepScan:Generic.Sdbot.7D37E8D4
C:\WINDOWS\system32\tnn.exe
Disinfection failed
C:\WINDOWS\system32\tnn.exe
Deleted
C:\WINDOWS\system32\xlqrldn.exe
Infected with: Backdoor.Agent.YRG
C:\WINDOWS\system32\xlqrldn.exe
Disinfection failed
C:\WINDOWS\system32\xlqrldn.exe
Deleted
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour
Attention aux mails que tu ouvres, ils ne contiennent pas de belles choses.
Je te conseille de vider Thunderbird de tous les messages qu'il contient.
¤ Télécharge et installe AVG anti-spyware : mets le à jour
Tu fais un scan complet de ton système, dès qu'il a fini.
Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp
Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gsel
ET
¤ Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe Kerio pour plus de sécurité
Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gbom
Plus d'info :
-> https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
;-)
Attention aux mails que tu ouvres, ils ne contiennent pas de belles choses.
Je te conseille de vider Thunderbird de tous les messages qu'il contient.
¤ Télécharge et installe AVG anti-spyware : mets le à jour
Tu fais un scan complet de ton système, dès qu'il a fini.
Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp
Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gsel
ET
¤ Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe Kerio pour plus de sécurité
Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gbom
Plus d'info :
-> https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
;-)
bonjour,
ci dessous le rapport. j'avais fait un premier scan interrompu avant la fin, ou j'ai dézingué plus de 120 bestioles indésirables, mais sans faire de scan..
à plus
+ Créé à: 23:34:45 10/07/2007
+ Résultat de l'analyse:
C:\System Volume Information\_restore{1A72CD5B-C4DD-422F-BF7F-623F8D65D7BB}\RP5\A0007302.exe -> Backdoor.EggDrop.v : Nettoyé.
C:\WINDOWS\system32\yzlr.exe -> Backdoor.IRCBot.ace : Nettoyé.
C:\System Volume Information\_restore{1A72CD5B-C4DD-422F-BF7F-623F8D65D7BB}\RP5\A0007304.exe -> Backdoor.SdBot.bhk : Nettoyé.
:mozilla.13:C:\Documents and Settings\manue\Application Data\Mozilla\Firefox\Profiles\kr011xf8.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\manue\Cookies\manue@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.31:C:\Documents and Settings\manue\Application Data\Mozilla\Firefox\Profiles\kr011xf8.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\manue\Cookies\manue@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.7:C:\Documents and Settings\manue\Application Data\Mozilla\Firefox\Profiles\kr011xf8.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
Fin du rapport
ci dessous le rapport. j'avais fait un premier scan interrompu avant la fin, ou j'ai dézingué plus de 120 bestioles indésirables, mais sans faire de scan..
à plus
+ Créé à: 23:34:45 10/07/2007
+ Résultat de l'analyse:
C:\System Volume Information\_restore{1A72CD5B-C4DD-422F-BF7F-623F8D65D7BB}\RP5\A0007302.exe -> Backdoor.EggDrop.v : Nettoyé.
C:\WINDOWS\system32\yzlr.exe -> Backdoor.IRCBot.ace : Nettoyé.
C:\System Volume Information\_restore{1A72CD5B-C4DD-422F-BF7F-623F8D65D7BB}\RP5\A0007304.exe -> Backdoor.SdBot.bhk : Nettoyé.
:mozilla.13:C:\Documents and Settings\manue\Application Data\Mozilla\Firefox\Profiles\kr011xf8.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\manue\Cookies\manue@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.31:C:\Documents and Settings\manue\Application Data\Mozilla\Firefox\Profiles\kr011xf8.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\manue\Cookies\manue@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.7:C:\Documents and Settings\manue\Application Data\Mozilla\Firefox\Profiles\kr011xf8.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
Fin du rapport
