[Virus] Infecté par Win32/Hidrag.A [Résolu]

Séb08 Messages postés 16503 Date d'inscription Statut Contributeur Dernière intervention 1 430

Slt,

télécharge HijackThis ici:
http://www.hijackthis.de/s/hijackthis_199.zip

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo (merci à Balltrap) :
instalation hijackthis
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage

Réponse 2 / 35

Ketmo Messages postés 77 Date d'inscription Statut Membre Dernière intervention

Bonjour!

Désolé, j'étais absent hier soir. Mais voilà le scan HijackThis que je viens de faire.

Logfile of HijackThis v1.99.1
Scan saved at 12:55:55, on 12/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: _pref("browser.startup.homepage", "http://fr.yahoo.com/"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
N3 - Netscape 7: _pref("browser.search.defaultengine", "engine://C%3A%5rogram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_.src"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A6D7CD41-9FE9-3BC7-1616-DA6F7A4D6670} - (no file)
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHelper.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O2 - BHO: (no name) - {FD1438E7-0237-3F9F-402F-C189BE98FEBC} - (no file)
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
O4 - HKLM\..\Run: [SpywareStopper] C:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvlDaemon] RUNDLL32.EXE C:\WINDOWS\System32\Nvl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Style plan tick name] C:\Documents and Settings\All s\Application Data\StoreReeStylePlan\Tool store.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~2\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\.exe
O4 - Startup: ubisoft .lnk = C:\Program Files\Ubi Soft\\schedule.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: teleir_cert -
O16 - DPF: Yahoo! Euchre -
O16 - DPF: Yahoo! MahJong Solitaire -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: msctl32.dll - msctl32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Réponse 3 / 35

Ketmo Messages postés 77 Date d'inscription Statut Membre Dernière intervention

Quelqu'un pourrait-il me donner un petit coup de main pour le lo HijackThis?
J'avoue que je ne sais pas trop quoi faire...

Réponse 4 / 35

Séb08 Messages postés 16503 Date d'inscription Statut Contributeur Dernière intervention 1 430

Scannnes ton PC avec ces log et vires tout ce qu'ils te trouvent :

(Les mettre à jour avant de les lancer).

1/ Ad-Aware (gratuit) :
Téléchargement :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
Le patch en Français pour Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
2/ Spybot (gratuit) :
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
Téléchargement :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
3/ a-squared free (gratuit)
Téléchargement :
http://www.emsisoft.net/fr/software//
4/ ewido (dowload)
Téléchargement :
http://www.ewido.net/fr//
5/ cleanup40 (nettoyeur de cookies+temps+tempos+prefetch+historique+etc..) (gratuit)
Démo :
http://pageperso.aol.fr/balltrap34/democleanup.htm
Téléchargement :
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
6/ ccleaner (gratuit)
Tutorial là :
http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
Téléchargement : http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

Et remet un Hijack je reerai dans la soirée ou peut être avant.
Tu sais on est Dimanche et c'est pas evident de trouver du temps...

@+

Réponse 5 / 35

Ketmo Messages postés 77 Date d'inscription Statut Membre Dernière intervention

C'est vrai, désolé d'avoir été si impatient.
Mais merci beaucoup en tout cas ;)

Réponse 6 / 35

Séb08 Messages postés 16503 Date d'inscription Statut Contributeur Dernière intervention 1 430

Re,

As tu scanné avec les logs que je t'ai mis ?

Réponse 7 / 35

Ketmo Messages postés 77 Date d'inscription Statut Membre Dernière intervention

Je suis en train de le faire.
Je te ree dès que c'est terminé
Merci ;)
A tt!

Réponse 8 / 35

Ketmo Messages postés 77 Date d'inscription Statut Membre Dernière intervention

Bonsoir!
Voilà le log d'HijackThis!

Logfile of HijackThis v1.99.1
Scan saved at 21:52:42, on 12/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: _pref(

Réponse 9 / 35

Séb08 Messages postés 16503 Date d'inscription Statut Contributeur Dernière intervention 1 430

Ton log n'est pas complet...

Si tu as installé MSN+ tu peux déja le désinstaller et le réinstaller sans accepter les sponsors...

Réponse 10 / 35

Séb08 Messages postés 16503 Date d'inscription Statut Contributeur Dernière intervention 1 430

Comme ceci :

http://theroot.chez-alice.fr/imgs/tuto/msgplus.jpg

Remets un log Hijack STP.

