kukrapok

heu merci de me répondre diana, mais alors la je dois bien t'avouer ke g pas tt compris...

ok merci jack! tiens voila re rapport ewido, ce serait cool de me dire ce k'il en est sur ce spyware ewido security suite - Rapport de scan --------------------------------------------------------- + Créé le: 18:09:59, 12/09/2005 + Somme de contrôle: EA804385 + Résultats du scan: C:\Documents and Settings\kuk\Cookies\kuk@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder ::Fin du rapport

ok merci ben j'espère ke ca va le faire....mais bon chui un peu fataliste parcke le coup d'avant c t exactement le meme plan et pis bam ! rebelote le tenga ya pu k'a attendre mais sinon y'a t'ils eu d'autres utilisateurs ki ont réssi a s'en débarasser définitevement de cette manière ??

mission accomplie jack, vla le rapport Logfile of HijackThis v1.99.1 Scan saved at 17:14:31, on 12/09/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\AVPersonal\AVGUARD.EXE D:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Messager Wanadoo\Demon.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe D:\Program Files\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\lclock.exe D:\logiciels + divers\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\Messager Wanadoo\Demon.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] lclock.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe bon mes exe sont tjrs corrompus mais ca en meme temps c ptete normal..?? sinon ben je te dirai ce k'il en est merci encore

Merci bien !!

alors moi ni spy bot, ni eiffel tower, ni meme les fleurs.... désolé

oops pardon vla la suite d'antivir Name of configuration file: D:\Program Files\AVPersonal\AVWIN.INI Name of report file: D:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG Start path: D:\Program Files\AVPersonal Command line: Start mode: unknown Mode of report file: [ ] Do not create report [X] Overwrite report [ ] Append new report Data in report file: [X] Infected files [ ] Infected files with paths [ ] All scanned files [ ] Full information Abridge report file: [ ] Abridge report file Warnings in report: [X] Access denied/file locked [X] Wrong file size in directory [X] Wrong creation time in directory [ ] COM file is too large [X] Invalid start address [X] Invalid EXE header [X] Possibly damaged Summary report: [X] Create summary report Output file: AVWIN.ACT Maximum number of entries: 100 Where to search: [X] Memory [X] Boot record of selected drives [ ] Report unknown boot sectors [X] All files [ ] Program files Response in case of a detection: [X] Repair with prompt [ ] Repair without prompt [ ] Delete with prompt [ ] Delete without prompt [ ] Write in report file only [X] Acoustic alarm Response in case of destroyed files: [X] Delete with prompt [ ] Delete without prompt [ ] Ignore Response in case of destroyed files: [X] No change [ ] Current system time [ ] Correct date Drag&drop settings: [X] Scan subdirectories Profile settings: [X] Scan subdirectories Archive options [X] Search archive [X] Archive types to leave out 1002 1001 1000 Miscellaneous options: Temporary path: %TEMP% -> D:\Program Files\AVPersonal\BUILD.DAT [X] Overwrite infected files [ ] Detect idle time [X] Allow interruptions of scan [ ] Load AVWin®/NT Guard on System start General settings: [X] Save options on exiting AntiVir Priority: medium Drives: C: Hard disk D: Hard disk E: Hard disk F: CD-ROM Start of scan: lundi 12 septembre 2005 15:57 Memory test OK Master boot record of hard disk HD0 OK Boot record of drive C: OK Boot record of drive D: OK Boot record of drive E: OK C:\ pagefile.sys Access denied! Error during file opening! This is a Windows swap file. This file is locked by Windows. Error code: 0x000D WARNING! Access error/file locked! C:\Documents and Settings\Administrateur NTUSER.DAT Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! ntuser.dat.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows UsrClass.dat Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! UsrClass.dat.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson user.dmp Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Documents and Settings\NetworkService NTUSER.DAT Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! ntuser.dat.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows UsrClass.dat Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! UsrClass.dat.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Program Files\WinRAR rarnew.dat ArchiveType: RAR NOTE! The archive is created by multiple volumes Error! Could not change directory: System Volume Information C:\WINDOWS\system32\config default Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! default.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SAM Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SAM.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SECURITY Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SECURITY.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! software Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! software.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! system Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! system.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! D:\image-CD\xp 64 (Windows.Server.2003.64ä½?版.多国语言包).Windows.x64.MUI.CD1-XiSO.nfo Access denied! Error during file opening! Error code: 0x0016 WARNING! Access error/file locked! D:\patch\patch we are pes 4 complet OlemixPCv1[1].0.part01.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part02.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part03.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part04.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part05.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part06.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part07.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part08.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part09.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part10.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part11.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part12.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part13.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part14.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part15.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part16.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part17.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part18.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part19.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part20.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part21.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part22.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes OlemixPCv1[1].0.part23.rar ArchiveType: RAR NOTE! The archive is created by multiple volumes Error! Could not change directory: System Volume Information Error! Could not change directory: Emilie.Simon.-.[Emilie.Simon].??.(mp3) E:\mp3\Hellbats Fast'N'Heavy (Psycho Psychobilly Rockabilly Punk Misfits Motorhead Turbonegro Ramones Backyard Babies) Hellbats Fast'n'heavy - 06-Human barbq (what will beleft of them...) (psycho punk misfits motorhead turbonegro ramones backyard babies).mp3:KAVICHS Access denied! Error during file opening! Error code: 0x0016 WARNING! Access error/file locked! Error! Could not change directory: System Volume Information End of scan: lundi 12 septembre 2005 16:11 Time taken: 13:43 min 2817 directories were scanned 40235 files were scanned 22 warning messages were issued 0 files were deleted 0 files were repaired 0 detections

