Ordinateur presumé infecté... help needed

Résolu
Les Patrons -  
tribun Messages postés 64900 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
J'ai plein de bugs sur mon ordi, que je soupçonne d'être très fortement infecté.
J'ai lu qu'il serait preferable que je vous colle le rapport de hijack this afin que vous puissiez m'aider...

Je vous remercie par avance et voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:21:17, on 05/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Domino.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\Archivos de programa\NTR global\NTRconnect\NTRconnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\ARCHIV~1\COMMON~1\X10\Common\x10nets.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Eset\nod32.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Windows Media Player\wmplayer.exe
C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Archivos de programa\WinRAR\WinRAR.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=SP&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=7&key=MED
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzim029YYES
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/21.13/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://youandherbalife.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-es.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by129fd.bay129.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004C71D.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Unknown owner - C:\Archivos de programa\iPod\bin\iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NTRconnect (ntrconnect) - Net Transmit & Receive - C:\Archivos de programa\NTR global\NTRconnect\NTRconnect.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Archivos de programa\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\ARCHIV~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9202 bytes
Configuration: Windows XP
Firefox 2.0.0.9

5 réponses

  1. DarkRodWarrior Messages postés 1947 Statut Membre 91
     
    Salut

    Et que raconte Nod32 ?
    0
  2. Cesel45 Messages postés 13762 Date d'inscription   Statut Contributeur Dernière intervention   2 845
     
    Bonjour
    As-tu cherché une solution à tes problèmes
    Si non = regarde dans ce lien
    Et je pense que ton POST Hijackthis sera plus propre.
    A+

    http://www.commentcamarche.net/faq/sujet 3174 virus m thode pr liminaire de d sinfection version fr
    0
  3. Utilisateur anonyme
     
    Salut,

    fix :
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzim029YYES
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-es.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004C71D.dat

    va sur www.virustotal.com et envoie : C:\APPS\IE\offline\sp.htm

    si c'est un virus fix ca alors :
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sp.htm
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm

    voilà dit moi le resultat de virus total je te dit la suite.
    0
  4. Les Patrons
     
    Bonjour,
    alors voila les scans ce que ca a donne :

    Le rapport de bitdefender :


    Statistics

    Time

    01:46:41

    Files

    371263

    Folders

    9265

    Boot Sectors

    5

    Archives

    7754

    Packed Files

    17357

    Results

    Identified Viruses

    10

    Infected Files

    33

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    32

    Engines Info

    Virus Definitions

    860256

    Engine build

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins

    14

    Archive plugins

    38

    Unpack plugins

    7

    E-mail plugins

    6

    System plugins

    1

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\Documents and Settings\NiNa\Configuración local\Datos de programa\xalvfqzdve.exe

    Detected with: Adware.Navipromo.BYZ

    C:\Documents and Settings\NiNa\Configuración local\Datos de programa\xalvfqzdve.exe

    Disinfection failed

    C:\Documents and Settings\NiNa\Configuración local\Datos de programa\xalvfqzdve.exe

    Deleted

    C:\Documents and Settings\NiNa\Datos de programa\VideoEgg\Updater\updater.exe

    Infected with: Trojan.Generic.25658

    C:\Documents and Settings\NiNa\Datos de programa\VideoEgg\Updater\updater.exe

    Disinfection failed

    C:\Documents and Settings\NiNa\Datos de programa\VideoEgg\Updater\updater.exe

    Deleted

    C:\Documents and Settings\NiNa\Escritorio\VideoEggPublisher.exe=>(NSIS o)=>lzma_solid_nsis0013

    Infected with: Trojan.Generic.25658

    C:\Documents and Settings\NiNa\Escritorio\VideoEggPublisher.exe=>(NSIS o)=>lzma_solid_nsis0013

    Disinfection failed

    C:\Documents and Settings\NiNa\Escritorio\VideoEggPublisher.exe=>(NSIS o)=>lzma_solid_nsis0013

    Deleted

    C:\Documents and Settings\NiNa\Escritorio\VideoEggPublisher.exe=>(NSIS o)

    Update failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067522.dll

    Infected with: DeepScan:Generic.Virtumod.9DBF95A2

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067522.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067522.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067572.dll

    Infected with: DeepScan:Generic.Virtumod.9DBF95A2

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067572.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067572.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067667.dll

    Infected with: DeepScan:Generic.Virtumod.8DD6A2F7

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067667.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067667.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067770.dll

    Infected with: Trojan.Downloader.Agent.YPO

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067770.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068770.dll

    Infected with: DeepScan:Generic.Virtumod.199508B9

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068770.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068770.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068878.dll

