Contamination W32/Tenga... Besoin d'aide please...

[bruce lee]

re,

 

désolé, c'est moi qui n'a pas été assez precis.

 

Tu fais clique droit sur le lien et tu choisis "enregistrer la cible sous" et apres tu suis ce qui est marqué dans ma reponse.

[arthus.briton]

Bon alors, c'est encore moi... lol...

 

J'ai de nouveau suivi tes instructions à la lettre et voici pour commencer le log Hijackthis réalisé en mode normal :

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:58:40, on 10/06/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Mixer.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\nvraidservice.exe

E:\Program Files\QuickTime\qttask.exe

E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\rundll32.exe

E:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

E:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149710870218

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D7E594D-32CE-4AB2-8079-F146B590FF4E}: NameServer = 86.64.145.140,86.64.145.141

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

 

 

Et aussi, le rapport de scan de Silent Runners, effectué déconnecté d'internet (câble débranché) :

 

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]

"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" [file not found]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"Name of App" = "C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [" "]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

"NVRaidService" = "C:\WINDOWS\system32\nvraidservice.exe" ["NVIDIA Corporation"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]

"LogitechGalleryRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" [file not found]

"QuickTime Task" = ""E:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"Zone Labs Client" = "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]

"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

-> {HKLM...CLSID} = "AlcoholShellEx"

\InProcServer32\(Default) = "E:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "E:\Program Files\Real Alternative\rpshell.dll" ["RealNetworks, Inc."]

"{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001}" = "Macromedia FTP & RDS"

-> {HKLM...CLSID} = "Macromedia FTP & RDS"

\InProcServer32\(Default) = "C:\WINDOWS\system32\CfShellFtpRds.dll" ["Macromedia, Inc."]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Périphériques Plug and Play universels"

-> {HKLM...CLSID} = "Périphériques Plug and Play universels"

\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "E:\Program Files\OpenOffice.org1.1.4\program\shlxthdl.dll" ["Sun Microsystems, Inc."]

"{6F95598F-7B24-46C7-99EE-99DD60E1B61B}" = "AxCrypt Privacy Wrapper File"

-> {HKLM...CLSID} = "axcrypt.File"

\InProcServer32\(Default) = "E:\Program Files\AxCrypt\1.6.1\AxCrypt.dll" ["Axantum Software AB"]

"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.11 Context Menu Shell Extension"

-> {HKLM...CLSID} = "WinAceContext Menu Extension"

\InProcServer32\(Default) = "E:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.11 DragDrop Shell Extension"

-> {HKLM...CLSID} = "WinAceDrag-Drop Extension"

\InProcServer32\(Default) = "E:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.11 Context Menu Shell Extension"

-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"

\InProcServer32\(Default) = "E:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.11 Property Sheet Shell Extension"

-> {HKLM...CLSID} = "WinAceProperty Sheet Extension"

\InProcServer32\(Default) = "E:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "E:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

 

HKLM\System\CurrentControlSet\Control\Session Manager\

INFECTION WARNING! "BootExecute" = "autocheck autochk * smrgdf E:\Program Files\System Mechanic 5 Professional\" [file not found], [MS], [file not found], [null data], [file not found], [file not found], [file not found], [file not found], [file not found]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

axcrypt.File\(Default) = "{6F95598F-7B24-46C7-99EE-99DD60E1B61B}"

-> {HKLM...CLSID} = "axcrypt.File"

\InProcServer32\(Default) = "E:\Program Files\AxCrypt\1.6.1\AxCrypt.dll" ["Axantum Software AB"]

ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"

-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"

\InProcServer32\(Default) = "E:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"

-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"

\InProcServer32\(Default) = "E:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

axcrypt.File\(Default) = "{6F95598F-7B24-46C7-99EE-99DD60E1B61B}"

-> {HKLM...CLSID} = "axcrypt.File"

\InProcServer32\(Default) = "E:\Program Files\AxCrypt\1.6.1\AxCrypt.dll" ["Axantum Software AB"]

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Ticoeur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Voilà, voilà...

 

Tiens, je me suis aperçu que ce foutu W32/Tenga m'avait bousillé l'exe de BSPlayer... impossible de lancer le logiciel... Je suis pas trop spécialiste mais à la lecture du rapport de Silent Runners, il me semble bien qu'il ait détecté quelques infections (2 pour être précis)... dont une au niveau de System Mechanic Pro que j'ai désinstallé déjà... Mais tout ça n'est que conjecture de newbie et j'attends avec impatience tes conclusions et recommandations...

