Trojan.Agent.anr,Trojan.BHO.bh etc..revien tt Résolu/Fermé

Question

Mon antivirus, AVG anti-spyware 7.5 me les decouvre en tou temps en plus de virtumonde....le message me demandant si je le netoie et le met en quarantaine m'apparait du genre 10 fois d'affiler chacun....

Scan avec vundo....il reste un dll que je ne peu suprimer...meme apres un reboot systeme(mljkige.dll)....et windows a bloquer 2 svchost.exe ( doc il n'on surement pas d'affaire sur mon ordinateur.....)

scan hijackthis....
Logfile of HijackThis v1.99.1
Scan saved at 13:36:38, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files 2\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32undll32.exe
E:\Program Files 2\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Samuel Moreau\Bureau\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1c6c0710-aae7-4ace-aa71-414d3af4c2c3} - C:\WINDOWS\system32\cnetcrc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {C9905EF0-610F-4404-9030-A3F345D069F5} - (no file)
O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32	mp4.tmp.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Install.exe] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files 2\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\kheecb.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files 2\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Auto Detect.lnk = E:\Program Files 2\iConcepts Music Express\MEAutoDetect.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142KNCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://craziestcreature.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\mljkige.dll
O20 - Winlogon Notify: cnetcrc - C:\WINDOWS\SYSTEM32\cnetcrc.dll
O20 - Winlogon Notify: scecp50 - scecp50.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files 2\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

merci de l'aide que vous pouvez me donner!

FillPCA · Answer

Bonsoir,

# Télécharge Vundofix  (par Atribune) sur ton Bureau : http://www.atribune.org/ccount/click.php?id=4
# Double-clique VundoFix.exe afin de le lancer.
# Clique sur le bouton Scan for Vundo.
# Lorsque le scan est complété, clique sur le bouton Remove Vundo (uniquement si des fichiers infectieux sont trouvés).
# Une invite te demandera si tu veux supprimer les fichiers, clique YES.
# Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
# Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
# Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

FillPCA

loverskater · Answer

J'ai deja faite se scan....il ma suprimé environ 5 dll mais un persite....

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 21:19:25 07/06/2007

Listing files found while scanning....

C:\WINDOWS\jlkklm.ini
C:\WINDOWS\mlkklj.dll
C:\WINDOWS\SYSTEM32\mljkige.dll
C:\WINDOWS\system32	mp1A.tmp.dll
C:\WINDOWS\system32	mpE.tmp.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\jlkklm.ini
C:\WINDOWS\jlkklm.ini Has been deleted!

 Attempting to delete C:\WINDOWS\mlkklj.dll
C:\WINDOWS\mlkklj.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\mljkige.dll
C:\WINDOWS\SYSTEM32\mljkige.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32	mp1A.tmp.dll
C:\WINDOWS\system32	mp1A.tmp.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32	mpE.tmp.dll
C:\WINDOWS\system32	mpE.tmp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\SYSTEM32\mljkige.dll
C:\WINDOWS\SYSTEM32\mljkige.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 22:18:23 07/06/2007

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\mljkige.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\SYSTEM32\mljkige.dll
C:\WINDOWS\SYSTEM32\mljkige.dll Could not be deleted.

Performing Repairs to the registry.
Done!

comme tu le vois mljkige.dll persite (jai redemarer 4 fois ak le scan de vundo pour essayer de l'enlever...rien a faire.....

donc si tu veux je refais un autre scan hijackthis...

