spysheriff Résolu

Question

bonsoir, a l.attention de boulepatte ou de quelqu,un d'autre:mon probleme est resolu en partie . je ne vois plus le spysheriff sur mon bureau et les parametres du bureau sont redevenus accessibles, mais le bureau est different avec une barre menu windows a gauche de l'ecran que je n'arrive pas a supprimer.genre commande nouveau dossier,supprimer dossier, etc...voila j,ai remis un autre hijackthis et j,ai fix checked les lignes que tu m.a recommande, par contre je n'ai pas retrouve les fichiers: rles.exe drsmartloabd.exeno-spy.exe pour les supprimerj'ai supprime le dossier SinEspias dans le C:\j'ai remis un nouveau hijackthis dont voici le rapport:Logfile of HijackThis v1.99.1Scan saved at 01:17:51, on 05/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\WINDOWS\UG91bGlucw\command.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXEC:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXEC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exeC:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\PROGRA~1\MAGICW~1\MW1HEL~1.EXEC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\system32\w?nlogon.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exeC:\Hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: (no name) - {A03CA48D-4B19-61BC-69B7-66F3CD333294} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration904.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exeO4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startupO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKCU\..\Run: [Wxpi] C:\WINDOWS\system32\w?nlogon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /trayO4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Sitecom WL-112 Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exeO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135615952189O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dllO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXEO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UG91bGlucw\command.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXEO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exemerci pour ton aide,

boulepate · Answer

Salut,

R3 - URLSearchHook: (no name) - {A03CA48D-4B19-61BC-69B7-66F3CD333294} - (no file)
O4 - HKCU\..\Run: [Wxpi] C:\WINDOWS\system32\w?nlogon.exe
O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll

telecharge, installe et mets à jour ceci, scan ton pc avec une fois finit remet un rapport HijackThis;
Ewido:
http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/31851.html

ficko · Answer

bonjour, encore une fois merci pour ta reponse.
faut-il d'abord "fix checked" les 3 lignes que tu proposes là comme je l'ai fait auparavant ? et ensuite telecharger le lien antivirus ?
aprés le scan tu me demandes de remettre un hijackthis. faut t-il remettre le rapport sur le forum?
merci par avance

Utilisateur anonyme · Answer

salut Fucko, salut Boulepate

Perdu, c est pas vundo lol ;-)

télécharge haxfix
http://users.telenet.be/marcvn/tools/haxfix.exe
exécute-le, il va créer un dossier sur ton bureau 
double-clic sur fix.bat 
suis les instructions, le pc va redémarrer ensuite. 
copie/colle ici une copie de c:\haxfix.txt

A+

boulepate · Answer

Salut Regis,Qu'est ce donc?  :-)

Utilisateur anonyme · Answer

Salut boulepateUn rootkithttp://castlecops.com/o20list-143.htmlJ'pense a toi revient moi vite stp :'( (11):'(

boulepate · Answer

Oki merci :) mais avec ewido/a²free onaurait pu le supprimer non?!

Utilisateur anonyme · Answer

SalutJ en doute fortement !!!Utilise le prog que j ai mis si tu le rencontres de nouveaua+

boulepate · Answer

Dac ;-)Merci ++

ficko · Answer

salut a boulepate, salut a regis, je n,ai pas compris ce qu'il faut faire ? voila j'ai remis un hijackthis et je vois que le 020-winlogon notify:avpe32.dll  est toujours la. par contre un dernier scan avec Ewido ne la pas detecte. voici le rapport Logfile of HijackThis v1.99.1Scan saved at 22:40:39, on 06/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXEC:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXEC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exeC:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Apoint\Apntex.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\haesles.exeC:\Program Files\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exeC:\Hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exeO4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startupO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Uahl] "C:\Program Files\haesles.exe" -vt yazrO4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Sitecom WL-112 Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exeO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135615952189O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: avpe32 - avpe32.dll (file missing)O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXEO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UG91bGlucw\command.exe (file missing)O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXEO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exej'attends de vos nouvelles merci

Utilisateur anonyme · Answer

salut

télécharge haxfix
http://users.telenet.be/marcvn/tools/haxfix.exe
exécute-le, il va créer un dossier sur ton bureau
double-clic sur fix.bat
suis les instructions, le pc va redémarrer ensuite.
copie/colle ici une copie de c:\haxfix.txt

ficko · Answer

salut regis, voila le rapport, il me semble que ca marche.confirme moi merciDummy file to remove haxdoor.bye bye haxdoor

Utilisateur anonyme · Answer

Re,redemarre ton pc et remet un hijack this stpa+

ficko · Answer

faut il desactiver l'antivirus quand je remets un hijackthis?