 

bon ben encore merci... et j'espère qu'on va finir par réussir à le trouver et à l'éradiquer cette saloperie de bestiole... lol...

 

Amicalement,

 

Arthus.Briton.

[arthus.briton]

Euhhhhh,

 

Pendant que j'y pense et avant que je n'oublie, j'ai repéré dans ma Base de Registre, un certain exe nommé gaelicum.exe et qui apparemment est la racine de ce p***** de virus.

 

Aurais tu une suggestion à ce sujet ? Faut il le supprimer ou le modifier ?

 

Dans l'attente impatiente d'une réponse et en te remerciant encore,

 

Amicalement,

 

Arthus.Briton.

[bruce lee]

bonjour,

 

ce rapport de silent runners n'est pas en entier, refais en un et colle la totalité du rapport s'il te plait

 

@+

[arthus.briton]

Euhhhhh,

 

vraiment toutes mes excuses mais il n'était pas entier... J'ai du merder dans la manip... lol... le voilà donc :

 

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]

"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" [file not found]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"Name of App" = "C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [" "]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

"NVRaidService" = "C:\WINDOWS\system32\nvraidservice.exe" ["NVIDIA Corporation"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]

"LogitechGalleryRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" [file not found]

"QuickTime Task" = ""E:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"Zone Labs Client" = "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]

"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

-> {HKLM...CLSID} = "AlcoholShellEx"

\InProcServer32\(Default) = "E:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "E:\Program Files\Real Alternative\rpshell.dll" ["RealNetworks, Inc."]

"{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001}" = "Macromedia FTP & RDS"

-> {HKLM...CLSID} = "Macromedia FTP & RDS"

\InProcServer32\(Default) = "C:\WINDOWS\system32\CfShellFtpRds.dll" ["Macromedia, Inc."]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Périphériques Plug and Play universels"

-> {HKLM...CLSID} = "Périphériques Plug and Play universels"

\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "E:\Program Files\OpenOffice.org1.1.4\program\shlxthdl.dll" ["Sun Microsystems, Inc."]

"{6F95598F-7B24-46C7-99EE-99DD60E1B61B}" = "AxCrypt Privacy Wrapper File"

-> {HKLM...CLSID} = "axcrypt.File"

\InProcServer32\(Default) = "E:\Program Files\AxCrypt\1.6.1\AxCrypt.dll" ["Axantum Software AB"]

"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.11 Context Menu Shell Extension"

-> {HKLM...CLSID} = "WinAceContext Menu Extension"

\InProcServer32\(Default) = "E:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.11 DragDrop Shell Extension"

-> {HKLM...CLSID} = "WinAceDrag-Drop Extension"

\InProcServer32\(Default) = "E:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.11 Context Menu Shell Extension"

-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"

\InProcServer32\(Default) = "E:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.11 Property Sheet Shell Extension"

-> {HKLM...CLSID} = "WinAceProperty Sheet Extension"

\InProcServer32\(Default) = "E:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "E:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

 

HKLM\System\CurrentControlSet\Control\Session Manager\

INFECTION WARNING! "BootExecute" = "autocheck autochk * smrgdf E:\Program Files\System Mechanic 5 Professional\" [file not found], [MS], [file not found], [null data], [file not found], [file not found], [file not found], [file not found], [file not found]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

axcrypt.File\(Default) = "{6F95598F-7B24-46C7-99EE-99DD60E1B61B}"

-> {HKLM...CLSID} = "axcrypt.File"

\InProcServer32\(Default) = "E:\Program Files\AxCrypt\1.6.1\AxCrypt.dll" ["Axantum Software AB"]

ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"

-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"

\InProcServer32\(Default) = "E:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"

-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"

\InProcServer32\(Default) = "E:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

axcrypt.File\(Default) = "{6F95598F-7B24-46C7-99EE-99DD60E1B61B}"

-> {HKLM...CLSID} = "axcrypt.File"

\InProcServer32\(Default) = "E:\Program Files\AxCrypt\1.6.1\AxCrypt.dll" ["Axantum Software AB"]

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Ticoeur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

 

Missing lines (compared with English-language version):

[strings]: 1 line

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

ewido security suite control, ewido security suite control, "E:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]

HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

 

 

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 39 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

took 6 seconds.

