Problême publicité intempestive Résolu/Fermé

Question

Bonjour, 

Je suis dans la famille pour les fêtes et ils ont des problèmes de publicité intempestive sur leur ordinateur. Je viens de faire un scan avec HijackThis. Pourriez  s'il vous plait m'aider ?
En vous remerciant par avance.
Pierre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:56, on 23/12/2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\cspep\cspep.exe
C:\Users\ordi\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\System32undll32.exe
C:\Program Files\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\EoRezo\eorezo.exe
C:\Windows\System32\PrintDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\SpiderMessenger\SpiderMessenger.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\Users\ordi\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\PS2USBKbdDrv.exe
C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\MouseDrv.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nixud.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SpiderMessenger_BHO - {ADE49752-DBBC-43A3-9498-379A82F574BF} - C:\Program Files\SpiderMessenger\SpiderMessenger.BHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: EOBHO - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - C:\Program Files\EoRezo\EoRezoBHO.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 6\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [eorezo] "C:\Program Files\EoRezo\eorezo.exe"
O4 - HKLM\..\Run: [PrintDisp] C:\Windows\system32\PrintDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\ordi\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKLM\..\RunOnce: [cspep.exe] C:\Program Files\cspep\cspep.exe -runonce
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies/\KiesTrayAgent.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [SpiderMessenger] "C:\Program Files\SpiderMessenger\SpiderMessenger.exe" -startrun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\ordi\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\Windows\system32\PrintCtrl.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Malekal_morte- · Accepted Answer

Salut, 

Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/  
Mets le à jour, fais un scan, supprime tout et poste le rapport ici.  

puis : 

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/ 

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau. 
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur) 

* Lance OTL 
* Sous Peronnalisation, copie-colle ce qu'il y a dans le cadre ci-dessous : 
netsvcs 
msconfig 
safebootminimal 
safebootnetwork 
activex 
drivers32 
%ALLUSERSPROFILE%Application Data*. 
%ALLUSERSPROFILE%Application Data*.exe /s 
%APPDATA%*. 
%APPDATA%*.exe /s 
%SYSTEMDRIVE%*.exe 
%systemroot%*. /mp /s 
%systemroot%system32*.dll /lockedfiles 
%systemroot%Tasks*.job /lockedfiles 
%systemroot%system32drivers*.sys /lockedfiles 
%systemroot%System32config*.sav 
/md5start 
explorer.exe 
winlogon.exe 
wininit.exe 
/md5stop 
CREATERESTOREPOINT 
* Clique sur le bouton Analyse. 
* Quand le scan est fini, utilise le site http://www.cijoint.fr/ pour me donner les deux rapports : OTL.Txt et Extras.Txt.

label55 · Answer

Merci pour ta réponse rapide. 
Je lance le second et reviens vers toi aprés.
Voila le premier rapport :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5382

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

23/12/2010 12:33:53
mbam-log-2010-12-23 (12-33-53).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 154190
Temps écoulé: 14 minute(s), 59 seconde(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 52

Processus mémoire infecté(s):
c:\Users\ordi\AppData\Roaming\EoRezo\softwareupdate\softwareupdatehp.exe (Rogue.Eorezo) -> 2884 -> Unloaded process successfully.
c:\program files\EoRezo\eorezo.exe (Rogue.Eorezo) -> 3252 -> Unloaded process successfully.
c:\program files\spidermessenger\spidermessenger.exe (Spyware.AgenceExclusive) -> 3496 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\program files\EoRezo\eorezobho.dll (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\EoAdv\eorezobho.dll (Rogue.Eorezo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\EoEngineBHO.EOBHO.1 (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\EoEngineBHO.EOBHO (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\EoRezoBHO.EoBHO.1 (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\EoRezoBHO.EoBHO (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C7B76B90-3455-4AE6-A752-EAC4D19689E5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7B76B90-3455-4AE6-A752-EAC4D19689E5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1 (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EoRezo_is1 (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SoftwareHelper (Rogue.Eorezo) -> Value: SoftwareHelper -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eorezo (Rogue.Eorezo) -> Value: eorezo -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpiderMessenger (Spyware.AgenceExclusive) -> Value: SpiderMessenger -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.nixud.com/) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\program files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\EoAdv (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\lang (Rogue.Eorezo) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\Users\ordi\AppData\Roaming\EoRezo\softwareupdate\softwareupdatehp.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezo.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\spidermessenger\spidermessenger.exe (Spyware.AgenceExclusive) -> Delete on reboot.
c:\program files\EoRezo\eorezobho.dll (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\EoAdv\eorezobho.dll (Rogue.Eorezo) -> Delete on reboot.
c:\Windows\Temp	mp00000001b53138be672df04d (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eoEngine.url (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_28.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\confmedia.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eomultilanguage.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezocomm.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezoimg_17.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezoimg_19.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezoimg_20.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezoimg_21.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezoimg_22.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezoimg_23.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_16.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_17.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_18.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_20.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_21.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_26.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_27.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_29.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_30.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\freeimage.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\Host.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\mnginstaller.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\unins000.dat (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\unins000.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\unins001.dat (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\unins001.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\user.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\atl90.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\mfc90.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\microsoft.vc90.atl.manifest (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\microsoft.vc90.crt.manifest (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\microsoft.vc90.mfc.manifest (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\msvcr90.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eoclock.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eoengine.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eonet.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eorezotools.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eosudoku.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eoweather.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\lang_en.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\lang_es.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\lang_fr.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\lang_it.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.