Sinon on verra ca demain...

Réponse 11 / 35

Ketmo Messages postés 77 Date d'inscription Statut Membre Dernière intervention

J'ai du m'absenter ce soir, c'est pour ça que je reviens un peu tard.
Je n'ai pas installé MSN+...
J'ai refais un scan avec HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 02:00:37, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: _pref("browser.startup.homepage", "http://fr.yahoo.com/"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
N3 - Netscape 7: _pref("browser.search.defaultengine", "engine://C%3A%5rogram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_.src"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A6D7CD41-9FE9-3BC7-1616-DA6F7A4D6670} - (no file)
O2 - BHO: (no name) - {FD1438E7-0237-3F9F-402F-C189BE98FEBC} - (no file)
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
O4 - HKLM\..\Run: [SpywareStopper] C:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvlDaemon] RUNDLL32.EXE C:\WINDOWS\System32\Nvl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Style plan tick name] C:\Documents and Settings\All s\Application Data\StoreReeStylePlan\Tool store.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~2\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\.exe
O4 - Startup: ubisoft .lnk = C:\Program Files\Ubi Soft\\schedule.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: teleir_cert -
O16 - DPF: Yahoo! Euchre -
O16 - DPF: Yahoo! MahJong Solitaire -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ,
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Utilisateur anonyme

Salut,

Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

O2 - BHO: (no name) - {A6D7CD41-9FE9-3BC7-1616-DA6F7A4D6670} - (no file)
O2 - BHO: (no name) - {FD1438E7-0237-3F9F-402F-C189BE98FEBC} - (no file)
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvlDaemon] RUNDLL32.EXE C:\WINDOWS\System32\Nvl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Style plan tick name] C:\Documents and Settings\All s\Application Data\StoreReeStylePlan\Tool store.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~2\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe

Desinstalles AVG car il ne faut qu'un anti-virus sur un Pc si non ça crée des conflits.

Fais ce scan anti-virus en ligne et colles le rapport ici une fois qu'il à finit stp

http://www.bitdefender.com/scan8/ie.html

Puis en même temps colles un nouveau rapport hijackthis

A++

Réponse 12 / 35

Ketmo Messages postés 77 Date d'inscription Statut Membre Dernière intervention

Bonjour,

J'ai fais un scan avec BitDefender...mais malheureusement (au bout de 6h, car mon ordi a un peu bugué), mon ordi a planté alors qu'il ne restait que quelques minutes. Néanmoins, BitDefender a supprimé tous les "mauvais" fichiers qu'il a trouvé.
Je mets un rapport HijackThis en attendant de refaire un scan avec BitDefender.

Logfile of HijackThis v1.99.1
Scan saved at 18:54:34, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: _pref("browser.startup.homepage", "http://fr.yahoo.com/"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
N3 - Netscape 7: _pref("browser.search.defaultengine", "engine://C%3A%5rogram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_.src"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [SpywareStopper] C:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvlDaemon] RUNDLL32.EXE C:\WINDOWS\system32\Nvl.dll,NvStartup
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\.exe
O4 - Startup: ubisoft .lnk = C:\Program Files\Ubi Soft\\schedule.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: teleir_cert -
O16 - DPF: Yahoo! Euchre -
O16 - DPF: Yahoo! MahJong Solitaire -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ,
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Utilisateur anonyme

Salut,

Oki, pas grave pour le moment..

Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.snqthxdhfroidtgmjnxx.net/1Y4eM9pqxgilQsamEUQhitAvLYdVYrgwxgvFvUpGjGfNVzARLeS9R2dOX8hQVMEr.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O16 - DPF: teleir_cert -
O16 - DPF: Yahoo! Euchre -
O16 - DPF: Yahoo! MahJong Solitaire -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -

Fais ceci:

¤Telecharges et installes ceci, dans la colonne de gauche cliques sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs

CCleaner:
http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

¤Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis cliques sur "lancer le nettoyage"

Si tu as encore Ewido fais un scan avec puis colles le rapport ici stp

(Ewido:
http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/31851.html)

Puis colles le rapport d'Ewido ici avec un nouveau rapport hijackthis ;-) (penses à redemarrer avant)

