| A l'aide !!! virus | |
|
|
Auteur | Message |
---|
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: A l'aide !!! virus Lun 8 Déc - 18:57:37 | |
| Bonjour a tt le monde !!
Voila, j'ai un problème qui me rends fou... j'ai bien sur cherché sur le net avant mais a force de voir 36 000 trucs différents, je n'y comprends plus rien.. je tente donc ma chance ici, en espérant vraiment qu'une âme charitable puis me sauver..:s je suis infecté par le "ppcb_32.exe"
Voila le rapport hijackthis :
Scan saved at 16:36:43, on 08/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal
Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\TpShocks.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ManyCam 2.3\ManyCam.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\explorer.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eo.st R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: globaladsolution - {73a05875-0698-1136-782a-3c0c953854bc} - C:\Windows\system32\nsk66CC.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: globaladsolution browser enhancer - {7BB44F19-8650-8695-8B05-EE6A135E3297} - C:\Windows\system32\qbohykryjhbvcia.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TpShocks] C:\WINDOWS\system32\TpShocks.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [fgbptzebkdd] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\qbohykryjhbvcia.dll" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe" O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NewShortcut2.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218406405825&h=80192c0155783bd3c07571c91ba83474/&filename=jinstall-6u7-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
-- End of file - 8602 bytes
merci d'avance | |
|
| |
geoffrey5 Admin
Nombre de messages : 1849 Age : 43 Localisation : Liège - Belgique Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM Date d'inscription : 28/07/2008
| Sujet: Re: A l'aide !!! virus Lun 8 Déc - 19:06:21 | |
| Bonjour et Commence par faire ceci stp :
- Sous VISTA : Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection)
- Télécharger et enregistrer lopSD sur ton bureau
(c est le numéro 4 en bas de la page) :
- Double-clic Lop S&D
- Faire l'installation
- Fermer toutes les applications
- Le lancer par un double-clic sur le raccourci qui est sur le bureau
* Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur
- Taper F pour français , puis presser entrée
- Taper 1
- Presser Entrée
- Le PC va redémarrer
* Note= si l'antivirus annonce une infection dans TEMP , l'ignorer
- Attendre l'apparition du rapport
- Copier le rapport et le coller dans la réponse
* le rapport se trouve aussi à C:\lopR | |
|
| |
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:00:32 | |
| Voila le rapport :
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz ) BIOS : Rev 1.0 USER : Ethik ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated) C:\ (Local Disk) - NTFS - Total:29 Go (Free:3 Go) D:\ (Local Disk) - NTFS - Total:68 Go (Free:48 Go) E:\ (CD or DVD) F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 ) Option : [1] ( 08/12/2008|20:55 )
[ UAC => 0 ] --------------------\\ Listing des dossiers dans Local
[12/08/2008|02:08] C:\Users\Ethik\AppData\Local\Adobe [05/10/2008|14:36] C:\Users\Ethik\AppData\Local\Ahead [10/08/2008|12:55] C:\Users\Ethik\AppData\Local\Application Data [10/09/2008|13:08] C:\Users\Ethik\AppData\Local\d3d9caps.dat [29/11/2008|13:45] C:\Users\Ethik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [21/11/2008|17:50] C:\Users\Ethik\AppData\Local\GDIPFONTCACHEV1.DAT [27/10/2008|18:34] C:\Users\Ethik\AppData\Local\Google [10/08/2008|12:55] C:\Users\Ethik\AppData\Local\Historique [08/12/2008|20:49] C:\Users\Ethik\AppData\Local\IconCache.db [16/09/2008|16:35] C:\Users\Ethik\AppData\Local\Installer304 [20/08/2008|15:27] C:\Users\Ethik\AppData\Local\Installer5216 [12/09/2008|01:07] C:\Users\Ethik\AppData\Local\Microsoft [02/11/2008|18:50] C:\Users\Ethik\AppData\Local\Microsoft Games [01/09/2008|22:43] C:\Users\Ethik\AppData\Local\Mozilla [08/12/2008|20:55] C:\Users\Ethik\AppData\Local\Temp [10/08/2008|12:55] C:\Users\Ethik\AppData\Local\Temporary Internet Files [23/08/2008|23:24] C:\Users\Ethik\AppData\Local\VirtualStore [25/09/2008|12:49] C:\Users\Ethik\AppData\Local\Xara --------------------\\ Tâches planifiées dans C:\Windows\tasks
