drive claner 2006
Dernière réponse : dans Sécurité
salut à tous
je suis infecté de ce fameux "drive cleaner" depuis qq jours.
merci de m'indiquer la manip à suivre
peace
crazy Bear
je suis infecté de ce fameux "drive cleaner" depuis qq jours.
merci de m'indiquer la manip à suivre
peace
crazy Bear
Autres pages sur : drive claner 2006
Lassé par la pub ? Créez un compte
Bonjour,
Avant de commencer, lis la licence de Blacklight (F-Secure)
En lisant ce document, tu as pris connaissance et accepté les conditions d'utilisation de ce programme inclus dans Navilog1.zip.
Télécharge maintenant Navilog1.zip (Il Mafioso)
Enregistre-le sur ton Bureau.
Dézippe le contenu de l'archive en faisant un Clique droit sur Navilog1.zip puis en choisissant Tout Extraire.
Double clique sur Navilog1.bat.
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2, 3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
&
Télécharge Hijackthis (de Merjin).
Dézippe le dans un dossier ou sur ton bureau.
Lance l'application.
Choisis l'option "Do a system scan and save a logfile"
Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
Colle le rapport ici.
AIDE : Tuto en vidéo sur Hijackthis
Avant de commencer, lis la licence de Blacklight (F-Secure)
En lisant ce document, tu as pris connaissance et accepté les conditions d'utilisation de ce programme inclus dans Navilog1.zip.
Télécharge maintenant Navilog1.zip (Il Mafioso)
Enregistre-le sur ton Bureau.
Dézippe le contenu de l'archive en faisant un Clique droit sur Navilog1.zip puis en choisissant Tout Extraire.
Double clique sur Navilog1.bat.
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2, 3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
&
Télécharge Hijackthis (de Merjin).
Dézippe le dans un dossier ou sur ton bureau.
Lance l'application.
Choisis l'option "Do a system scan and save a logfile"
Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
Colle le rapport ici.
AIDE : Tuto en vidéo sur Hijackthis
voilà le premier rapprt
Search Navipromo version 1.0.4 commencé le 28/02/2007 à 18:53:18.90
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Documents and Settings\DUBE\Bureau
Mise a jour le 26.02.2007 a 14h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\DUBE\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1055.
[+] Started on 02/28/07 at 18:53:21.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ..................................................................................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 02/28/07 at 19:10:21 (return code = 0).
*** Recherche fichiers ***
*** Recherche cles registre ***
Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de recherche complémentaire ***
(recherche fichiers spécifiques)
1)Recherche nouveaux fichiers connus:
2)Recherche Heuristique :
(fichiers non traités par le fix)
*
**
***
****
*** Analyse Terminé le 28/02/2007 à 19:11:30.78 ***
Search Navipromo version 1.0.4 commencé le 28/02/2007 à 18:53:18.90
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Documents and Settings\DUBE\Bureau
Mise a jour le 26.02.2007 a 14h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\DUBE\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1055.
[+] Started on 02/28/07 at 18:53:21.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ..................................................................................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 02/28/07 at 19:10:21 (return code = 0).
*** Recherche fichiers ***
*** Recherche cles registre ***
Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de recherche complémentaire ***
(recherche fichiers spécifiques)
1)Recherche nouveaux fichiers connus:
2)Recherche Heuristique :
(fichiers non traités par le fix)
*
**
***
****
*** Analyse Terminé le 28/02/2007 à 19:11:30.78 ***
Logfile of HijackThis v1.99.1
Scan saved at 19:17:07, on 28/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\sj652\hpupdate.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\StarOffice6.0\program\soffice.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdlite.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\DUBE\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\UpMedia\ContentTool.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: StarOffice 6.0.lnk = C:\Program Files\StarOffice6.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/087cde02fb5f42e35b17/netzip...
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploade...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxentelechargement.orange.fr/orange2.0/OnlineH...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeuxentelechargement.orange.fr/online2/zuma/ober...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Scan saved at 19:17:07, on 28/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\sj652\hpupdate.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\StarOffice6.0\program\soffice.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdlite.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\DUBE\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\UpMedia\ContentTool.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: StarOffice 6.0.lnk = C:\Program Files\StarOffice6.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/087cde02fb5f42e35b17/netzip...