    Infected with: DeepScan:Generic.Virtumod.199508B9

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068878.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068878.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068924.dll

    Infected with: DeepScan:Generic.Virtumod.1B6A3021

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068924.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068924.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068947.dll

    Infected with: DeepScan:Generic.Virtumod.99345FDF

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068947.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068947.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0069007.dll

    Infected with: DeepScan:Generic.Virtumod.99345FDF

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0069007.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0069007.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP278\A0069162.dll

    Infected with: Trojan.Downloader.Agent.YPN

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP278\A0069162.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP278\A0069443.dll

    Infected with: Trojan.Downloader.Agent.YPN

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP278\A0069443.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069593.dll

    Detected with: Adware.Virtumonde.GGX

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069593.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069593.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069661.dll

    Detected with: Adware.Virtumonde.GGX

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069661.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069661.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069688.dll

    Detected with: Adware.Virtumonde.GGX

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069688.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069688.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0069741.dll

    Detected with: Adware.Virtumonde.GGX

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0069741.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0069741.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070787.dll

    Detected with: Adware.Virtumonde.GGX

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070787.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070787.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070807.dll

    Detected with: Adware.Virtumonde.GGX

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070807.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070807.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070842.dll

    Detected with: Adware.Virtumonde.GGX

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070842.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070842.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0070998.dll

    Detected with: Adware.Virtumonde.GGX

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0070998.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0070998.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071098.dll

    Detected with: Adware.Virtumonde.GGX

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071098.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071098.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071200.dll

    Detected with: Adware.Virtumonde.GGX

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071200.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071200.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP282\A0072097.dll

    Detected with: Adware.Virtumonde.GGX

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP282\A0072097.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP282\A0072097.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072154.dll

    Detected with: Adware.Virtumonde.GGX

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072154.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072154.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072228.dll

    Detected with: Adware.Virtumonde.GGX

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072228.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072228.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072240.dll

    Infected with: DeepScan:Generic.Virtumod.9DBF95A2

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072240.dll

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072240.dll

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078058.exe

    Detected with: Adware.Navipromo.BYZ

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078058.exe

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078058.exe

    Deleted

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078059.exe

    Infected with: Trojan.Generic.25658

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078059.exe

    Disinfection failed

    C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078059.exe

    Deleted

    C:\WINDOWS\system32\awvvu.dll

    Detected with: Adware.Virtumonde.GGX

    C:\WINDOWS\system32\awvvu.dll

    Disinfection failed

    C:\WINDOWS\system32\awvvu.dll

    Delete failed

    C:\WINDOWS\system32\mlchmq.exe

    Detected with: Adware.Navipromo.BYZ

    C:\WINDOWS\system32\mlchmq.exe

    Disinfection failed

    C:\WINDOWS\system32\mlchmq.exe

    Deleted

    C:\WINDOWS\system32\ynmbgejcz.exe

    Detected with: Adware.Navipromo.BYZ

    C:\WINDOWS\system32\ynmbgejcz.exe

    Disinfection failed

    C:\WINDOWS\system32\ynmbgejcz.exe

    Deleted

    ET VOICI LE RAPPORT DE HIJACK THIS

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:46:00, on 05/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Domino.exe
    C:\Archivos de programa\Eset\nod32kui.exe
    C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Archivos de programa\Eset\nod32krn.exe
    C:\Archivos de programa\NTR global\NTRconnect\NTRconnect.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\ARCHIV~1\COMMON~1\X10\Common\x10nets.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\alg.exe
    C:\Archivos de programa\MSN Messenger\usnsvc.exe
    C:\Archivos de programa\MSN Messenger\msnmsgr.exe
    C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Archivos de programa\MSN Messenger\msnmsgr.exe
    C:\ARCHIV~1\MOZILL~1\FIREFOX.EXE
    C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=SP&range=AD&phase=6&key=SEARCH
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sp.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=7&key=MED
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzim029YYES
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/21.13/uploader2.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://youandherbalife.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-es.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by129fd.bay129.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004C71D.dat
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Servicio del iPod (iPod Service) - Unknown owner - C:\Archivos de programa\iPod\bin\iPodService.exe (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
    O23 - Service: NTRconnect (ntrconnect) - Net Transmit & Receive - C:\Archivos de programa\NTR global\NTRconnect\NTRconnect.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Archivos de programa\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\ARCHIV~1\COMMON~1\X10\Common\x10nets.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. tribun Messages postés 64900 Date d'inscription   Statut Membre Dernière intervention   12 686
     
    bonjour
    ben t'en avais rammasé des trucs !!
    selon bitdefender tu est désinfecté ! deleted = supprimé

    A
    0