[08/12/2008 20:51][--ah-----] C:\Windows\tasks\SA.DAT [08/12/2008 20:50][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData [12/08/2008|02:07] C:\ProgramData\Adobe [11/08/2008|13:06] C:\ProgramData\Adobe Systems [02/11/2006|14:02] C:\ProgramData\Application Data [10/08/2008|22:00] C:\ProgramData\Avira [05/11/2008|21:33] C:\ProgramData\BOONTY [10/08/2008|12:52] C:\ProgramData\Bureau [02/11/2006|14:02] C:\ProgramData\Desktop [02/11/2006|14:02] C:\ProgramData\Documents [18/08/2008|22:53] C:\ProgramData\EmailNotifier [15/08/2008|20:07] C:\ProgramData\Ensurebit [09/10/2008|16:38] C:\ProgramData\ezsidmv.dat [10/08/2008|12:52] C:\ProgramData\Favoris [02/11/2006|14:02] C:\ProgramData\Favorites [11/08/2008|01:54] C:\ProgramData\FLEXnet [21/08/2008|23:55] C:\ProgramData\Google [10/08/2008|14:29] C:\ProgramData\Intel [18/08/2008|22:53] C:\ProgramData\Megaupload [10/08/2008|12:52] C:\ProgramData\Menu D‚marrer [15/08/2008|20:56] C:\ProgramData\Messenger Plus! [20/08/2008|15:08] C:\ProgramData\Microsoft [10/08/2008|12:52] C:\ProgramData\ModŠles [05/10/2008|14:17] C:\ProgramData\Nero [11/08/2008|15:18] C:\ProgramData\NOS [20/08/2008|02:42] C:\ProgramData\ntuser.pol [21/08/2008|23:24] C:\ProgramData\rkfree [10/08/2008|14:29] C:\ProgramData\Roaming [09/10/2008|16:35] C:\ProgramData\Skype [02/11/2006|14:02] C:\ProgramData\Start Menu [02/11/2006|14:02] C:\ProgramData\Templates [18/11/2008|00:14] C:\ProgramData\uPlayMe [10/08/2008|21:57] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[11/08/2008|15:47] C:\Program Files\Adobe [10/08/2008|22:00] C:\Program Files\Avira [11/08/2008|15:46] C:\Program Files\Bonjour [10/08/2008|14:20] C:\Program Files\Broadcom [19/08/2008|19:44] C:\Program Files\CFWebAdvancedU [05/11/2008|21:33] C:\Program Files\Common Files [08/10/2008|01:15] C:\Program Files\DAEMON Tools Lite [10/08/2008|14:38] C:\Program Files\DIFX [30/10/2008|15:23] C:\Program Files\DivX [10/08/2008|14:39] C:\Program Files\EQI [10/08/2008|12:52] C:\Program Files\Fichiers communs [C:\Program Files\Common Files] [09/10/2008|16:31] C:\Program Files\FrostWire [25/09/2008|23:31] C:\Program Files\Games [27/10/2008|18:33] C:\Program Files\Google [25/09/2008|12:48] C:\Program Files\InstallShield Installation Information [10/08/2008|14:48] C:\Program Files\Intel [01/10/2008|20:04] C:\Program Files\Internet Explorer [10/08/2008|23:13] C:\Program Files\Java [21/11/2008|17:44] C:\Program Files\Lenovo [08/12/2008|20:52] C:\Program Files\ManyCam 2.3 [01/09/2008|02:17] C:\Program Files\Messenger Plus! Live [02/11/2006|13:37] C:\Program Files\Microsoft Games [10/08/2008|14:18] C:\Program Files\Motorola [01/10/2008|20:04] C:\Program Files\Movie Maker [08/12/2008|20:52] C:\Program Files\Mozilla Firefox [02/11/2006|13:37] C:\Program Files\MSBuild [07/10/2008|02:00] C:\Program Files\MSXML 4.0 [05/10/2008|14:17] C:\Program Files\Nero [05/10/2008|13:04] C:\Program Files\NeroInstall.bak [11/08/2008|15:18] C:\Program Files\NOS [20/11/2008|18:45] C:\Program Files\OpenOffice.org 3 [08/12/2008|16:29] C:\Program Files\ppcbooster [13/08/2008|01:38] C:\Program Files\QuickTime [11/08/2008|22:14] C:\Program Files\Realtek [02/11/2006|13:37] C:\Program Files\Reference Assemblies [09/10/2008|16:35] C:\Program Files\Skype [10/08/2008|13:00] C:\Program Files\Suyin [10/08/2008|14:23] C:\Program Files\Synaptics [08/12/2008|16:35] C:\Program Files\Trend Micro [02/11/2006|14:01] C:\Program Files\Uninstall Information [05/12/2008|02:02] C:\Program Files\Veoh Networks [11/08/2008|15:22] C:\Program Files\VideoLAN [01/10/2008|20:04] C:\Program Files\Windows Calendar [01/10/2008|20:04] C:\Program Files\Windows Collaboration [01/10/2008|20:04] C:\Program Files\Windows Defender [01/10/2008|20:04] C:\Program Files\Windows Journal [27/10/2008|03:38] C:\Program Files\Windows Live [16/10/2008|02:09] C:\Program Files\Windows Mail [01/10/2008|20:04] C:\Program Files\Windows Media Player [10/08/2008|12:52] C:\Program Files\Windows NT [01/10/2008|20:04] C:\Program Files\Windows Photo Gallery [01/10/2008|20:04] C:\Program Files\Windows Sidebar [11/08/2008|01:54] C:\Program Files\WinRAR [08/10/2008|01:19] C:\Program Files\WinZip [25/09/2008|12:47] C:\Program Files\Xara
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[11/08/2008|15:45] C:\Program Files\Common Files\Adobe [11/08/2008|13:04] C:\Program Files\Common Files\Adobe Systems Shared [05/11/2008|21:33] C:\Program Files\Common Files\BOONTY Shared [10/08/2008|12:57] C:\Program Files\Common Files\InstallShield [10/08/2008|23:12] C:\Program Files\Common Files\Java [11/08/2008|15:34] C:\Program Files\Common Files\Macrovision Shared [10/08/2008|22:02] C:\Program Files\Common Files\microsoft shared [05/10/2008|14:20] C:\Program Files\Common Files\Nero [11/08/2008|22:03] C:\Program Files\Common Files\PX Storage Engine [02/11/2006|12:18] C:\Program Files\Common Files\Services [09/10/2008|16:35] C:\Program Files\Common Files\Skype [10/08/2008|14:37] C:\Program Files\Common Files\snp2uvc [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines [01/10/2008|20:04] C:\Program Files\Common Files\System [10/08/2008|22:02] C:\Program Files\Common Files\WindowsLiveInstaller [25/09/2008|12:48] C:\Program Files\Common Files\Xara
--------------------\\ Process
( 58 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop
C:\Users\Ethik\AppData\Local\Temp\msgpl_8704.tmp C:\Users\Ethik\AppData\Local\Temp\nsk796F.tmp C:\Users\Ethik\AppData\Local\Temp\nslAD41.tmp C:\Users\Ethik\AppData\Roaming\MICROS~1\Windows\Cookies\ethik@partypoker[1].txt C:\Users\Ethik\AppData\Roaming\MICROS~1\Windows\Cookies\ethik@888[2].txt --------------------\\ Verification du Registre ..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-08 20:55:41 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 1121 --------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\Ethik\AppData\Local\Temp\install\crack C:\Users\Ethik\AppData\Local\Temp\install\MS Office 2007 Keygen.nfo C:\Users\Ethik\AppData\Local\Temp\install\crack\crack.exe C:\Users\Ethik\AppData\Roaming\Microsoft\Windows\Recent\MS Office 2007 Keygen.lnk C:\Users\Ethik\AppData\Roaming\Microsoft\Windows\Recent\ms office keygen.lnk