KaStoR4L · Answer

Un pti coup de MalwareByte et hop t'es tranquil.

label55 · Answer

voila les fichier generé par OTL :
otl.txt :
http://www.cijoint.fr/cjlink.php?file=cj201012/cijUkNQgLM.txt 
extra.txt :
http://www.cijoint.fr/cjlink.php?file=cj201012/cijnZrWAZy.txt 

merci pour ton aide
Pierre

KaStoR4L · Answer

Bravo la politesse !

Tigzy · Answer

Je laisse Malekal te répondre, mais tu peux d'or et déjà désinstaller :
FF - HKLM\software\mozilla\Firefox\Extensions\SpiderMessengerHelper@spidermessenger.com: C:\Program Files\SpiderMessenger [2010/12/23 12:44:03 | 000,000,000 | ---D | M]

Malekal_morte- · Answer

Ca sent le PC des parents pas entretenu ça :)   

Pour info à propos d'EoRezo :   
Tu as installé des programmes EoRezo, sais-tu que le service transmet certaines informations ? comme par exemple ton adresse, numéro de télephone qui ont été saisis lors de l'inscription ?   
EoRezo modifie aussi ta page de démarrge vers lo.st, il se peux aussi que ce site transmettent certaines informations.   

Pour plus d'informations se reporter à cette page : https://forum.malekal.com/viewtopic.php?t=18245&start=   

Si tu souhaites désinstaller, les programmes EoRezo, vas dans ajout/suppression de programmes du panneau de configuration puis désinstalle les programmes commençant par Eo et Software Update.   

Change ta page de démarrage : Dans Internet Explorer : Menu Outils puis Options Internet et tu changes ta page de démarrage.   


~~   

SoftwareUpdateà désinstaller ça fait parti d'EoRezo - à supprimer ensuite :   
C:\Users\ordi\AppData\Roaming\EoRezo\install.exe   
C:\Users\ordi\AppData\Roaming\EoRezo\SoftwareUpdate\   

Yahoo/Google/Windows Live Toolbar, ça fait triplons et ça sert pas à grand chose (à part te faire utiliser leur service), ça ralenti le PC voir ça peux faire planter le navigateur WEB.   

Surtout que :   

767,00 Mb Total Physical Memory | 213,00 Mb Available Physical Memory | 28,00% Memory free   

Déjà que 768 Mo de RAM, c'est un peu juste pour Vista.
Trop de programmes au démarrage...   
Désinstalle tous les programmes qui sont pas utilisés ou inutiles.   

~~~   

Y a des restes de Symantec/Norton : http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20050414110429924   

~~~   

Avast! est pas à jour, c'est la 4 alors que la 5 est sortie et protège bcp mieux !   

~~   

Ton Windows n'est pas à jour, il contient des failles de sécurités, les virus passent par ces failles pour infecter ton ordinateur.   
Ton Windows est donc vulnérable et peut permettre l'infection de ton PC.   

Pour plus d'informations sur les failles de sécurités distantes, lire l'article suivant : https://forum.malekal.com/viewtopic.php?t=3452&start=   

Installe le Service Pack 1 de Windows Vista : http://www.microsoft.com/downloads/fr-fr/details.aspx?FamilyID=b0c7136d-5ebb-413b-89c9-cb3d06d12674   

puis :   

Installe le Service Pack 2 de Windows Vista : http://www.microsoft.com/downloads/details.aspx?displaylang=fr&familyid=a4dd31d5-f907-4406-9012-a5c3199ea2b3   

Fais les mises à jour Windows Update ensuite, voir : https://www.malekal.com/mises-a-jour-windows-update/   

~~   

Poste un rapport HijackThis quand tu as fait tout ça.   

Remember when you were young, you shone like the sun.   
Shine on you crazy diamond.   
Now there's a look in your eyes, like black holes in the sky.   
Shine on you crazy diamond.

label55 · Answer

Malekal_morte, effectivement cet ordinateur est mal (pas) entretenue.
Je te remercie pour l'aide que tu m'apportes.
Je dois partir (500km a faire) j'ai lancé les téléchargement des packs. Il seront installé quand il seront téléchargés...
J'ai mis a jour avast, supprimé des logiciel au démarrage...

En tout cas merci beaucoup pour l'aide que tu m'as apporté. J'espere que ce que j'ai déja fait aura été utile.

Bien cordialement
Pierre

Malekal_morte- · Answer

bon voyage et bonnes fetes :)

Problême publicité intempestive

9 réponses

Discussions similaires