A++

Réponse 13 / 35

Ketmo Messages postés 77 Date d'inscription Statut Membre Dernière intervention

Re.,
Voilà le rapport Ewido (après redémarrage):

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 22:28:11, 13/03/2006
+ Somme de contrôle: 734A085C

+ Résultats du scan:

C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\Program Files\WildTangent\Components\SystemConfig0100.dll -> Spyware.WinAD : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\cd_htm.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\bdedata2.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\bdefdi.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\chktrust.exe -> Spyware.BargainBuddy : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\bdeload.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\BDESac10.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\BDESac24.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\system32\bdeinsta25.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\BDE\Cache\bdedetect1.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\BDE\bdeviewer.exe -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\BDE\b3dsetup.exe -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\BDE\bdedetect1.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll -> Spyware.WildTangent : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll -> Spyware.WildTangent : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072310199.ssb/F:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\altnet\ manager\altnetuninstall.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\altnet\ manager\asmend.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\altnet\Points Manager\sysdetect.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\Common Files\updater\delupdat.exe -> er.Keenal : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\WINDOWS\system32\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072370734.ssb/C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\Program Files\altnet\ manager\altnetuninstall.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\Program Files\altnet\ manager\asmend.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\Program Files\altnet\Points Manager\sysdetect.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\WINDOWS\system32\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072641069.ssb/C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\Program Files\altnet\ manager\altnetuninstall.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\Program Files\altnet\ manager\asmend.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\Program Files\altnet\Points Manager\sysdetect.dll -> Adware.BrilliantDigital : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\WINDOWS\system32\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1072972924.ssb/C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1076100897.ssb/C:\Documents and Settings\VICTOR\Local Settings\Temp\cd_clint.dll -> Spyware.Cydoor : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1076100897.ssb/C:\Documents and Settings\VICTOR\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1076100897.ssb/C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1076100897.ssb/C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Nettoyer et sauvegarder
C:\Program Files\interMute\SpySubtract\Backup\Clean Session - 1107007840.ssb/C:\Program Files\Bargain Buddy\bbchk.exe -> Spyware.BargainBuddy : Nettoyer et sauvegarder
C:\Program Files\PestPatrol\Quarantine\20060308222603.zip/Program Files/NavExcel/NavHelper/v2.0.4c/NHUpdater.exe -> Spyware.NavExcel : Nettoyer et sauvegarder
C:\WINDOWS\system32\drivers\i386p.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.k : Nettoyer et sauvegarder
G:\Programmes\Abandonware\Super Nes\ActRaiser (F).SRM -> Dropper.Small.u : Nettoyer et sauvegarder

::Fin du rapport

Faut-il que je redémarre avant de poster le rapport d'HijackThis?

Réponse 14 / 35

Ketmo Messages postés 77 Date d'inscription Statut Membre Dernière intervention

Je poste quand même un rapport HijackThis, sans avoir redémarré, au cas où...:

Logfile of HijackThis v1.99.1
Scan saved at 22:39:19, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: _pref("browser.startup.homepage", "http://fr.yahoo.com/"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
N3 - Netscape 7: _pref("browser.search.defaultengine", "engine://C%3A%5rogram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_.src"); (C:\Documents and Settings\VICTOR\Application Data\Mozilla\Profiles\default\mwcwi7tf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [SpywareStopper] C:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvlDaemon] RUNDLL32.EXE C:\WINDOWS\system32\Nvl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sixth 1] C:\DOCUME~1\VICTOR\APPLIC~1\TRAYMA~1\Flawrect.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\.exe
O4 - Startup: ubisoft .lnk = C:\Program Files\Ubi Soft\\schedule.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ,
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Utilisateur anonyme

Fais ce scan anti-virus en ligne et colles le rapport ici une fois qu'il à finit stp

http://www.bitdefender.com/scan8/ie.html

Réponse 15 / 35

Ketmo Messages postés 77 Date d'inscription Statut Membre Dernière intervention

Bonjour!
Me re voilà avec le rapport de BitDefender:

BitDefender Online Scanner

Scan report generated at: Tue, Mar 14, 2006 - 05:10:40

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;

Statistics

Time
05:42:30

Files
950883

Folders
10687

Boot Sectors
9

Archives
7673

Packed Files
46108

Results

Identified Viruses
7

Infected Files
53

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
53

Engines Info

Virus Definitions
313388

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Dis moi si il faut que je colle le rapport complet. (parce qu'il est énorme)

Réponse 16 / 35

Ketmo Messages postés 77 Date d'inscription Statut Membre Dernière intervention

En fait j'ai mis le rapport complet, pensant que c'est quand même judicieux. C'est sûr qu'il est un peu grand, mais c'est mieux.