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploade...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxentelechargement.orange.fr/orange2.0/OnlineH...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeuxentelechargement.orange.fr/online2/zuma/ober...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Bizarre...
Avec Internet Explorer
Fais un scan en ligne Panda
- Clique sur " Scan your PC "
- Ensuite sur " Check Now "
- /!\ Clique en bas sur " I don't Accept "
Entre ton adresse e-mail puis commence le scan
- Poste le rapport en fin d'analyse
Si tu as Avast! désactive-le lors du scan
Avec Internet Explorer
Fais un scan en ligne Panda
- Clique sur " Scan your PC "
- Ensuite sur " Check Now "
- /!\ Clique en bas sur " I don't Accept "
Entre ton adresse e-mail puis commence le scan
- Poste le rapport en fin d'analyse
Si tu as Avast! désactive-le lors du scan
Incident Status Location
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@adrevolver[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@bs.serving-sys[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@drivecleaner[2].txt
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@fl01.ct2.comclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@hitbox[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@mediaplex[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@statcounter[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@stats1.reliablestats[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@tradedoubler[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@valueclick[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@weborama[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@winantivirus[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@www.winantivirus[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@xiti[1].txt
Virus:Trj/Agent.DIL Disinfected C:\RECYCLER\NPROTECT\00168107.sys
Virus:W32/Nachi.L.worm Disinfected C:\RECYCLER\NPROTECT\00168109.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\RECYCLER\NPROTECT\00168110.exe
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\RECYCLER\NPROTECT\00168111.exe
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\RECYCLER\NPROTECT\00168112.dll
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\RECYCLER\NPROTECT\00168113.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1935655697-117609710-725345543-1004\Dc2101.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1935655697-117609710-725345543-1004\Dc2107.zip[Process.exe]
Spyware:spyware/apropos Not disinfected C:\WINDOWS\Downloaded Program Files\Popcap.dll
Virus:W32/Sasser.ftp Disinfected C:\WINDOWS\system32\cmd.ftp
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/Searchtool Not disinfected C:\WINDOWS\system32\UpMedia\ContentTool.dll
Adware:Adware/Searchtool Not disinfected C:\WINDOWS\system32\UpMedia\SearchTool.dll
Adware:Adware/Searchtool
bon
g fait un scann avec avg anti spyware et ensuite de nouveau scan avec panda
voici le rapport
Incident Status Location
Adware:Adware/Searchtool Not disinfected C:\WINDOWS\system32\UpMedia\ContentTool.dll
Spyware:spyware/apropos Not disinfected c:\windows\downloaded program files\Popcap.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@bluestreak[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@drivecleaner[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@mediaplex[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@stats.drivecleaner[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@weborama[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@winantivirus[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@www.winantivirus[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@xiti[1].txt
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\RECYCLER\NPROTECT\00168110.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/Searchtool Not disinfected C:\WINDOWS\system32\UpMedia\SearchTool.dll
Adware:Adware/Searchtool
merci de votre aide les gars (ou filles d'aileurs !)
g fait un scann avec avg anti spyware et ensuite de nouveau scan avec panda
voici le rapport
Incident Status Location
Adware:Adware/Searchtool Not disinfected C:\WINDOWS\system32\UpMedia\ContentTool.dll
Spyware:spyware/apropos Not disinfected c:\windows\downloaded program files\Popcap.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@bluestreak[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@drivecleaner[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@mediaplex[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@stats.drivecleaner[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@weborama[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@winantivirus[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@www.winantivirus[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@xiti[1].txt
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\RECYCLER\NPROTECT\00168110.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/Searchtool Not disinfected C:\WINDOWS\system32\UpMedia\SearchTool.dll
Adware:Adware/Searchtool
merci de votre aide les gars (ou filles d'aileurs !)