Utilisateur anonyme · Answer

Non !

ficko · Answer

re, il me semble que c'est pas fini.Logfile of HijackThis v1.99.1Scan saved at 23:41:43, on 06/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXEC:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXEC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exeC:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\haesles.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exeC:\Hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exeO4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startupO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Uahl] "C:\Program Files\haesles.exe" -vt yazrO4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Sitecom WL-112 Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exeO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135615952189O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: avpe32 - avpe32.dll (file missing)O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXEO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UG91bGlucw\command.exe (file missing)O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXEO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Utilisateur anonyme · Answer

re

il s accroche dirait on:

SpySweeper (de Webroot)
(c'est une version d'essai de 14 jours)
http://www.download.com/Webroot-Spy-Sweepe...4-10405877.html
ou
http://www.webroot.com/consumer/products/spysweeper?acode=af1&rc=3597

• clique sur le lien Free Trial sous la rubrique "SpySweeper"
• installe le programme. Une fois installé, il va se lancer.
• L'option de le mettre à jour va s'afficher, clique sur Yes
• Une fois les mises à jour faites, clique Options sur la gauche
• Clique sur l'onglet Sweep Options
• Sous What to Sweep tu coches les options suivantes :

Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits
Décoche Do not Sweep System Restore Folder

• clique sur Sweep Now sur la gauche
• clique sur Start
• quand le scan est terminé, clique sur Next• assure toi que tous les items sont cochés, puis clique sur Next
• Tous les items cochés seront éliminés
• Si SpySweeper veut redémarrer pour terminer le nettoyage : ACCEPTE
• Clique Session Log en haut à droite, et copie tout ce qu'il y a dans la fenêtre
• Clique sur l'onglet Summary, puis clique sur Finish
• Colle enfin