Scanned File
Status

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Re: Your website][Date: Mon, 1 Mar 2004 11:39:19 +0100]=>(MIME part)=>your_website.pif
Infected with: Win32.Netsky.D@mm

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Re: Your website][Date: Mon, 1 Mar 2004 11:39:19 +0100]=>(MIME part)=>your_website.pif
Disinfection failed

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Re: Your website][Date: Mon, 1 Mar 2004 11:39:19 +0100]=>(MIME part)=>your_website.pif
Deleted

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Re: Your website][Date: Mon, 1 Mar 2004 11:39:19 +0100]=>(MIME part)
Updated

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)
Updated

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Blanche neige et ...les sexe nains]=>(MIME part)=>sexynain.scr
Infected with: I-Worm.Hybris.G

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Blanche neige et ...les sexe nains]=>(MIME part)=>sexynain.scr
Disinfection failed

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Blanche neige et ...les sexe nains]=>(MIME part)=>sexynain.scr
Deleted

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Blanche neige et ...les sexe nains]=>(MIME part)
Updated

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)
Updated

C:\Documents and Settings\VICTOR\Local Settings\Application Data\Identities\{7316857B-4608-4855-AF84-643D2541CDF7}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\11.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\11.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\11.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\13.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\13.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\13.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\15.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\15.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\15.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\17.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\17.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\17.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\19.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\19.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\19.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1B.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1B.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1B.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1D.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1D.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1D.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1F.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1F.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1F.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\21.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\21.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\21.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\22.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\22.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\22.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\25.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\25.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\25.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\26.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\26.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\26.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\29.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\29.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\29.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2C.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2C.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2C.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2F.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2F.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2F.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\31.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\31.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\31.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\33.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\33.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\33.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\35.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\35.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\35.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\37.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\37.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\37.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\39.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\39.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\39.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3B.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3B.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3B.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3D.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3D.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3D.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3F.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3F.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3F.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\5.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\5.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\5.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\7.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\7.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\7.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\D.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\D.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\D.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Extension Manager.exe
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Extension Manager.exe
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Extension Manager.exe
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\F.tmp
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\F.tmp
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\F.tmp
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Flash 8 Video Encoder.exe
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Flash 8 Video Encoder.exe
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Flash 8 Video Encoder.exe
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Guitar pro 4 - Update(c6).exe
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Guitar pro 4 - Update(c6).exe
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\Guitar pro 4 - Update(c6).exe
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer.exe
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer.exe
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer.exe
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_3e8.VIR
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_3e8.VIR
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_3e8.VIR
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_418.VIR
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_418.VIR
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\SAFlashPlayer_418.VIR
Deleted

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\THUG2 crack.exe
Infected with: Win32.Jeefo.A.dam

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\THUG2 crack.exe
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\THUG2 crack.exe
Deleted

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Detected with: Adware.Navexcel.A

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Disinfection failed

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Deleted

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Detected with: Adware.Navexcel.A

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Disinfection failed

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Deleted

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Detected with: Adware.Navexcel.A

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Disinfection failed

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Deleted

G:\Programmes\setup wav to mp3.exe=>wise0017=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed

G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0005
Infected with: Trojan.er.Small.APC

G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0005
Disinfection failed

G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0005
Deleted

G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)
Update failed

G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0029
Detected with: Application.Adware.NewDotNet.Dropper

G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)=>lzma_nsis0029
Deleted

G:\Programmes\WarezP2P (v. 2.6).exe=>(NSIS o)
Update failed

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Detected with: Adware.Navexcel.A

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Disinfection failed

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHelper.dll
Deleted

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Detected with: Adware.Navexcel.A

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Disinfection failed

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUninstaller.exe
Deleted

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Detected with: Adware.Navexcel.A

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Disinfection failed

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab=>NHUpdater.exe
Deleted

G:\Programmes\setup mp3 to wav.exe=>wise0018=>(ZIP Sfx o)=>v2.0.4a.cab
Update failed