---------- (total run time: 61 seconds)

 

 

J'espère qu'il te renseignera plus qu'il ne saurait le faire vis à vis de moi...

 

Amicalement,

 

Arthus.Briton.

[bruce lee]

re,

 

ce rapport ne revele rien...

 

on va essayer autre chose:

 

-Étape 1:

Télécharge eScan Antivirus Toolkit http://www.spywareinfo.dk/download/mwav.exe ici. Sauvegarde-le sur ton Bureau.

Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.

 

Étape 2:

Voici comment mettre l'outil à jour :

 

1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau; dézippe les fichiers dans le nouveau dossier suggéré (Kaspersky) situé à la racine du lecteur C:\ (C:\Kaspersky.). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").

 

2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

 

3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue"; tape sur une clé pour continuer.

 

Ne pas lancer le scan tout de suite !

 

 

Étape 3:

Du mode Sans Échec, voici comment utiliser le programme eScan Antivirus Toolkit:

 

1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky

 

2.) Double-clique sur mwavscan.com; l'interface d'eScan va apparaître à l'écran.

 

3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.

 

4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.

 

5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.

 

6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !

 

7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.

 

Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.

 

@+

Modifié le 11 juin 2006 par bruce lee

[arthus.briton]

Bon alors, ce fut fastidieux (impossible de copier/coller le panneau Virus Log information, obligé de le copier à la main... lol...) mais je crois que nous tenons le bon bout, vu qu'il me semble avoir détecté et agi sur un certain Win32.Tenga.a... entre autres... lol...

 

Donc, voici ce fameux Virus Log Information de eScan :

 

Virus Log Information :

 

File E:\Ma musique\Oxmo Puccino 2 Albums (L'Amour Est Mort Opera Puccino) (Vbr By d3Kst3Ro)\Oxmo Puccino - Opera Puccino\Oxmo Puccino-10-24 Heures r Vivre (featuring Akhenaton, Free.mp3 infected by "BkCln.Unknown"Virus. Action Taken: File Renamed.

File E:\Ma musique\Oxmo Puccino 2 Albums (L'Amour Est Mort Opera Puccino) (Vbr By d3Kst3Ro)\Oxmo Puccino - Opera Puccino\Oxmo Puccino-12-Le Jour Ou Tu Partiras (featuring K-Reen).mp3 infected by "BkCln.Unknown"Virus. Action Taken: File Renamed.

File E:\Ma musique\Oxmo Puccino 2 Albums (L'Amour Est Mort Opera Puccino) (Vbr By d3Kst3Ro)\Oxmo Puccino - Opera Puccino\Oxmo Puccino-13-Sortilcge.mp3 infected by "BkCln.Unknown"Virus. Action Taken: File Renamed.

File E:\Ma musique\Oxmo Puccino 2 Albums (L'Amour Est Mort Opera Puccino) (Vbr By d3Kst3Ro)\Oxmo Puccino - Opera Puccino\Oxmo Puccino-16-La Lettre-Tant de choses r dire (featuring F.mp3 infected by "BkCln.Unknown"Virus. Action Taken: File Renamed.

File E:\Mes Fichiers reçus\Diskeeper Professional Edition v.9.0.504\trad-dk90504fr.exe tagged as not-a-virus .RiskTool.Win32.PsKill.n. No Action Taken.

File E:\Mes Fichiers reçus\LCDM-Tchat.rar tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

File E:\Mes Fichiers reçus\LCDM-Tchat\tchat_lcdm1.0b0.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

Files E:\Mes Fichiers reçus\Mirc\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

File E:\Program Files\Mirc\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

File E:\Program Files\T'Chat LCDM\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

File E:\RECYCLER\S-1-5-21-839522115-507921405-725345543-1004\De4\SetupinstRe.exe tagged as not-a-virus:Adware.Win32.SaveNow.bo. No Action Taken.

File E:\System Volume Information\_restore{4FC49A0D-9152-4E16-B45D-49E587762ECB\RP102\A0011896.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

File E:\System Volume Information\_restore{4FC49A0D-9152-4E16-B45D-49E587762ECB\RP102\A0011933.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

File E:\System Volume Information\_restore{4FC49A0D-9152-4E16-B45D-49E587762ECB\RP105\A0012303.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

File E:\System Volume Information\_restore{4FC49A0D-9152-4E16-B45D-49E587762ECB\RP105\A0012335.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

File E:\System Volume Information\_restore{4FC49A0D-9152-4E16-B45D-49E587762ECB\RP119\A0015383.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

File E:\System Volume Information\_restore{4FC49A0D-9152-4E16-B45D-49E587762ECB\RP119\A0015387.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

File E:\System Volume Information\_restore{4FC49A0D-9152-4E16-B45D-49E587762ECB\RP119\A0015989.exe infected by "Virus.Win32.Parite.b"Virus. Action Taken: File Disinfected.

File E:\System Volume Information\_restore{4FC49A0D-9152-4E16-B45D-49E587762ECB\RP119\A0015989.exe infected by "Backdoor.Win32.Robobot.d" Virus. Action Taken: File Renamed.

File E:\System Volume Information\_restore{4FC49A0D-9152-4E16-B45D-49E587762ECB\RP125\A0018160.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

File E:\System Volume Information\_restore{C5522DCB4-2526-A745-29C1A6121C93}\RP473\A0188839.exe infected by "Virus.Win32.tenga.a" Virus. Action Taken: File disinfected.

File E:\System Volume Information\_restore{C5522DCB4-2526-A745-29C1A6121C93}\RP473\A0188840.exe infected by "Virus.Win32.tenga.a" Virus. Action Taken: File disinfected.

File E:\System Volume Information\_restore{C5522DCB4-2526-A745-29C1A6121C93}\RP480\A0191510.exe tagged as not-a-virus:AdWare.Win32.NavExcel.d. No Action Taken.

File E:\System Volume Information\_restore{C5522DCB4-2526-A745-29C1A6121C93}\RP480\A0191522.exe tagged as not-a-virus:Risk Tool.Win32.PsKill.n. No Action Taken.

File E:\System Volume Information\_restore{C5522DCB4-2526-A745-29C1A6121C93}\RP480\A0192609.exe infected by "Virus.Win32.tenga.a" Virus. Action Taken: File disinfected.

File E:\System Volume Information\_restore{C5522DCB4-2526-A745-29C1A6121C93}\RP480\A0192611.exe infected by "Virus.Win32.tenga.a" Virus. Action Taken: File disinfected.

File E:\System Volume Information\_restore{C5522DCB4-2526-A745-29C1A6121C93}\RP480\A0193784.exe tagged as not-a-virus:AdWare.Win32.Casino.I. No Action Taken.

 

Voilà, voilà... Peux tu me faire un diagnostic et surtout me dire si Win32.tenga.a va enfin sortir de ma vie informatique ??? lol...

 

Encore merci,

 

Cordialement,

 

Arthus.Briton.

[bruce lee]

re,

 

Bon alors, ce fut fastidieux (impossible de copier/coller le panneau Virus Log information, obligé de le copier à la main... lol...)

 

LOL tu en es courageux

 

Voilà, voilà... Peux tu me faire un diagnostic et surtout me dire si Win32.tenga.a va enfin sortir de ma vie informatique ??? lol...

 

 

tenga se planquee dans la restauration de systeme pour l'enlever suis les instruction de ce lien:

http://www.libellules.ch/desactiver_restauration.php

 

et dis moi ce que ca donne aux niveau des alertes de avast

 

@+

Modifié le 11 juin 2006 par bruce lee

[arthus.briton]

Ben, il se trouve qu'elle est déjà désactivée ma restauration système...

 

Par contre, quand je lance la restauration système (démarrer, accessoires, outils système), il me trouve des points de restauration antérieurs... comment faire pour les effacer ? Là, ça dépasse mes pôvres compétences... lol...

 

Un conseil ? Une suggestion ? Une méthodologie ? En attendant, j'ai procédé par le nettoyage du disque dur à la suppression de tous les points de restauration antérieurs existants... Est-ce la bonne méthode ???

 

Merci,

 

Amicalement,

 

Arthus.Briton.

[bruce lee]

re,

 

si ta restauration de systeme est désactivé, l'antivirus n'aurait pas trouvé tenga Donc suis ces instructions http://www.libellules.ch/desactiver_restauration.php qui vont désactivé la restauration de systeme.

 

tu parlais en premiere page de gaelicum.exe peux tu me dire ou il est situé s'il te plait.

Modifié le 11 juin 2006 par bruce lee