ficko · Answer

re, c'etait long mais je suis arrive quand meme voila le rapport********00:34: |       Start of Session, samedi 7 janvier 2006       |00:34: Spy Sweeper started00:34: Sweep initiated using definitions version 59700:34: Starting Memory Sweep00:36: Memory Sweep Complete, Elapsed Time: 00:02:2800:36: Starting Registry Sweep00:36:   Found Adware: gain - common components00:36:   HKLM\software\microsoft\windows\currentversion\uninstall\{4a840e1e-2ba8-47de-923e-0e00407eb530}\  (10 subtraces) (ID = 126804)00:36:   Found Adware: targetsaver00:36:   HKLM\software\microsoft\windows\currentversion\uninstall	sa\  (2 subtraces) (ID = 143607)00:36:   Found Adware: screenscenes00:36:   HKLM\software\magicwaterfall\  (1 subtraces) (ID = 723755)00:36:   HKLM\software\microsoft\windows\currentversion\uninstall\magicwaterfall\  (3 subtraces) (ID = 723819)00:37:   Found Adware: command00:37:   HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\  (7 subtraces) (ID = 892523)00:37:   Found Adware: dollarrevenue00:37:   HKLM\software\microsoft\drsmartload\  (1 subtraces) (ID = 916795)00:37:   HKLM\system\currentcontrolset\services\cmdservice\  (12 subtraces) (ID = 958670)00:37:   HKLM\system\currentcontrolset\enumoot\legacy_cmdservice\0000\  (6 subtraces) (ID = 1016064)00:37:   HKLM\system\currentcontrolset\enumoot\legacy_cmdservice\  (8 subtraces) (ID = 1016072)00:37:   Found Trojan Horse: trojan-backdoor-haxdoor00:37:   HKLM\software\microsoft\windows nt\currentversion\winlogon
otify\avpe32\  (6 subtraces) (ID = 1035850)00:37:   HKLM\system\currentcontrolset\control\safeboot\minimal\avpe32.sys\  (1 subtraces) (ID = 1035876)00:37:   HKLM\system\currentcontrolset\control\safeboot\minimal\avpe64.sys\  (1 subtraces) (ID = 1035878)00:37:   HKLM\system\currentcontrolset\control\safeboot
etwork\avpe32.sys\  (1 subtraces) (ID = 1035880)00:37:   HKLM\system\currentcontrolset\control\safeboot
etwork\avpe64.sys\  (1 subtraces) (ID = 1035882)00:37:   HKLM\system\currentcontrolset\services\avpe32\  (12 subtraces) (ID = 1035884)00:37:   HKLM\system\currentcontrolset\services\avpe64\  (11 subtraces) (ID = 1035896)00:37:   Found Adware: findthewebsiteyouneed hijacker00:37:   HKU\S-1-5-21-1993962763-1383384898-1343024091-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)00:37:   HKU\S-1-5-21-1993962763-1383384898-1343024091-1003\software\screenscenes\  (27 subtraces) (ID = 723706)00:37:   Found Adware: spysheriff00:37:   HKU\S-1-5-21-1993962763-1383384898-1343024091-1003\software\sno2\ (ID = 782236)00:37: Registry Sweep Complete, Elapsed Time:00:00:0900:37: Starting Cookie Sweep00:37:   Found Spy Cookie: 247realmedia cookie00:37:   dalilou@247realmedia[1].txt (ID = 1953)00:37:   Found Spy Cookie: falkag cookie00:37:   dalilou@as1.falkag[1].txt (ID = 2650)00:37:   Found Spy Cookie: atlas dmt cookie00:37:   dalilou@atdmt[2].txt (ID = 2253)00:37:   Found Spy Cookie: xiti cookie00:37:   dalilou@xiti[1].txt (ID = 3717)00:37: Cookie Sweep Complete, Elapsed Time: 00:00:0000:37: Starting File Sweep00:37:   c:\documents and settings\all users\menu démarrer\programmes\magic waterfall screensaver (5 subtraces) (ID = -2147474219)00:37:   c:\program files\magic waterfall screensaver (6 subtraces) (ID = -2147474142)00:37:   c:\documents and settings\dalilou\local settings	emp\fsg_tmp (ID = -2147480935)00:37:   uninstallmwt.exe (ID = 136830)00:38:   Found Adware: keenvalue/perfectnav00:38:   uninstall.ico (ID = 65001)00:38:   gstartup.lnk (ID = 61450)00:39:   Found Trojan Horse: trojan-backdoor-us15info00:39:   00063635.exe (ID = 183857)00:41:   tsupdate2[1].ini (ID = 193498)00:41:   Found Adware: apropos00:41:   atmtd.dll._ (ID = 166754)00:41:   tsuninst.exe (ID = 193501)00:42:   00063642.exe (ID = 144946)00:42:   atmtd.dll (ID = 166754)00:42:   class-barrel (ID = 78229)00:42:   00063630.dll (ID = 195129)00:43:   installbo-fsg.exe (ID = 155942)00:44:   00063632.exe (ID = 164105)00:45:   vocabulary (ID = 78283)00:45:   00063631.exe (ID = 164105)00:47:   installmw-fsg.exe (ID = 155946)00:48:   00063633.exe (ID = 136786)00:48:   Found Adware: whenu searchbar/pricebandit00:48:   00034512.dll (ID = 127173)00:49:   00063624.exe (ID = 136787)00:49:   00034487.dll (ID = 61424)00:49:   00034497.dll (ID = 61465)00:49:   00034495.dll (ID = 61451)00:49:   00034492.dll (ID = 61441)00:49:   00034496.dll (ID = 61456)00:49:   magic waterfall screensaver.scr (ID = 136818)00:49:   tipb.exe (ID = 64994)00:49:   mw1uninstaller.exe (ID = 136789)00:49:   00034511.exe (ID = 64995)00:50:   00034504.cfg (ID = 61553)00:50:   drsmartload.dat (ID = 198788)00:50:   Found System Monitor: potentially rootkit-masked files00:50:   avpe64.sys (ID = 0)00:50:   qz.sys (ID = 0)00:50:   qz.dll (ID = 0)00:50:   stt82.ini (ID = 0)00:50:   klgcptini.dat (ID = 0)00:50:   Warning: Unhandled Archive Type00:50:   magic waterfall preview.lnk (ID = 136818)00:50: File Sweep Complete, Elapsed Time: 00:13:2100:50: Full Sweep has completed.  Elapsed time 00:16:0400:50: Traces Found: 18300:53: Removal process initiated00:54:   Quarantining All Traces: potentially rootkit-masked files01:07:   Quarantining All Traces: spysheriff01:07:   Quarantining All Traces: trojan-backdoor-haxdoor01:07:   Quarantining All Traces: trojan-backdoor-us15info01:07:   Quarantining All Traces: apropos01:07:   Quarantining All Traces: command01:07:   Quarantining All Traces: dollarrevenue01:07:   Quarantining All Traces: findthewebsiteyouneed hijacker01:07:   Quarantining All Traces: keenvalue/perfectnav01:07:   Quarantining All Traces: targetsaver01:07:   Quarantining All Traces: 247realmedia cookie01:07:   Quarantining All Traces: atlas dmt cookie01:07:   Quarantining All Traces: falkag cookie01:07:   Quarantining All Traces: gain - common components01:07:   Quarantining All Traces: screenscenes01:07:   Quarantining All Traces: whenu searchbar/pricebandit01:07:   Quarantining All Traces: xiti cookie01:07: Removal process completed.  Elapsed time 00:13:57********00:23: |       Start of Session, samedi 7 janvier 2006       |00:23: Spy Sweeper started00:24: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.00:25: Your spyware definitions have been updated.00:29: Memory Shield: Found: Memory-resident threat purityscan, version 1.0.0.000:29: Detected running threat: purityscan00:29: Ignored memory-resident threat: purityscan00:34: |       End of Session, samedi 7 janvier 2006       |j'espere que ca sera fini

Utilisateur anonyme · Answer

ok,redemarre ton pc si tu ne l as pas eteins depuis ce scan et remet un hijack thisa+

ficko · Answer

salut regis malheureusewment je l'ai eteint depuis le dernier scan que tu m'a demande. je viens de le rallumer. je t'envoie quand meme le rapport hijack this.Logfile of HijackThis v1.99.1Scan saved at 13:13:46, on 07/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXEC:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXEC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exeC:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\haesles.exeC:\Program Files\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\MSN Messenger\msnmsgr.exeC:\Hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exeO4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startupO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Uahl] "C:\Program Files\haesles.exe" -vt yazrO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Sitecom WL-112 Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exeO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135615952189O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXEO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXEO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXEO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Utilisateur anonyme · Answer

Salut

Oui tu as bien fait de l eteindre !

Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\Program Files\haes\rles.exe
Clik send et colle le rapport stp

A+

ficko · Answer

salut regis j'ai eu du mal a retrouver ton poste.This is a report processed by VirusTotal on 01/08/2006 at 15:08:04 (CET) after scanning the file "rles.exe" file.Antivirus Version Update Result AntiVir 6.33.0.75 01.06.2006 no virus found Avast 4.6.695.0 01.06.2006 no virus found AVG 718 01.06.2006 no virus found Avira 6.33.0.75 01.06.2006 no virus found BitDefender 7.2 01.08.2006 no virus found CAT-QuickHeal 8.00 01.05.2006 no virus found ClamAV devel-20051123 01.06.2006 no virus found DrWeb 4.33 01.08.2006 no virus found eTrust-Iris 7.1.194.0 01.06.2006 Win32/Clspring.Variant!Trojan eTrust-Vet 12.4.1.0 01.06.2006 Win32/Clspring!generic Ewido 3.5 01.07.2006 no virus found Fortinet 2.54.0.0 01.07.2006 W32/PurityScan.AX!dldr F-Prot 3.16c 01.07.2006 no virus found Ikarus 0.2.59.0 01.05.2006 no virus found Kaspersky 4.0.2.24 01.08.2006 Trojan-Downloader.Win32.PurityScan.ax McAfee 4669 01.06.2006 no virus found NOD32v2 1.1356 01.08.2006 probably a variant of Win32/Adware.MediaTickets  Norman 5.70.10 01.06.2006 no virus found Panda 9.0.0.4 01.08.2006 no virus found Sophos 4.01.0 01.07.2006 no virus found Symantec 8.0 01.08.2006 no virus found TheHacker 5.9.2.069 01.06.2006 no virus found UNA 1.83 01.06.2006 no virus found VBA32 3.10.5 01.06.2006 suspected of Backdoor.Rbot.2 VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español --------------------------------------------------------------------------------www.virustotal.com :: ©Hispasec Sistemas 2004,05 :: e-mail info@virustotal.com

Utilisateur anonyme · Answer

SalutMoi j ai pas de postes, c est TON poste lolFixe ceciO4 - HKCU\..\Run: [Uahl] "C:\Program Files\haes\rles.exe" -vt yazr Supprime:C:\Program Files\haesVide la poubelle !A+

Utilisateur anonyme · Answer

re,me dire ou en sont tes soucisa+

ficko · Answer

re, j'ai redemarre, apparement, le demarrage est lent, il n'y a plus de message spy, mais j'ai toujours la barre menu windowsXP sur la gauche du bureau qui ne part pas :(Gestion de dossier; creer dossier;details; ect...)que faire maintenant de tout les programmes telecharges (smirtfraud, haxfix,et les autres

Utilisateur anonyme · Answer

Une chose en son tempsTon demaragedemarer < executer < tape msconfigonglet demarragedecoche les progs inutiles (msn,apoint, magic, winamp..) et laisse ton antivirus surtoutvalide,il va redemarer, au demarrage si t as un message coche la case ne plus afficher et validea+

Utilisateur anonyme · Answer

Salut topherCe programme n est pas de moi lol. Je vais envoyé un mail a S!ri, il etudieras la questiona+ et merci

Utilisateur anonyme · Answer

Re,tu entends quoi par lent?lol

Utilisateur anonyme · Answer

salutc est quoi la barre bleue que tu me parles? En fait elle est plus en bas mais sur le coté?a+

ficko · Answer

bsr, ca ne change rien il y a encore la barre windows sur tout le cote gauche de l'ecran et puis au demarrage l'ordi est toujours tres lent

Spysheriff

29 réponses

Discussions similaires

Newsletters