G:\Programmes\WarezP2P (first version ed).exe=>(NSIS o)=>lzma_nsis0006
Detected with: Application.Adware.NewDotNet.Dropper

G:\Programmes\WarezP2P (first version ed).exe=>(NSIS o)=>lzma_nsis0006
Deleted

G:\Programmes\WarezP2P (first version ed).exe=>(NSIS o)
Update failed

G:\Programmes\WarezP2P (v. 2.7).exe=>(NSIS o)=>lzma_nsis0030
Detected with: Application.Adware.NewDotNet.Dropper

G:\Programmes\WarezP2P (v. 2.7).exe=>(NSIS o)=>lzma_nsis0030
Deleted

G:\Programmes\WarezP2P (v. 2.7).exe=>(NSIS o)
Update failed

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>(ZIP Sfx g)=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Infected with: Trojan.XEmu.A

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>(ZIP Sfx g)=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Disinfection failed

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>(ZIP Sfx g)=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Deleted

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>(ZIP Sfx g)
Updated

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip
Update failed

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Infected with: Trojan.XEmu.A

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Disinfection failed

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>ƒGƒ~ƒ…ƒŒ[ƒ^[–{‘Ì/Xbox/xbox_emulator.0.34.exe
Deleted

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip=>[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE--with BIOS]/[APP] - Emulator Pack - All Consoles [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip
Updated

J:\eMule\Programmes\Emulator Pack - All Consoles-With BIOS [XBOX.PS2.PSX.DC.N64.GBA.GB.WS.NGP.SS.SFC.FC.GG.MD.MAME.PC88.PCE].zip
Updated

Utilisateur anonyme

Salut,

c'est sale! n'est ce pas ?!

Vides la quarantaine de ton anti-virus s'il reste encore quelque chose.

Puis fais ceci:

¤Telecharges et installes ceci, dans la colonne de gauche cliques sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs

CCleaner:
http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

¤Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis cliques sur "lancer le nettoyage"

Puis je te conseille de refaire vivement un nouveau scan avec Bitdefender ;-)

PS: fais le tri dans les fichiers que tu as telechargé sur Emule car tu as ramassé quelques salopries.

A++ ;-)

Séb08 Messages postés 16503 Date d'inscription Statut Contributeur Dernière intervention 1 430 > Utilisateur anonyme

Slt Boule,

Pourquoi ce changement de pseudo ?

Utilisateur anonyme > Séb08 Messages postés 16503 Date d'inscription Statut Contributeur Dernière intervention

Salut Seb,

( mdrr) bah j'ai reçu la newsletter du site! cela me servant pas j'ai voulu m'y desinscrire en utilisant le liens, et quand j'ai voulu revenir il acceptait plus mon pseudo n'y mon mot de e .. voilà pourquoi ce changement :-(

Séb08 Messages postés 16503 Date d'inscription Statut Contributeur Dernière intervention 1 430 > Utilisateur anonyme

OK

;D

Réponse 17 / 35

Ketmo Messages postés 77 Date d'inscription Statut Membre Dernière intervention

Désolé, j'ai dû m'absenter toute la fin de journée, mais je me mets tout de suite au boulot!!!

Réponse 18 / 35

Ketmo Messages postés 77 Date d'inscription Statut Membre Dernière intervention

Re,
J'aimerai savoir s'il y a une alternative à BitDefender, car les fichiers Temp qu'il créer pendant le scan sont beaucoup trop lourd et du coup je manque d'espace sur le disque dur sur lequel est installé Windows, ce qui fait que l'ordi bug et je suis obligé de faire tout un tas de manip' pour effacer des fichiers afin que le scan puisse faire son petit travail...

Utilisateur anonyme

Salut,

Non, du moins j'pense pas Panda c'est pire :-/ essais celui là

http://www.sec.com/outils/antivirus.htm

Réponse 19 / 35

Ketmo Messages postés 77 Date d'inscription Statut Membre Dernière intervention

Salut!

J'ai fait un scan avec Sec, et il n'a rien trouvé!!!

Réponse 20 / 35

Séb08 Messages postés 16503 Date d'inscription Statut Contributeur Dernière intervention 1 430

'lut

Ou en sont tes soucis ?

[Virus] Infecté par Win32/Hidrag.A

35 réponses

Votre réponse

Discussions similaires