[F:8082][D:524]-> C:\Users\Ethik\AppData\Local\Temp [F:172][D:1]-> C:\Users\Ethik\AppData\Roaming\MICROS~1\Windows\Cookies [F:1192][D:5]-> C:\Users\Ethik\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 [F:4][D:3]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 08/12/2008|20:58 - Option : [1]
--------------------\\ Fin du rapport a 20:58:24 [ UAC => 1 ] | |
|
| |
geoffrey5 Admin
Nombre de messages : 1849 Age : 43 Localisation : Liège - Belgique Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM Date d'inscription : 28/07/2008
| Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:03:49 | |
| Je te conseille fortement d aller supprimer ces cracks mis en gras en suivant leurs chemins : C:\Users\Ethik\AppData\Local\Temp\install\ crack C:\Users\Ethik\AppData\Local\Temp\install\ MS Office 2007 Keygen.nfo C:\Users\Ethik\AppData\Local\Temp\install\crack\crack.exe C:\Users\Ethik\AppData\Roaming\Microsoft\Windows\Recent\ MS Office 2007 Keygen.lnk C:\Users\Ethik\AppData\Roaming\Microsoft\Windows\Recent\ ms office keygen.lnkensuite :
- Relance Lop S&D
- Choisis cette fois-ci l'option 2 (Suppression)
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré (C:\lopR.txt)
* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide) | |
|
| |
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:06:11 | |
| [quote="geoffrey5"]Je te conseille fortement d aller supprimer ces cracks mis en gras en suivant leurs chemins :
C:\Users\Ethik\AppData\Local\Temp\install\crack C:\Users\Ethik\AppData\Local\Temp\install\MS Office 2007 Keygen.nfo C:\Users\Ethik\AppData\Local\Temp\install\crack\crack.exe C:\Users\Ethik\AppData\Roaming\Microsoft\Windows\Recent\MS Office 2007 Keygen.lnk C:\Users\Ethik\AppData\Roaming\Microsoft\Windows\Recent\ms office keygen.lnk
Je ne trouve pas les dossier "AppData"
| |
|
| |
geoffrey5 Admin
Nombre de messages : 1849 Age : 43 Localisation : Liège - Belgique Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM Date d'inscription : 28/07/2008
| Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:14:59 | |
| il faut que tu affiches les fichiers et dossiers cachés :
- ouvrir tes documents
- cliquer sur Organiser les dossiers
- Option des dossiers et de recherche
- onglet affichage
- cocher la case "afficher les fichiers et dossiers cachés"
- cliquer sur "appliquer à tous les dossiers"
- Répondre par "oui" à la question posée et ensuite cliquer sur OK
| |
|
| |
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:21:35 | |
| Voila donc le rapport Lop SD apres avoir supprimé les fichiers précédemment cités..:
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz ) BIOS : Rev 1.0 USER : Ethik ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated) C:\ (Local Disk) - NTFS - Total:29 Go (Free:3 Go) D:\ (Local Disk) - NTFS - Total:68 Go (Free:48 Go) E:\ (CD or DVD) F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 ) Option : [2] ( 08/12/2008|21:17 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\Users\Ethik\AppData\Local\Temp\msgpl_8704.tmp Supprime! - C:\Users\Ethik\AppData\Local\Temp\nsk796F.tmp Supprime! - C:\Users\Ethik\AppData\Local\Temp\nslAD41.tmp Supprime! - C:\Users\Ethik\AppData\Roaming\MICROS~1\Windows\Cookies\ethik@partypoker[1].txt Supprime! - C:\Users\Ethik\AppData\Roaming\MICROS~1\Windows\Cookies\ethik@888[2].txt - [ Fichier Hosts ] .. Restaure! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[12/08/2008|02:08] C:\Users\Ethik\AppData\Local\Adobe [05/10/2008|14:36] C:\Users\Ethik\AppData\Local\Ahead [10/08/2008|12:55] C:\Users\Ethik\AppData\Local\Application Data [10/09/2008|13:08] C:\Users\Ethik\AppData\Local\d3d9caps.dat [29/11/2008|13:45] C:\Users\Ethik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [21/11/2008|17:50] C:\Users\Ethik\AppData\Local\GDIPFONTCACHEV1.DAT [27/10/2008|18:34] C:\Users\Ethik\AppData\Local\Google [10/08/2008|12:55] C:\Users\Ethik\AppData\Local\Historique [08/12/2008|20:49] C:\Users\Ethik\AppData\Local\IconCache.db [16/09/2008|16:35] C:\Users\Ethik\AppData\Local\Installer304 [20/08/2008|15:27] C:\Users\Ethik\AppData\Local\Installer5216 [12/09/2008|01:07] C:\Users\Ethik\AppData\Local\Microsoft [02/11/2008|18:50] C:\Users\Ethik\AppData\Local\Microsoft Games [01/09/2008|22:43] C:\Users\Ethik\AppData\Local\Mozilla [08/12/2008|21:17] C:\Users\Ethik\AppData\Local\Temp [10/08/2008|12:55] C:\Users\Ethik\AppData\Local\Temporary Internet Files [23/08/2008|23:24] C:\Users\Ethik\AppData\Local\VirtualStore [25/09/2008|12:49] C:\Users\Ethik\AppData\Local\Xara --------------------\\ Tâches planifiées dans C:\Windows\tasks
[08/12/2008 20:51][--ah-----] C:\Windows\tasks\SA.DAT [08/12/2008 20:50][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData [12/08/2008|02:07] C:\ProgramData\Adobe [11/08/2008|13:06] C:\ProgramData\Adobe Systems [02/11/2006|14:02] C:\ProgramData\Application Data [10/08/2008|22:00] C:\ProgramData\Avira [05/11/2008|21:33] C:\ProgramData\BOONTY [10/08/2008|12:52] C:\ProgramData\Bureau [02/11/2006|14:02] C:\ProgramData\Desktop [02/11/2006|14:02] C:\ProgramData\Documents [18/08/2008|22:53] C:\ProgramData\EmailNotifier [15/08/2008|20:07] C:\ProgramData\Ensurebit [09/10/2008|16:38] C:\ProgramData\ezsidmv.dat [10/08/2008|12:52] C:\ProgramData\Favoris [02/11/2006|14:02] C:\ProgramData\Favorites [11/08/2008|01:54] C:\ProgramData\FLEXnet [21/08/2008|23:55] C:\ProgramData\Google [10/08/2008|14:29] C:\ProgramData\Intel [18/08/2008|22:53] C:\ProgramData\Megaupload [10/08/2008|12:52] C:\ProgramData\Menu D‚marrer [15/08/2008|20:56] C:\ProgramData\Messenger Plus! [20/08/2008|15:08] C:\ProgramData\Microsoft [10/08/2008|12:52] C:\ProgramData\ModŠles [05/10/2008|14:17] C:\ProgramData\Nero [11/08/2008|15:18] C:\ProgramData\NOS [20/08/2008|02:42] C:\ProgramData\ntuser.pol [21/08/2008|23:24] C:\ProgramData\rkfree [10/08/2008|14:29] C:\ProgramData\Roaming [09/10/2008|16:35] C:\ProgramData\Skype [02/11/2006|14:02] C:\ProgramData\Start Menu [02/11/2006|14:02] C:\ProgramData\Templates [18/11/2008|00:14] C:\ProgramData\uPlayMe [10/08/2008|21:57] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[11/08/2008|15:47] C:\Program Files\Adobe [10/08/2008|22:00] C:\Program Files\Avira [11/08/2008|15:46] C:\Program Files\Bonjour [10/08/2008|14:20] C:\Program Files\Broadcom [19/08/2008|19:44] C:\Program Files\CFWebAdvancedU [05/11/2008|21:33] C:\Program Files\Common Files [08/10/2008|01:15] C:\Program Files\DAEMON Tools Lite [10/08/2008|14:38] C:\Program Files\DIFX [30/10/2008|15:23] C:\Program Files\DivX [10/08/2008|14:39] C:\Program Files\EQI [10/08/2008|12:52] C:\Program Files\Fichiers communs [C:\Program Files\Common Files] [09/10/2008|16:31] C:\Program Files\FrostWire [25/09/2008|23:31] C:\Program Files\Games [27/10/2008|18:33] C:\Program Files\Google [25/09/2008|12:48] C:\Program Files\InstallShield Installation Information [10/08/2008|14:48] C:\Program Files\Intel [01/10/2008|20:04] C:\Program Files\Internet Explorer [10/08/2008|23:13] C:\Program Files\Java [21/11/2008|17:44] C:\Program Files\Lenovo [08/12/2008|20:52] C:\Program Files\ManyCam 2.3 [01/09/2008|02:17] C:\Program Files\Messenger Plus! Live [02/11/2006|13:37] C:\Program Files\Microsoft Games [10/08/2008|14:18] C:\Program Files\Motorola [01/10/2008|20:04] C:\Program Files\Movie Maker [08/12/2008|21:08] C:\Program Files\Mozilla Firefox [02/11/2006|13:37] C:\Program Files\MSBuild [07/10/2008|02:00] C:\Program Files\MSXML 4.0 [05/10/2008|14:17] C:\Program Files\Nero [05/10/2008|13:04] C:\Program Files\NeroInstall.bak [11/08/2008|15:18] C:\Program Files\NOS [20/11/2008|18:45] C:\Program Files\OpenOffice.org 3 [08/12/2008|16:29] C:\Program Files\ppcbooster [13/08/2008|01:38] C:\Program Files\QuickTime [11/08/2008|22:14] C:\Program Files\Realtek [02/11/2006|13:37] C:\Program Files\Reference Assemblies [09/10/2008|16:35] C:\Program Files\Skype [10/08/2008|13:00] C:\Program Files\Suyin [10/08/2008|14:23] C:\Program Files\Synaptics [08/12/2008|16:35] C:\Program Files\Trend Micro [02/11/2006|14:01] C:\Program Files\Uninstall Information [05/12/2008|02:02] C:\Program Files\Veoh Networks [11/08/2008|15:22] C:\Program Files\VideoLAN [01/10/2008|20:04] C:\Program Files\Windows Calendar [01/10/2008|20:04] C:\Program Files\Windows Collaboration [01/10/2008|20:04] C:\Program Files\Windows Defender [01/10/2008|20:04] C:\Program Files\Windows Journal [27/10/2008|03:38] C:\Program Files\Windows Live [16/10/2008|02:09] C:\Program Files\Windows Mail [01/10/2008|20:04] C:\Program Files\Windows Media Player [10/08/2008|12:52] C:\Program Files\Windows NT [01/10/2008|20:04] C:\Program Files\Windows Photo Gallery [01/10/2008|20:04] C:\Program Files\Windows Sidebar [11/08/2008|01:54] C:\Program Files\WinRAR [08/10/2008|01:19] C:\Program Files\WinZip [25/09/2008|12:47] C:\Program Files\Xara
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[11/08/2008|15:45] C:\Program Files\Common Files\Adobe [11/08/2008|13:04] C:\Program Files\Common Files\Adobe Systems Shared [05/11/2008|21:33] C:\Program Files\Common Files\BOONTY Shared [10/08/2008|12:57] C:\Program Files\Common Files\InstallShield [10/08/2008|23:12] C:\Program Files\Common Files\Java [11/08/2008|15:34] C:\Program Files\Common Files\Macrovision Shared [10/08/2008|22:02] C:\Program Files\Common Files\microsoft shared [05/10/2008|14:20] C:\Program Files\Common Files\Nero [11/08/2008|22:03] C:\Program Files\Common Files\PX Storage Engine [02/11/2006|12:18] C:\Program Files\Common Files\Services [09/10/2008|16:35] C:\Program Files\Common Files\Skype [10/08/2008|14:37] C:\Program Files\Common Files\snp2uvc [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines [01/10/2008|20:04] C:\Program Files\Common Files\System [10/08/2008|22:02] C:\Program Files\Common Files\WindowsLiveInstaller [25/09/2008|12:48] C:\Program Files\Common Files\Xara
--------------------\\ Process
( 60 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-08 21:17:45 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 1121 --------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:8067][D:520]-> C:\Users\Ethik\AppData\Local\Temp [F:170][D:1]-> C:\Users\Ethik\AppData\Roaming\MICROS~1\Windows\Cookies [F:1198][D:5]-> C:\Users\Ethik\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 [F:4][D:3]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 08/12/2008|20:58 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 08/12/2008|21:20 - Option : [2]
--------------------\\ Fin du rapport a 21:20:23 [ UAC => 1 ] | |
|
| |
geoffrey5 Admin
Nombre de messages : 1849 Age : 43 Localisation : Liège - Belgique Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM Date d'inscription : 28/07/2008
| Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:32:22 | |
| Ok... Refais un nouveau rapport hijackthis stp | |
|
| |
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:38:40 | |
| Voila
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:37:57, on 08/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal
Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\TpShocks.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eo.st R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: globaladsolution - {73a05875-0698-1136-782a-3c0c953854bc} - C:\Windows\system32\nsk66CC.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: globaladsolution browser enhancer - {7BB44F19-8650-8695-8B05-EE6A135E3297} - C:\Windows\system32\qbohykryjhbvcia.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TpShocks] C:\WINDOWS\system32\TpShocks.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [fgbptzebkdd] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\qbohykryjhbvcia.dll" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe" O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NewShortcut2.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218406405825&h=80192c0155783bd3c07571c91ba83474/&filename=jinstall-6u7-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
-- | |
|
| |
geoffrey5 Admin
Nombre de messages : 1849 Age : 43 Localisation : Liège - Belgique Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM Date d'inscription : 28/07/2008
| Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:43:37 | |
| ==> Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): - Va dans démarrer puis panneau de configuration - Double Clique sur l'icône "Comptes d'utilisateurs" - Clique ensuite sur désactiver et valide.
- Télécharge et enregistre le fichier d installation sur ton bureau :
https://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
- Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )
- Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.
- Au menu principal choisi l'option "A"
- Poste le rapport qui apparait à la fin.
( le rapport est sauvegardé aussi sous C:\Ad-report.log ) (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) Note :
Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. | |
|
| |
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:47:58 | |
| voila le rapport
--------- Logfile of AD-Remover 1.0.6.5 by C_XX --------- # START at: 21:46:36 | Mon 08/12/2008 ON Microsoft® Windows Vista ™ v6.0.6001 # BOOT MODE: Normal (!) - /!\ UAC is enable /!\ # OPTION: Scan # EXECUTED FROM: C:\Users\Ethik\Desktop\AD-Remover.bat # PC: PC-DE-ETHIK | USER: Ethik ( Current user is an administrator ) # DRIVE(S): C:\ D:\ E:\ F:\ # Systemdrive: C:\ (NTFS) # Internet Explorer v7.0.6001.18000 --------- [ RUNNING PROCESSES: 55 ] ---------
C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\System32\TpShocks.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Windows\system32\svchost.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Windows\System32\TPHDEXLG.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\ntvdm.exe -----------------------------------
+-----------------------| Boonty/Boonty Games Elements found..
Found ! - "Boonty Games" (service) "HKEY_CURRENT_USER\SOFTWARE\Boonty" "HKEY_LOCAL_MACHINE\Software\Boonty" "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games" "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games" . [05/11/2008 21:33|d--------] C:\Program Files\Common Files\BOONTY Shared [05/11/2008 21:33|d--------] C:\ProgramData\BOONTY [05/11/2008 21:33|d--------] C:\ProgramData\BOONTY +-----------------------| Eorezo Elements found..
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho" "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1" "HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}" "HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}" "HKEY_CURRENT_USER\SOFTWARE\EoRezo" "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}" "HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo" "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}" . [11/08/2008 15:18|d--------] C:\Users\Ethik\AppData\Roaming\EoRezo +-----------------------| Everest Poker Elements found..
. +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found..
. +-----------------------| Messenger Skinner Elements found..
. +-----------------------| Sweetim Elements found..
"HKEY_CURRENT_USER\SOFTWARE\SweetIM" "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}" "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}" "HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM" . [09/10/2008 17:40|d--------] C:\Users\Ethik\AppData\Roaming\Mozilla\Firefox\Profiles\4bcztihi.default\SweetIMToolbarData +-----------------------| ADDED SCAN ..
+---------- Scanning prefs.js ... ( # Mozilla User Preferences ) ...\4bcztihi.default\prefs.js : ~~~~ Mozilla FireFox version 3.0.4 ~~~~
+----------+
FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); FOUND - user_pref("sweetim.toolbar.mode.debug", "false"); FOUND - user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties"); FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>"); FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10"); FOUND - user_pref("sweetim.toolbar.simapp_id", "{25D74F10-9615-11DD-B376-001C26E551FD}"); FOUND - user_pref("sweetim.toolbar.version", "1.0.0.6"); +---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background Veoh REG_SZ "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide (par d‚faut) REG_SZ IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe ManyCam REG_SZ "C:\Program Files\ManyCam 2.3\ManyCam.exe" VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" +--[HKEY_LOCAL_MACHINE\..\Run]
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" TpShocks REG_SZ C:\WINDOWS\system32\TpShocks.exe RtHDVCpl REG_SZ RtHDVCpl.exe SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe NBKeyScan REG_SZ "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" fgbptzebkdd REG_SZ C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\qbohykryjhbvcia.dll" +--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.google.fr/ +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://eo.st +---------------------------------------------------------------------------+
- "C:\AD-report-08.12.2008.log" (8120 octets)
[ END at: 21:46:43 | 08/12/2008 ] - [ Time elapsed: 7.3 seconds ] +---------------------------------------------------------------------------+ +------------------------------- [ E.O.F - 169 lines ] +---------------------------------------------------------------------------+ | |
|
| |
geoffrey5 Admin
Nombre de messages : 1849 Age : 43 Localisation : Liège - Belgique Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM Date d'inscription : 28/07/2008
| Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:56:18 | |
| ok maintenant fais ceci stp : ! Déconnectes toi et fermes toutes applications en cours !
- Relances "Ad-remover" : au menu principal choisi l'option "B" .
- Coche à l'écran de sélection :
Suppression Boonty/BoontyGames Suppression Eorezo Suppression Sweetim
- Puis choisi "S" , le programme va travailler,
- Postes le rapport qui apparait à la fin.
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log ) ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) /!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) | |
|
| |
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 0:10:44 | |
| voila
*** Limited to *** Boonty/BoontyGames Eorezo Sweetim ****************** # START at: 22:01:44 | Mon 08/12/2008 ON Microsoft® Windows Vista ™ v6.0.6001 # BOOT MODE: Normal (!) - /!\ UAC is enable /!\ # OPTION: Scan # EXECUTED FROM: C:\Users\Ethik\Desktop\AD-Remover.bat # PC: PC-DE-ETHIK | USER: Ethik ( Current user is an administrator ) # DRIVE(S): C:\ D:\ E:\ F:\ # Systemdrive: C:\ (NTFS) # Internet Explorer v7.0.6001.18000 --------- [ RUNNING PROCESSES: 53 ] ---------
C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\System32\TpShocks.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Windows\system32\svchost.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Windows\System32\TPHDEXLG.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\ntvdm.exe -----------------------------------
(!) ---- IE start pages reset +-----------------------| Boonty/Boonty Games Elements Deleted..
"HKEY_CURRENT_USER\SOFTWARE\Boonty" /!\ NOT DELETED -"HKEY_LOCAL_MACHINE\Software\Boonty" /!\ NOT DELETED -"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games" /!\ NOT DELETED -"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games" /!\ NOT DELETED -"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games" . [05/11/2008 21:33|d--------] C:\Program Files\Common Files\BOONTY Shared [05/11/2008 21:33|d--------] C:\ProgramData\BOONTY +-----------------------| Eorezo Elements Deleted..
/!\ NOT DELETED -"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho" /!\ NOT DELETED -"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1" /!\ NOT DELETED -"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}" /!\ NOT DELETED -"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}" "HKEY_CURRENT_USER\SOFTWARE\EoRezo" "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}" /!\ NOT DELETED -"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo" /!\ NOT DELETED -"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}" /!\ NOT DELETED -"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}" . [11/08/2008 15:18|d--------] C:\Users\Ethik\AppData\Roaming\EoRezo +-----------------------| Sweetim Elements Deleted..
"HKEY_CURRENT_USER\SOFTWARE\SweetIM" "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}" "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}" /!\ NOT DELETED -"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM" . [09/10/2008 17:40|d--------] C:\Users\Ethik\AppData\Roaming\Mozilla\Firefox\Profiles\4bcztihi.default\SweetIMToolbarData (!) ---- Temp files deleted. (!) ---- Recycle bin emptied in all drives.
************* /!\ Registry Element(s) Not Deleted /!\ ************* "HKEY_LOCAL_MACHINE\Software\Boonty" "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games" "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games" "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho" "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1" "HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}" "HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}" "HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo" "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}" "HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM" Second run ...
""HKEY_LOCAL_MACHINE\Software\Boonty"" - RESIST ! ""HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"" - DELETED ! ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games"" - DELETED ! ""HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"" - DELETED ! ""HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"" - RESIST ! ""HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"" - RESIST ! ""HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"" - RESIST ! ""HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"" - RESIST ! ""HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"" - RESIST ! ""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"" - RESIST ! ""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"" - DELETED ! ""HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"" - RESIST !