Salut jack merci a toi de me répondre bon donc procédure antivir + hijackthis efféctué,sous compte administrateur car sous session courante je n'y arrive pas... je te poste le rapport hijack et le antivir desfois ke... Logfile of HijackThis v1.99.1 Scan saved at 16:16:37, on 12/09/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\logiciels + divers\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\Messager Wanadoo\Demon.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKCU\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd O4 - HKCU\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe AntiVir®/XP (2000 + NT) PersonalEdition Classic Build 1047 vom 07.06.2005 Mainprogram 6.31.00.03 of 10.05.2005 VDF file 6.31.1.233 (0) of 12.09.2005 This program is for PERSONAL USE only. Any other use is PROHIBITED. Informations regarding commercial versions of AntiVir may be obtained from: www.hbedv.com. Scanning for 213955 virus strains and unwanted programs. Licensed for: AntiVir Personal Edition Serial number: 0000149996-WURGE-0001 Please enter the workstation and contact name with phone number in this form: Name ___________________________________________ Street ___________________________________________ Town ___________________________________________ Phone/Fax ___________________________________________ Email ___________________________________________ Platform: Windows NT Workstation Windows version: 5.1 Build 2600 (Service Pack 2) Username: Administrateur Computername: LSDBOT-III Processor: Pentium Working memory: 1048048 KB free Version information: AVWIN.DLL : 6.31.00.03 561192 10.05.2005 16:50:16 AVEWIN32.DLL : 6.31.1.0 823808 19.07.2005 17:54:12 AVGNT.EXE : 6.31.00.01 168039 10.05.2005 16:50:16 AVGUARD.EXE : 6.31.00.01 238120 29.04.2005 08:07:12 GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 11:24:10 AVGCMSG.DLL : 6.31.00.00 295029 29.04.2005 08:07:16 AVGNTDW.SYS : 6.31.00.01 32896 29.04.2005 08:07:16 AVPACK32.DLL : 6.31.00.03 323664 25.05.2005 10:43:02 AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 18:10:20 AVWIN.DLL : 6.31.00.03 561192 10.05.2005 16:50:16 AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 18:10:22 AVSched32.EXE : 6.30.00.00 110632 01.02.2005 11:24:10 AVSched32.DLL : 6.30.00.00 122880 01.02.2005 11:24:10 AVREG.DLL : 6.30.00.03 41000 10.02.2005 18:47:48 AVRep.DLL : 6.31.01.226 1335336 09.09.2005 13:46:20 INETUPD.EXE : 6.31.00.02 249915 29.04.2005 08:07:14 INETUPD.DLL : 6.31.00.02 143360 29.04.2005 08:07:14 CTL3D32.DLL : 2.31.000 27136 28.08.2001 17:00:00 MFC42.DLL : 6.02.4131.0 1028096 04.08.2004 02:54:32 MSVCRT.DLL : 7.0.2600.2180 (xpsp_sp2_rtm.0408 MSVCRT.DLL : 7.0.2600.2180 343040 04.08.2004 02:54:36 CTL3DV2.DLL : No information voila le topo merci encore a toi de me consacrer un peu de ton temps