Re,
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Double-clique sur OTMoveIt.exe afin de le lancer.
Sélectionne TOUS les emplacements ci-dessous :
C:\WINDOWS\system32\UpMedia
C:\RECYCLER\NPROTECT
c:\windows\downloaded program files\Popcap.dll
---> Clique-droit puis Copier
Retourne sur OTMoveIt, fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur [#ff0000]MoveIt![/#f]
!! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Double-clique sur OTMoveIt.exe afin de le lancer.
Sélectionne TOUS les emplacements ci-dessous :
C:\WINDOWS\system32\UpMedia
C:\RECYCLER\NPROTECT
c:\windows\downloaded program files\Popcap.dll
---> Clique-droit puis Copier
Retourne sur OTMoveIt, fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur [#ff0000]MoveIt![/#f]
!! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
bon voilà il a redémarré le pc et le rapport c'est:
C:\WINDOWS\system32\UpMedia moved successfully.
Folder move failed. C:\RECYCLER\NPROTECT\00174057 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00174015 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173795 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173782 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173679 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173561 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173453 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173352 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173248 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173146 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173039 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172935 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172833 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172700 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172607 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172473 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172361 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172212 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172113 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00171764 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00171673 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00171282 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00171177 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00170941 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00170535 scheduled to be moved on reboot.
Folder cleanup failed. C:\RECYCLER\NPROTECT scheduled to be deleted on reboot.
c:\windows\downloaded program files\Popcap.dll unregistered successfully.
c:\windows\downloaded program files\Popcap.dll moved successfully.
Created on 03/02/2007 19:38:09
C:\WINDOWS\system32\UpMedia moved successfully.
Folder move failed. C:\RECYCLER\NPROTECT\00174057 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00174015 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173795 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173782 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173679 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173561 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173453 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173352 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173248 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173146 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00173039 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172935 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172833 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172700 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172607 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172473 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172361 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172212 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00172113 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00171764 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00171673 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00171282 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00171177 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00170941 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\NPROTECT\00170535 scheduled to be moved on reboot.
Folder cleanup failed. C:\RECYCLER\NPROTECT scheduled to be deleted on reboot.
c:\windows\downloaded program files\Popcap.dll unregistered successfully.
c:\windows\downloaded program files\Popcap.dll moved successfully.
Created on 03/02/2007 19:38:09
voici le new rapport:
Incident Status Location
Spyware:spyware/apropos Not disinfected c:\windows\downloaded program files\Popcap.inf
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@bs.serving-sys[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@drivecleaner[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@serving-sys[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@stats.drivecleaner[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@weborama[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@winantivirus[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@www.winantivirus[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@xiti[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/Searchtool Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\system32\UpMedia\ContentTool.dll
Adware:Adware/Searchtool Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\system32\UpMedia\SearchTool.dll
Adware:Adware/Searchtool
Incident Status Location
Spyware:spyware/apropos Not disinfected c:\windows\downloaded program files\Popcap.inf
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@bs.serving-sys[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@drivecleaner[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@serving-sys[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@stats.drivecleaner[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@weborama[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@winantivirus[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@www.winantivirus[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@xiti[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/Searchtool Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\system32\UpMedia\ContentTool.dll
Adware:Adware/Searchtool Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\system32\UpMedia\SearchTool.dll
Adware:Adware/Searchtool
Incident Status Location
Spyware:spyware/apropos Not disinfected c:\windows\downloaded program files\Popcap.inf
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@bs.serving-sys[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@drivecleaner[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@serving-sys[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@stats.drivecleaner[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@weborama[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@winantivirus[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@www.winantivirus[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\DUBE\Cookies\dube@xiti[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/Searchtool Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\system32\UpMedia\ContentTool.dll
Adware:Adware/Searchtool Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\system32\UpMedia\SearchTool.dll
Adware:Adware/Searchtool Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\system32\UpMedia\uninstallSE.exe
Citation :
- Assure toi d'avoir accès aux dossiers/fichiers cachés-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation
Et maintenant ?
Lassé par la pub ? Créez un compte