+---------------------------------------------------------------------------+ +------------------------------- ADDED SCAN .. +---------------------------------------------------------------------------+
+---------- Scanning prefs.js ... ( # Mozilla User Preferences ) ...\4bcztihi.default\prefs.js : ~~~~ Mozilla FireFox version 3.0.4 ~~~~
+----------+
REMOVED - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); REMOVED - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); REMOVED - user_pref("sweetim.toolbar.mode.debug", "false"); REMOVED - user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties"); REMOVED - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>"); REMOVED - user_pref("sweetim.toolbar.search.history.capacity", "10"); REMOVED - user_pref("sweetim.toolbar.simapp_id", "{25D74F10-9615-11DD-B376-001C26E551FD}"); REMOVED - user_pref("sweetim.toolbar.version", "1.0.0.6"); +---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background Veoh REG_SZ "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide (par d‚faut) REG_SZ IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe ManyCam REG_SZ "C:\Program Files\ManyCam 2.3\ManyCam.exe" VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" +--[HKEY_LOCAL_MACHINE\..\Run]
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" TpShocks REG_SZ C:\WINDOWS\system32\TpShocks.exe RtHDVCpl REG_SZ RtHDVCpl.exe SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe NBKeyScan REG_SZ "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" fgbptzebkdd REG_SZ C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\qbohykryjhbvcia.dll" +--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/ +---------------------------------------------------------------------------+
- "C:\AD-report-08.12.2008.log" (10119 octets)
[ END at: 22:09:11 | 08/12/2008 ] - [ Time elapsed: 7 minutes, 27 seconds ] +---------------------------------------------------------------------------+ +------------------------------- [ E.O.F - 199 lines ] +---------------------------------------------------------------------------+ | |
|
| |
geoffrey5 Admin
Nombre de messages : 1849 Age : 43 Localisation : Liège - Belgique Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM Date d'inscription : 28/07/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 0:14:00 | |
| La suppression ne s est pas bien réalisée Je pense que tu n as pas désactivé le contrôle des comptes comme je t avais demandé... Il faut aller désactiver le contrôle des comptes utilisateurs et recommencer la suppression avec l'option B | |
|
| |
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 0:20:08 | |
| dsl, j'aivais oublié ce détail.. Voila le nouveau rapport, UAC désactivé | |
|
| |
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 0:20:19 | |
| --------- Logfile of AD-Remover 1.0.6.5 by C_XX --------- *** Limited to *** Boonty/BoontyGames Eorezo Sweetim ****************** # START at: 22:17:02 | Mon 08/12/2008 ON Microsoft® Windows Vista ™ v6.0.6001 # BOOT MODE: Normal (!) - UAC is disable # OPTION: Scan # EXECUTED FROM: C:\Users\Ethik\Desktop\AD-Remover.bat # PC: PC-DE-ETHIK | USER: Ethik ( Current user is an administrator ) # DRIVE(S): C:\ D:\ E:\ F:\ # Systemdrive: C:\ (NTFS) # Internet Explorer v7.0.6001.18000 --------- [ RUNNING PROCESSES: 55 ] ---------
C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\System32\TpShocks.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\TPHDEXLG.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe C:\Windows\system32\ntvdm.exe C:\Windows\system32\wbem\wmiprvse.exe -----------------------------------
(!) ---- IE start pages reset +-----------------------| Boonty/Boonty Games Elements Deleted..
"HKEY_LOCAL_MACHINE\Software\Boonty" "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games" "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games" . +-----------------------| Eorezo Elements Deleted..
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho" "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1" "HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}" "HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}" "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}" "HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo" "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}" . +-----------------------| Sweetim Elements Deleted..
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM" . (!) ---- Temp files deleted. (!) ---- Recycle bin emptied in all drives.
+---------------------------------------------------------------------------+ +------------------------------- ADDED SCAN .. +---------------------------------------------------------------------------+
+---------- Scanning prefs.js ... ( # Mozilla User Preferences ) ...\4bcztihi.default\prefs.js : ~~~~ Mozilla FireFox version 3.0.4 ~~~~
+----------+
+--[HKEY_CURRENT_USER\..\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background Veoh REG_SZ "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide (par d‚faut) REG_SZ IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe ManyCam REG_SZ "C:\Program Files\ManyCam 2.3\ManyCam.exe" VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" +--[HKEY_LOCAL_MACHINE\..\Run]
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" TpShocks REG_SZ C:\WINDOWS\system32\TpShocks.exe RtHDVCpl REG_SZ RtHDVCpl.exe SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe NBKeyScan REG_SZ "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" fgbptzebkdd REG_SZ C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\qbohykryjhbvcia.dll" +--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/ +---------------------------------------------------------------------------+
- "C:\AD-report-08.12.2008.log" (6004 octets)
[ END at: 22:17:50 | 08/12/2008 ] - [ Time elapsed: 47.8 seconds ] +---------------------------------------------------------------------------+ +------------------------------- [ E.O.F - 149 lines ] +---------------------------------------------------------------------------+ | |
|
| |
geoffrey5 Admin
Nombre de messages : 1849 Age : 43 Localisation : Liège - Belgique Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM Date d'inscription : 28/07/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 0:35:38 | |
| Très bien... Maintenant fais ceci stp :
- Télécharge Malwarebytes
- Tu auras un tutoriel à ta disposition pour l'installer et l'utiliser correctement.
- Fais la mise à jour du logiciel (elle se fait normalement à l'installation)
- Lance une analyse complète en cliquant sur "<gras>Exécuter un examen complet</gras>"
- Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"
- L'analyse peut durer un bon moment.....
- Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"
- Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"
- Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum
* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question poséeEt ensuite refais un nouveau rapport hijackthis stp | |
|
| |
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 2:20:41 | |
| rapport malware
Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1475 Windows 6.0.6001 Service Pack 1
09/12/2008 00:14:59 mbam-log-2008-12-09 (00-14-59).txt
Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 148649 Temps écoulé: 1 hour(s), 28 minute(s), 48 second(s)
Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 6 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5
Processus mémoire infecté(s): (Aucun élément nuisible détecté)
Module(s) mémoire infecté(s): C:\Program Files\Mozilla Firefox\components\nsglobaladsolution.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_globaladsolution (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73a05875-0698-1136-782a-3c0c953854bc} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{73a05875-0698-1136-782a-3c0c953854bc} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bb44f19-8650-8695-8b05-ee6a135e3297} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7bb44f19-8650-8695-8b05-ee6a135e3297} (Adware.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fgbptzebkdd (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté)
Dossier(s) infecté(s): (Aucun élément nuisible détecté)
Fichier(s) infecté(s): C:\Windows\nohh06760.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Windows\System32\regsvr32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\cont_globaladsolution-remove.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\components\nsglobaladsolution.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\nsk66CC.dll (Adware.BHO) -> Quarantined and deleted successfully. | |
|
| |
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 2:21:32 | |
| rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:21:04, on 09/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal
Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\System32\TpShocks.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TpShocks] C:\WINDOWS\system32\TpShocks.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe" O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NewShortcut2.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218406405825&h=80192c0155783bd3c07571c91ba83474/&filename=jinstall-6u7-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
-- End of file - 7535 bytes | |
|
| |
geoffrey5 Admin
Nombre de messages : 1849 Age : 43 Localisation : Liège - Belgique Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM Date d'inscription : 28/07/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 2:29:11 | |
| Redémarre l'ordinateur en mode sans échec Comment redémarrer en mode sans échec ??
Et va le supprimer en suivant ce chemin : (supprime le dossier)
C:\Program Files\ppcbooster\ppcb_32.exe
ensuite refais un nouveau rapport hijackthis stp | |
|
| |
geoffrey5 Admin
Nombre de messages : 1849 Age : 43 Localisation : Liège - Belgique Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM Date d'inscription : 28/07/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 2:30:43 | |
| vide ta corbeille avant de refaire le rapport hijackthis | |
|
| |
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 2:39:26 | |
| voila
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:39:01, on 09/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal
Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\System32\TpShocks.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ManyCam 2.3\ManyCam.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TpShocks] C:\WINDOWS\system32\TpShocks.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe" O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NewShortcut2.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218406405825&h=80192c0155783bd3c07571c91ba83474/&filename=jinstall-6u7-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
-- End of file - 7729 bytes | |
|
| |
geoffrey5 Admin
Nombre de messages : 1849 Age : 43 Localisation : Liège - Belgique Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM Date d'inscription : 28/07/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 4:35:23 | |
| Est ce que tu as bien supprimé le dossier et vider ta corbeille avant de refaire un rapport hijackthis ?? | |
|
| |
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 5:54:20 | |
| Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:53:47, on 09/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal
Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\TpShocks.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ManyCam 2.3\ManyCam.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TpShocks] C:\WINDOWS\system32\TpShocks.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe" O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NewShortcut2.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218406405825&h=80192c0155783bd3c07571c91ba83474/&filename=jinstall-6u7-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
-- End of file - 7631 bytes | |
|
| |
geoffrey5 Admin
Nombre de messages : 1849 Age : 43 Localisation : Liège - Belgique Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM Date d'inscription : 28/07/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 16:55:59 | |
| Salut
- Dans la barre des tâches, cliquer sur Démarrer puis sur Exécuter.
- Taper Msconfig puis cliquer sur OK
- Cliquer sur l'onglet "Démarrage"
- Décocher la case ppcb_32
- Et ensuite cliquer sur Appliquer ==> OK
Ensuite redémarre le PC et refais un nouveau rapport hijackthis stp | |
|
| |
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 17:40:06 | |
| Salut ;p et merci encors pour l'aide alor voila le nouveau hijackthis une fois la manip effectuée
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:39:39, on 09/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal
Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\System32\TpShocks.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TpShocks] C:\WINDOWS\system32\TpShocks.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe" O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NewShortcut2.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218406405825&h=80192c0155783bd3c07571c91ba83474/&filename=jinstall-6u7-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
-- End of file - 7419 bytes | |
|
| |
geoffrey5 Admin
Nombre de messages : 1849 Age : 43 Localisation : Liège - Belgique Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM Date d'inscription : 28/07/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 17:43:46 | |
| Très bien... Maintenant fais ceci stp :
- Télécharge RegCleaner
- Une fois installé, double-clique sur son icône pour l'exécuter
- Dans la barre de menu, clique sur Options puis sélectionne Language => Choose the language
- recherche French.rlg et double-clique dessus pour appliquer la langue
- Clique ensuite sur Outils dans la barre de menu
- Sélectionne Nettoyage du registre => Nettoyeur de registre automatique
- RegCleaner va alors lancer le nettoyage automatiquement
- Coche ensuite les entrées invalides et clique sur Supprimer sélections => Terminer => Quitter
Est-ce que tu as le logiciel Spybot ?? | |
|
| |
Ethik Membre
Nombre de messages : 15 Age : 38 Date d'inscription : 08/12/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 17:44:33 | |
| | |
|
| |
geoffrey5 Admin
Nombre de messages : 1849 Age : 43 Localisation : Liège - Belgique Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM Date d'inscription : 28/07/2008
| Sujet: Re: A l'aide !!! virus Mar 9 Déc - 17:48:43 | |
| Ok... Après avoir fait RegCleaner :
- Télécharge Spybot Search & Destroy sur mon site web.
- Un tutoriel sera à ta disposition pour l'installer et l'utiliser correctement.
Fais une mise à jour et une analyse... Ensuite viens signaler si tu as encore des problèmes | |
|
| |
Contenu sponsorisé
| Sujet: Re: A l'aide !!! virus | |
| |
|
| |
| A l'aide !!! virus | |
|