Haan Diana heu !! holala g le bourdon ! tain de virus a la c.. en tt k merci de répondre, meme si c en vannant, une rigolade ca vo un bon steack....n'est il pas...? n'empeche ca craint, ya pas de news concerant ce virus, les boites d'anti-virus trouvent pas de fix ???

Bien le bonjour, et ben voila c encore moi....et c pas pour une bonne nouvelle : g tjrs la vérole !! win32.tenga.a tjrs la !!!! mes exe sont encore corrompus, mon pc a refusé de demarrer; g donc reformaté ma partie C vu ke mon dur est partitionné, mais c bel et bien le dur tout entier ki a la vérole donc la je suis ds la merde je sais plus koi faire, vous croyez ke je v etre obligé de TOUT reformater??? Donc siouplait si kk'un a un plan?? Merci d'avance

ok c tt bon g fé peter ewido et pis bon com un con g oublié d'enregistrer le rapport mais c pas grave j'avais 7 objets infectés mais c t 7 spywares, j'imagine donc ke c tt bon ce coup la je vous embete pu...avant la prochaine vérole nan c bon je v faire gaffe encore merci a tous bonne continuation

Oh ben Diana, ca y est tu viens de me mettre le cafard...tu pense ke tenga peut etre encore sur mon dur ??

Aléluiaaa mes frères zé mes mes soeurs !!!!! megataupe président !!!! si t'étais la acoté je crois ke je te ferais un bisou !!

oups pardon diana j'avais pas fé gaffe o pseudo, merci les gars et diana!!!!! lol

bon et ben voila mission accomplie vla le topo Logfile of HijackThis v1.99.1 Scan saved at 16:58:28, on 09/09/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Wanadoo\CnxMon.exe C:\PROGRA~1\Messager Wanadoo\Demon.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\PROGRA~1\Agnitum\Tauscan 1.7\taumon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\lclock.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\Messager Wanadoo\Demon.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\Tauscan 1.7\taumon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] lclock.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe Merci de me dire ce k'il en est .... j'espere ke c bon et en tt k encore merci, ca c vraiment le luxe d'avoir des gars com vous pour donner un coup de main !!

ok mégataupe je v faire ca et je te tiens o jus en tt k merci les gars pour vos réponses !!! ps: wé je sais g plein d'antivirus la parcke bon je les ai tous essayé et pis bon g des soucis de désinstall du au virus a++

Bonjour a tous, bon je viens de m'inscrire sur zébulon car apparremment ca bosse dur ici et g vu kkes ptits gars avec un pblm identik au mien; kje m'explik j'ai moi oci été infecté par ce magnifik virus dénommé tenga.a g kasperky pro mais bon rien a faire tenga est venu et il a vaincu,malgré des tentives de scan avec moultes anitvirus, en mode sans échec etc.... g donc vu ke pas mal de monde a ce prblm et g vu sur ce forum les différentes phases a respecter pour lutter je vous ai donc écouter : antivir hijackthis .... bref g fé com c précisé je vous passe les détails (mode sans échec,clean mgr etc etc...); seul hic :impossible pour moi de choisir la session courante et non celle de l'administrateur pour faire tt ca je ne connais pas les conséquences de cela.... enfin bon voila je me permets donc de vous envoyer mon rapport hijackthis et j'espere ke k'un pourra m'aider, ce serait vraiment super sympa merci d'avance pour ce petit coup de patte a++ Logfile of HijackThis v1.99.1 Scan saved at 14:47:41, on 09/09/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\Messager Wanadoo\Demon.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\Tauscan 1.7\taumon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKCU\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd O4 - HKCU\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5A4F7BAD-0D51-4C2D-8108-F3B48D56AC7F}: NameServer = 80.10.246.1 80.10.246.132 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing) O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe