(spyware) Infecté par Adware Generic.LRH

Merci Green Day,

J'ai suivi tes instructions et voici les 2 rapports :

1) Ewido
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:17:01 19/10/2006

+ Scan result:



HKU\S-1-5-21-861567501-1770027372-682003330-500\SOFTWARE\Mic­rosoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-­86E0-83152D67828A} -> Adware.180Solutions : No action taken.
D:\Sauvegarde\kazaa_setup.exe -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
HKU\S-1-5-21-861567501-1770027372-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\WhenU -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\WhenU\Uninstall.lnk -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\WhenU\WhenU.com Website.url -> Adware.SaveNow : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg -> Adware.SaveNow : No action taken.
HKLM\SOFTWARE\zango -> Adware.Zango : No action taken.
HKU\S-1-5-21-861567501-1770027372-682003330-500\SOFTWARE\zango -> Adware.Zango : No action taken.
HKU\S-1-5-21-861567501-1770027372-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} -> Adware.ZangoSearch : No action taken.
C:\WINDOWS\system32\__delete_on_reboot__i_e_r_n_p_n_c_e_._d_l_l_ -> Downloader.Small.cgu : No action taken.
[4000] C:\WINDOWS\system32\iernpnce.dll -> Downloader.Small.cgu : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@casinodelrio[1].txt -> TrackingCookie.Casinodelrio : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@www.casinodelrio[2].txt -> TrackingCookie.Casinodelrio : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@casinopays[1].txt -> TrackingCookie.Casinopays : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@crbanner.casinopays[2].txt -> TrackingCookie.Casinopays : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@e-2dj6wgkienc5ehq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@e-2dj6wgkowjdpcbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@e-2dj6wgmyejcjsdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@e-2dj6whlicoc5cao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@e-2dj6wjmysoczgho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@as-eu.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@as1.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Administrateur\Cookies\administrateur@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end

2)Bitdefender
BitDefender Online Scanner



Scan report generated at: Thu, Oct 19, 2006 - 10:44:58





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
01:22:21

Files
1025525

Folders
4351

Boot Sectors
4

Archives
8949

Packed Files
163210




Results

Identified Viruses
3

Infected Files
11

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
10




Engines Info

Virus Definitions
477441

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{3DB98214-427B-4B02-801B-BD7891198A7C}\Microsoft\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Infected with: Trojan.Agent.U

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{3DB98214-427B-4B02-801B-BD7891198A7C}\Microsoft\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Disinfection failed

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{3DB98214-427B-4B02-801B-BD7891198A7C}\Microsoft\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Deleted

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{3DB98214-427B-4B02-801B-BD7891198A7C}\Microsoft\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe
Update failed

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{3DB98214-427B-4B02-801B-BD7891198A7C}\Microsoft\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Infected with: Trojan.Agent.U

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{3DB98214-427B-4B02-801B-BD7891198A7C}\Microsoft\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Disinfection failed

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{3DB98214-427B-4B02-801B-BD7891198A7C}\Microsoft\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Deleted

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{3DB98214-427B-4B02-801B-BD7891198A7C}\Microsoft\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe
Update failed

C:\WINDOWS\system32\__delete_on_reboot__i_e_r_n_p_n_c_e_._d_l_l_
Infected with: Trojan.Downloader.Agent.RG

C:\WINDOWS\system32\__delete_on_reboot__i_e_r_n_p_n_c_e_._d_l_l_
Disinfection failed

C:\WINDOWS\system32\__delete_on_reboot__i_e_r_n_p_n_c_e_._d_l_l_
Delete failed

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Infected with: Trojan.Agent.U

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Disinfection failed

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Deleted

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe
Update failed

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Infected with: Trojan.Agent.U

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Disinfection failed

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Deleted

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe
Update failed

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Infected with: Trojan.Agent.U

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Disinfection failed

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Deleted

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe
Update failed

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Infected with: Trojan.Agent.U

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Disinfection failed

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Deleted

D:\Sauvegarde 2005-11-21.eba=>{3DB98214-427B-4B02-801B-BD7891198A7C}/ident_data.zip=>Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe
Update failed

D:\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Infected with: Trojan.Agent.U

D:\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Disinfection failed

D:\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Deleted

D:\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe
Update failed

D:\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Infected with: Trojan.Agent.U

D:\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Disinfection failed

D:\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Deleted

D:\Outlook Express\Brouillons.dbx=>(message 3)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sun, 14 Nov 2004 13:12:24 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe
Update failed

D:\Outlook Express\Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Infected with: Trojan.Agent.U

D:\Outlook Express\Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Disinfection failed

D:\Outlook Express\Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Deleted

D:\Outlook Express\Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe
Update failed

D:\Outlook Express\Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Infected with: Trojan.Agent.U

D:\Outlook Express\Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Disinfection failed

D:\Outlook Express\Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe=>(Embedded EXE o)
Deleted

D:\Outlook Express\Éléments envoyés.dbx=>(message 25)=>[Subject: =?iso-8859-1?Q?Fw:_Envoi_d'un_message=][Date: Tue, 1 Mar 2005 08:05:55 +0100]=>(MIME part)=>emule.0.44b.no.ratio.crack.leecher.zip=>emule.exe
Update failed

Voilà, j'espère que quelqu'un trouvera la solution car pour moi c'est du chinois !!

Merci d'avance à tous !

Vedrane29

Que veux tu dire par No action taken ? je dois parametrer quelque chose ?

Excuse moi mais je ne m'y connais pas trop dans tous ces programmes ?

Merci

Vedrane29

Salut,

Encore merci pour ta patience !

Voici le nouveau log de Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 13:23:43, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Player Video TF1\tf1.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [tf1] C:\Program Files\Player Video TF1\tf1.exe
O4 - HKLM\..\Run: [Helpdashcashsoap] C:\Documents and Settings\All Users\Application Data\Ref Aim Help Dash\HoldBore.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunOnce: [a_usdll] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.dll"
O4 - HKLM\..\RunOnce: [b_usexe] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.exe"
O4 - HKLM\..\RunOnce: [c_usdir] cmd /C "rmdir /Q C:\WINDOWS\system32\Macromed\Download"
O4 - HKCU\..\Run: [ref axis] C:\DOCUME~1\ADMINI~1\APPLIC~1\MAGSAC~1\MediaExit.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{14E878B0-D357-44FF-A905-1110FE950DAB}: NameServer = 195.238.2.21 195.238.2.22
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Autres soucis :
1) Lors de la fermeture du pc le message suivant apparait :
MEDIA.1.EXE - L'initialisation de la DLL a échouée
L'application n'a pu s'initialiser car la station de travail est entrain d'être arrêtée

2) L'erreur suivante est apparue
EXPLORER.EXE Erreur d'application
L'instruction à "oxo25d7f20" emploie l'adresse mémoire "0x025d7f20". La mémoire ne peut être "read".
Cliquez sur ok pour terminer le programme.
Je ne sais plus lors de quelle execution exacte cette erreur est apparue !

3) Je n'arrive toujours pas à installer convenablement le plugin flash qui me permettait de jouer sur midasplayer.com.
Adobe flash player me dit qu'il est installé mais impossible de l'executer que ce soit avec midasplayer.com ou just-sports.de... enfin çà s'est un peu secondaire !

Malgré Ewido anti-spyware et Kerio firewall, j'ai encore des saletés de pop-ups qui passent !!!!

A part çà, le scan de mon antivirus était ok pour la première fois depuis des lunes !

Encore merci

a+++

Salut,

J'ai été sur la page que tu m'as indiquée et j'ai accepté en bas de page à gauche.
Ensuite une autre page s'est ouverte ou je pouvais telecharger blbta.exe ou blbetac.exe... j'ai téléchargé blbta.exe et je l'ai executé... nulle part je n'ai pu choisir l'option de laisser le scan through Windows Explorer activé... j'ai lancé le scan et le résultat est que je n'ai "no hidden items found"... j'ai fait next... jamais vu de rapport... il y a seulement le choix "show all processes" mais il s'agit d'une liste déroulante qu'il est impossible de copier/coller.


Dis moi, si j'ai fait une fausse manoeuvre...

Merci d'avance

a+++

Re,

Voici le nouveau rapport

ABC (remove only)
ACDSee 7.0 PowerPack
Adobe Reader 7.0 - Français
Adobe Shockwave Player
Anti-Leech Plugin for Internet Explorer
AnyDVD
Archiveur WinRAR
BearShare
CCleaner (remove only)
CleanUp!
CloneDVD2
Digimax V
Digimax Viewer 2.0
Disque de souvenirs HP
DivX
Durable Copy 1.3.1
DVD Shrink 3.2
Easy CD-DA Extractor 6.2
e-Backup 1.42
EMEA02
ewido anti-spyware 4.0
HijackThis 1.99.1
Hijackthis Version Française
hp psc 1200 series
InterActual Player
InterVideo WinDVD 7
iPod for Windows 2005-09-23
iRiver Manager
IsoBuster 1.7
iTunes
J2SE Runtime Environment 5.0 Update 5
K-Lite Mega Codec Pack 1.38
LiveUpdate BVRP Software
Lyra Jukebox Applications
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Marvell Miniport Driver
MGI PhotoSuite III SE (suppression seulement)
Micro Application - Cartes de visite
Microsoft Office Professional Edition 2003
mobile PhoneTools
MoodLogic DeviceLink
MSN Messenger 7.5
MSXML 4.0 SP2 Parser and SDK
Nero 6 Ultra Edition
NfoDiz 5.0
NVIDIA nForce Drivers
Photo et imagerie HP 2.0 - All-in-One
Photo et imagerie HP 2.0 - All-in-One Pilote
Photo et imagerie HP 2.0 - hp psc 1200 series
PowerDVD
QuickSFV (Remove only)
QuickTime
Rayman 3
Samsung D500 USB-Handset Manager
SATARaid
SereneScreen Aquarium
Sunbelt Kerio Personal Firewall
SuperCopier
Système anti-virus AVG 7.0
VideoLAN VLC media player 0.8.0
Winamp (remove only)
XVid;-)
Yahoo! Anti-Spy
Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

HijackThis n'a pas trouvé les 3 lignes que tu voulais me faire cocher qui commencaient par 04-HKLM\..\runonce... je suppose que c'est normal !

Encore merci !

a++

Re,

EMEA02, j'ai fait une recherche dans les fichiers et voici le resultat
hpomsi log emea02.txt c:\program files\hewlette packard\digital imaging
hpomsi log emea02.txt c:\documents and settings\administrateur\recent

Voici le log :
Logfile of HijackThis v1.99.1
Scan saved at 20:34:29, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ref axis] C:\DOCUME~1\ADMINI~1\APPLIC~1\MAGSAC~1\MediaExit.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{14E878B0-D357-44FF-A905-1110FE950DAB}: NameServer = 195.238.2.21 195.238.2.22
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0