Logfile of HijackThis v1.99.1
Scan saved at 16:12:51, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files 2\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files 2\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Samuel Moreau\Bureau\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1c6c0710-aae7-4ace-aa71-414d3af4c2c3} - C:\WINDOWS\system32\cnetcrc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {C9905EF0-610F-4404-9030-A3F345D069F5} - (no file)
O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32	mp4.tmp.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Install.exe] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files 2\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\kheecb.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files 2\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Auto Detect.lnk = E:\Program Files 2\iConcepts Music Express\MEAutoDetect.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142KNCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://craziestcreature.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\mljkige.dll
O20 - Winlogon Notify: cnetcrc - C:\WINDOWS\SYSTEM32\cnetcrc.dll
O20 - Winlogon Notify: scecp50 - scecp50.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files 2\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

question:
Jai remarquer O4 - HKLM\..\Run: [Install.exe] C:\WINDOWS\svchost.exe parce que spybot a detecter un vrus du nom de svchost.exe (je sais quil est un programme oubligatoire pour windows....) mais il me disait que se virus se faisait passer pour un programe windows..en fin de compte setais un vers qui essayaie de me voler de l'information...donc devrais-je le fixer??????

merci de ton aide FillPAC

FillPCA · Answer

Re,

Ton PC est en effet très infecté, mais on va y arriver.

Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Clique sur le menu Démarrer puis executer et copie/colle ceci : 
"%userprofile%\Bureau\combofix.exe" /v  cnetcrc mljkige
puis clique sur OK.

Edite le rapport Combofix et un nouveau rapport Hijackthis.

FillPCA

loverskater · Answer

Tu es tres gentil de m'aider....(mon pc est pas tres fort alors...je ne veux pas perdre plus de ram a cause de virus!)

[code]
1999-05-05 22:22      28672    --a------    C:\Qoobox\Quarantine\C\WINDOWS\start.exe.vir
2007-06-02 16:16      106424    --a------    C:\Qoobox\Quarantine\C\WINDOWS\iifcaa.dll.vir
2007-06-02 16:17      1994842    --a------    C:\Qoobox\Quarantine\C\WINDOWS\aacfii.ini.vir
2007-06-02 16:29      39124    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32	mp8.tmp.dll.vir
2007-06-03 13:13      39124    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32	mp2.tmp.dll.vir
2007-06-03 13:29      39124    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32	mp9.tmp.dll.vir
2007-06-03 13:44      39124    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32	mpD.tmp.dll.vir
2007-06-03 13:45      106455    --a------    C:\Qoobox\Quarantine\C\WINDOWS\xxvvwu.dll.vir
2007-06-03 13:45      295    --a------    C:\Qoobox\Quarantine\C\WINDOWS\uwvvxx.ini.vir
2007-06-03 13:55      39124    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32	mp15.tmp.dll.vir
2007-06-07 22:51      39124    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32	mp5.tmp.dll.vir
2007-06-07 23:05      39124    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32	mp18.tmp.dll.vir
2007-06-09 13:24      39124    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32	mp4.tmp.dll.vir

Scan de Combofix

Structure du dossier
Le num‚ro de s‚rie du volume est 063C-0EF4
C:\QOOBOX
\---Quarantine
    +---Registry_backups
    \---C
        +---WINDOWS
        |   |   start.exe.vir
        |   |   iifcaa.dll.vir
        |   |   xxvvwu.dll.vir
        |   |   aacfii.ini.vir
        |   |   uwvvxx.ini.vir
        |   |   
        |   \---SYSTEM32
        |           tmp5.tmp.dll.vir
        |           tmp2.tmp.dll.vir
        |           tmp8.tmp.dll.vir
        |           tmp9.tmp.dll.vir
        |           tmpD.tmp.dll.vir
        |           tmp15.tmp.dll.vir
        |           tmp18.tmp.dll.vir
        |           tmp4.tmp.dll.vir
        |           
        \---avenger
[/code]


Logfile of HijackThis v1.99.1
Scan saved at 15:16, on 2007-06-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files 2\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\ComboFix\catchme.cfexe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files 2\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Samuel Moreau\Bureau\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1c6c0710-aae7-4ace-aa71-414d3af4c2c3} - C:\WINDOWS\system32\cnetcrc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {C9905EF0-610F-4404-9030-A3F345D069F5} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files 2\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files 2\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Auto Detect.lnk = E:\Program Files 2\iConcepts Music Express\MEAutoDetect.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142KNCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\cnetcrc.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\cnetcrc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://craziestcreature.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\mljkige.dll
O20 - Winlogon Notify: cnetcrc - C:\WINDOWS\SYSTEM32\cnetcrc.dll
O20 - Winlogon Notify: scecp50 - scecp50.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files 2\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

(J'ai une question, apres que mon ordinateur est démarrer, il m'apparait un message me disant:
Rundll
Erreur kheeb.dll
le module spécifié est introuvable

Pourait tu m'expliquer qu'est ce que kheeb.dll (pour ma culture personnel)

Merci beaucoup!!!

FillPCA · Answer

Re,
Il est possible que l'infection désactive le pare-feu.
Edite un nouveau rapport Hijackthis. Je veux être certain d'avoir un rapport récent.

FillPCA

loverskater · Answer

ok pas de probleme

Logfile of HijackThis v1.99.1
Scan saved at 17:49, on 2007-06-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files 2\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\ComboFix\catchme.cfexe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Samuel Moreau\Bureau\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1c6c0710-aae7-4ace-aa71-414d3af4c2c3} - C:\WINDOWS\system32\cnetcrc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {C9905EF0-610F-4404-9030-A3F345D069F5} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files 2\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files 2\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Auto Detect.lnk = E:\Program Files 2\iConcepts Music Express\MEAutoDetect.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142KNCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\cnetcrc.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\cnetcrc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://craziestcreature.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\mljkige.dll
O20 - Winlogon Notify: cnetcrc - C:\WINDOWS\SYSTEM32\cnetcrc.dll
O20 - Winlogon Notify: scecp50 - scecp50.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files 2\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

FillPCA · Answer

Re,
1) Ton horloge n'est pas à l'heure sur le PC ?

2)     *  Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
    * Cliquer sur outils>options des dossiers>affichage.
    * Sélectionner :
          o afficher les fichiers et dossiers cachés,
          o décocher "masquer les extensions des fichiers dont le type est connu",
          o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

    * "appliquer" et "ok"

3)     *  Peux-tu tester ceci : c:\windows\system32\mljkige.dll
    * Clique sur ce lien : http://www.virustotal.com/en/indexf.html
    * Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
    * Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

Recommence avec ceci : C:\WINDOWS\SYSTEM32\cnetcrc.dll

4)     *  Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
    * Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
    * Ouvre le dossier SReng2 et double-clique sur SREng.exe.
    * Clique sur "smart scan".
    * Clique sur le bouton "scan".
    * Quand l'analyse est terminée, clique sur le bouton "save reports".
    * Sauvegarde alors le rapport sur ton bureau.
    * Copie/colle le contenu du rapport  SREnglLOG.log dans ta prochaine réponse.

FillPCA

loverskater · Answer

mljkige.dll 0 bytes size received / Se ha recibido un archivo vacio Service is stopped in this moments. Scanning of your sample has not been finalized and results has been lost. If you wish to scan it, please send it again. Antivirus Version Update Result AhnLab-V3 2007.6.9.0 06.08.2007 no virus found AntiVir 7.4.0.32 06.09.2007 no virus found Authentium 4.93.8 05.23.2007 no virus found Avast 4.7.997.0 06.09.2007 no virus found AVG 7.5.0.467 06.10.2007 no virus found Aditional Information File size: 37370 bytes MD5: 72124ebc4b16b2cc442d27e4a5e6ef26 SHA1: 6d825d76a1b7cf4ba7ab73039ba35804640f0fc1 Le scan arrive dans pas long ak SReng [CODE] 2007-06-10,18:14:40 System Repair Engineer 2.4.12.806 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] <"E:\Program Files 2\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] [(Verified)ALWIL Software] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.] [NVIDIA Corporation] <"E:\Program Files 2\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}> [Anti-Malware Development a.s.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cnetcrc] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\scecp50] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Component Publisher] ================================== Startup Folders [Microsoft Office] C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]> [Auto Detect] E:\PROGRA~1\ICONCE~1\MEAUTO~1.EXE []> ================================== Services [Gestion d'applications / AppMgmt][Stopped/Manual Start] %SystemRoot%\System32\appmgmts.dll> [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Stopped/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]

[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"> [NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start] ================================== Drivers [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start] <\??\E:\Program Files 2\AVG Anti-Spyware 7.5\guard.sys> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] [C-Media PCI Audio Driver (WDM) / cmpci][Running/Manual Start]

[GTNDIS5 NDIS Protocol Driver / GTNDIS5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\GTNDIS5.SYS> [nv / nv][Running/Manual Start] [Padus ASPI Shell / pfc][Running/Manual Start] [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [Linksys Wireless-G PCI Adapter Driver(RT61) / RT61][Running/Manual Start] [S3SAVAGE4M / S3SAVAGE4M][Stopped/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start] <\SystemRoot\System32\drivers\sfdrv01.sys> [StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start] <\SystemRoot\System32\drivers\sfhlp02.sys> [StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start] <\SystemRoot\System32\drivers\sfvfs02.sys> [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys> [TSP / TSP][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\klif.sys> [ViaIde / ViaIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaide.sys> ================================== Browser Add-ons [] {1c6c0710-aae7-4ace-aa71-414d3af4c2c3} [] {53707962-6F74-2D53-2644-206D7942484F} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [ST] {9394EDE7-C8B5-483E-8773-474BF36AF6E4} [Java Plug-in 1.5.0_11] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [YInstStarter Class] {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [Info Class] {68BCE50A-DC9B-4519-A118-6FDA19DB450D} [Java Plug-in 1.5.0_11] {8AD9C840-044E-11D1-B3E9-00805F499D93} [MessengerStatsClient Class] {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [Java Plug-in 1.5.0_08] {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} [Java Plug-in 1.5.0_09] {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [Java Plug-in 1.5.0_11] {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [Java Plug-in 1.5.0_11] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HGPlugin9USA Class] {CD995117-98E5-4169-9920-6C12D4C0B548} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Microsoft Outlook] {0006F033-0000-0000-C000-000000000046} <, N/A> [Microsoft Outlook] {0006F03A-0000-0000-C000-000000000046} <, N/A> [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, N/A> [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [] {1C6C0710-AAE7-4ACE-AA71-414D3AF4C2C3} [Shockwave ActiveX Control] {233C1507-6A77-46A4-9443-F871F945D258} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A> [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [] {53707962-6F74-2D53-2644-206D7942484F} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [ST] {9394EDE7-C8B5-483E-8773-474BF36AF6E4} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [VIDEO__MPEG Moniker Class] {CD3AFA89-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [HGPlugin9USA Class] {CD995117-98E5-4169-9920-6C12D4C0B548} [Windows Live Sign-in Control] {D2517915-48CE-4286-970F-921E881B8C5C} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [OfficeObj Class] {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, N/A> [QuickTimeCheck Class] {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A> [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] {EF99BD32-C1FB-11D2-892F-0090271D4F88} <, N/A> [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A> [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A> [&Search] ================================== Running Processes [PID: 324][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 376][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 400][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\cnetcrc.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 444][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [PID: 456][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 604][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 648][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 684][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [PID: 732][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 784][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [PID: 908][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 997, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 997, 0] [PID: 956][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 997, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 997, 0] [PID: 1148][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [C:\WINDOWS\system32\cnetcrc.dll] [N/A, ] [E:\Program Files 2\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32 view.dll] [NVIDIA Corporation, 6.14.10.6121] [C:\WINDOWS\system32 vwddi.dll] [NVIDIA Corporation, 6.14.10.6121] [C:\WINDOWS\system32 vcpl.dll] [NVIDIA Corporation, 6.14.10.6121] [C:\WINDOWS\system32 vshell.dll] [NVIDIA Corporation, 6.14.10.6121] [E:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0] [C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.110.3] [C:\ComboFix\catchme.cfexe] [N/A, ] [PID: 2284][C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.110.3] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [PID: 2324][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 997, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 997, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 997, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 997, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 997, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 997, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 997, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 997, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 997, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 997, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 997, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 997, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 997, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 997, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 997, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 997, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 997, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 997, 0] [C:\WINDOWS\system32 view.dll] [NVIDIA Corporation, 6.14.10.6121] [C:\WINDOWS\system32 vwddi.dll] [NVIDIA Corporation, 6.14.10.6121] [PID: 2576][C:\WINDOWS\Mixer.exe] [C-Media Electronic Inc. (www.cmedia.com.tw), 1.58] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32 view.dll] [NVIDIA Corporation, 6.14.10.6121] [C:\WINDOWS\System32\cmnprop.dll] [C-Media Corporation, 5.00.2195.12] [PID: 2588][C:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 6.5] [C:\WINDOWS\system32 view.dll] [NVIDIA Corporation, 6.14.10.6121] [C:\WINDOWS\system32 vwddi.dll] [NVIDIA Corporation, 6.14.10.6121] [PID: 2772][C:\WINDOWS\system32 undll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32 view.dll] [NVIDIA Corporation, 6.14.10.6121] [C:\WINDOWS\system32 vwddi.dll] [NVIDIA Corporation, 6.14.10.6121] [C:\WINDOWS\system32 vshell.dll] [NVIDIA Corporation, 6.14.10.6121] [PID: 2948][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32 view.dll] [NVIDIA Corporation, 6.14.10.6121] [PID: 872][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.4: 2007051502] [C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0] [C:\Program Files\Mozilla Firefox spr4.dll] [Netscape Communications Corporation, 4.6.7] [C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.4: 2007051502] [C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.7] [C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.7] [C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.5 Basic ECC] [C:\Program Files\Mozilla Firefox ss3.dll] [Mozilla Foundation, 3.11.5 Basic ECC] [C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.5 Basic ECC] [C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.4: 2007051502] [C:\WINDOWS\system32 view.dll] [NVIDIA Corporation, 6.14.10.6121] [C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.4: 2007051502] [C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.4: 2007051502] [C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.4: 2007051502] [C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox ssckbi.dll] [Mozilla Foundation, 1.62] [C:\WINDOWS\system32 vwddi.dll] [NVIDIA Corporation, 6.14.10.6121] [E:\Program Files 2\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [PID: 1376][C:\Documents and Settings\Samuel Moreau\Bureau\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)] [C:\WINDOWS\system32 view.dll] [NVIDIA Corporation, 6.14.10.6121] [C:\WINDOWS\system32 vwddi.dll] [NVIDIA Corporation, 6.14.10.6121] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost ================================== API HOOK N/A ================================== Hidden Process N/A ================================== [/CODE] Question SREng serait po un hijackthis version plus complete????

FillPCA · Answer

Re,
Tu n'as pas attendu assez longtemps pour virustotal. Il doit y avoir beaucoup plus de résultats.

FillPCA

loverskater · Answer

Tu avais raison:

Complete scanning result of "cnetcrc.dll_", received in VirusTotal at 06.12.2007, 23:01:40 (CET).

Antivirus	Version	Update	Result
AhnLab-V3	2007.6.12.2	06.12.2007	no virus found
AntiVir	7.4.0.32	06.12.2007	TR/Agent.37420
Authentium	4.93.8	06.12.2007	no virus found
Avast	4.7.997.0	06.12.2007	no virus found
AVG	7.5.0.467	06.12.2007	no virus found
BitDefender	7.2	06.12.2007	no virus found
CAT-QuickHeal	9.00	06.12.2007	no virus found
ClamAV	devel-20070416	06.12.2007	no virus found
DrWeb	4.33	06.12.2007	no virus found
eSafe	7.0.15.0	06.12.2007	no virus found
eTrust-Vet	30.7.3714	06.12.2007	no virus found
Ewido	4.0	06.12.2007	no virus found
FileAdvisor	1	06.12.2007	no virus found
Fortinet	2.85.0.0	06.12.2007	no virus found
F-Prot	4.3.2.48	06.12.2007	no virus found
F-Secure	6.70.13030.0	06.12.2007	no virus found
Ikarus	T3.1.1.8	06.12.2007	AdWare.Win32.Virtumonde.ke
Kaspersky	4.0.2.24	06.12.2007	no virus found
McAfee	5051	06.12.2007	no virus found
Microsoft	1.2503	06.12.2007	no virus found
NOD32v2	2325	06.12.2007	no virus found
Norman	5.80.02	06.12.2007	no virus found
Panda	9.0.0.4	06.12.2007	Spyware/DuncanMonitor
Prevx1	V2	06.12.2007	no virus found
Sophos	4.18.0	06.12.2007	no virus found
Sunbelt	2.2.907.0	06.09.2007	VIPRE.Suspicious
Symantec	10	06.12.2007	no virus found
TheHacker	6.1.6.132	06.11.2007	no virus found
VBA32	3.12.0.1	06.12.2007	AdWare.Win32.Virtumonde.ke
VirusBuster	4.3.23:9	06.12.2007	no virus found
Webwasher-Gateway	6.0.1	06.12.2007	Trojan.Agent.37420

J'ai essayer avec C:\WINDOWS\SYSTEM32\mljkige.dll mais sa ne pmarche pas.... 

mljkige.dll
0 bytes size received / Se ha recibido un archivo vacio 

Merci encore!
___......---^^^www.memberofgravitypkteam.com^^^---......___
Le québec c la place que jai choisi, its the place to be, Fier de mon coin que jappele mon pays!

FillPCA · Answer

Bonjour,

1. Télécharger The Avenger par Swandog46 sur votre Bureau.
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
·	Click sur Avenger.zip pour ouvrir le fichier
·	Extraire avenger.exe sur votre bureau

2. Copier tout le texte de la boîte ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):


Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c6c0710-aae7-4ace-aa71-414d3af4c2c3}
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cnetcrc
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\scecp50

Registry values to replace with dummy:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs

Files to delete:
C:\windows\system32\mljkige.dll
C:\windows\system32\cnetcrc.dll

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

3. Maintenant, lancer The Avenger en cliquant sur son icône du bureau.
·	Sous "Script file to execute" choisir "Input Script Manually".
·	Puis cliquer sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
·	Dans cette fenêtre, coller le texte précedemment copié sur le bureau par les touches (Ctrl+V).
·	Cliquer Done
·	ensuite cliquer sur l'icône en forme de Feu Vert pour démarrer l'exécution du script
·	Répondre "Yes" deux fois quand demandé.
4. The Avenger va automatiquement faire ce qui suit:
·	Il va Re-démarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger re-démarrera votre système 2 fois.)
·	Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur votre bureau, ceci est NORMAL.
·	Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
·	The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici C:\avenger\backup.zip.
5. Pour finir copier/coller le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau log HijackThis en utilisant REPONDRE

FillPCA

loverskater · Answer

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\^fhfufmc

*******************

Script file located at: \??\C:\WINDOWS\pxsiqewt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\windows\system32\mljkige.dll not found!
Deletion of file C:\windows\system32\mljkige.dll failed!

Could not process line:
C:\windows\system32\mljkige.dll
Status: 0xc0000034

File C:\windows\system32\cnetcrc.dll deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c6c0710-aae7-4ace-aa71-414d3af4c2c3} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cnetcrc deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\scecp50 deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished!  Terminate.

FillPCA · Answer

Salut,
Peux-tu éditer un rapport Hijackthis s'il te plait ?

FillPCA

loverskater · Answer

Le voici:

Logfile of HijackThis v1.99.1
Scan saved at 18:45, on 2007-06-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files 2\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Samuel Moreau\Bureau\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {C9905EF0-610F-4404-9030-A3F345D069F5} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files 2\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files 2\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Auto Detect.lnk = E:\Program Files 2\iConcepts Music Express\MEAutoDetect.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142KNCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\cnetcrc.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\cnetcrc.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://craziestcreature.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files 2\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

loverskater · Answer

Y'a t'il encore des problèmes?

FillPCA · Answer

Bonjour,

Ca se termine : une ligne infectieuse encore et une vérification.

1)     *  Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.

    * Télécharge Brute Force Uninstaller (de Merijn) : http://www.merijn.org/files/bfu.zip
    * Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU).
    * Fais un clic droit ici : http://perso.orange.fr/Chercheur-perso/scripts/toolbar.bfu
et choisis "Enregistrer la cible sous..." afin de télécharger toolbar.bfu (de Chercheur). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : toolbar.bfu et BFU.exe (très important).
    * Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
    * Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU).
          o Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur : toolbar.bfu 
          o Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU	oolbar.bfu 
          o Clique sur Execute et laisse-le faire son travail.
          o Attendre que Complete script execution apparaîsse et clique sur OK.
          o Clique Exit pour fermer le programme BFU.
    * Redémarre normalement.

2)     *  Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système (Poste de travail).
    * Sauvegarde le rapport en mode texte à l'issue du scan.

3) Edite le rapport Kaspersky avec un rapport Hijackthis.

FillPCA

loverskater · Answer

D:\ E:\ F:\ Scan Statistics Total number of scanned objects 43769 Number of viruses found 6 Number of infected objects 18 Number of suspicious objects 0 Duration of the scan process 02:00:08 Infected Object Name Virus Name Last Action C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped C:\WINDOWS\SYSTEM32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2 mp.edb Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2\edbtmp.log Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped C:\WINDOWS\SYSTEM32\LogFiles\HTTPERR\httperr1.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\TEMP\Perflib_Perfdata_3b8.dat Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\SchedLog.Txt Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA eport\Protection résidente.txt Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log shield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\VundoFix Backups\mljkige.dll.bad Infected: Trojan.Win32.Agent.bi skipped C:\VundoFix Backups mpE.tmp.dll.bad Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32 mp5.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32 mp2.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32 mp8.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32 mp9.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32 mpD.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32 mp15.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32 mp18.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32 mp4.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\Documents and Settings\NetworkService tuser.dat Object is locked skipped C:\Documents and Settings\NetworkService tuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService tuser.dat Object is locked skipped C:\Documents and Settings\LocalService tuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Samuel Moreau tuser.dat Object is locked skipped C:\Documents and Settings\Samuel Moreau tuser.dat.LOG Object is locked skipped C:\Documents and Settings\Samuel Moreau\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Samuel Moreau\Local Settings\Temporary Internet Files\Content.IE5\5FPJ6S9E auj[1] Infected: Trojan.Win32.BHO.g skipped C:\Documents and Settings\Samuel Moreau\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Samuel Moreau\Local Settings\Temporary Internet Files\Content.IE5\3YXAF5ZB auj[1] Infected: Trojan.Win32.BHO.g skipped C:\Documents and Settings\Samuel Moreau\Local Settings\Temporary Internet Files\Content.IE5\3YXAF5ZB\ffa_dn[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Documents and Settings\Samuel Moreau\Local Settings\Temporary Internet Files\Content.IE5\0BJXUHYN\koocwolla_20070601[1] Infected: Trojan.Win32.Agent.anr skipped C:\Documents and Settings\Samuel Moreau\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Samuel Moreau\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Samuel Moreau\Bureau\clean\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped C:\Documents and Settings\Samuel Moreau\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Samuel Moreau\Application Data mp1C.tmp.exe Infected: Trojan.Win32.Agent.agv skipped C:\Documents and Settings\Samuel Moreau\Application Data mpB.tmp.exe Infected: Trojan.Win32.Agent.agv skipped E:\Program Files 2\SDFix\backups mp2.tmp.dll Infected: Trojan.Win32.BHO.g skipped E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed. Logfile of HijackThis v1.99.1 Scan saved at 00:56, on 2007-06-16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe E:\Program Files 2\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\Mixer.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32 undll32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Samuel Moreau\Bureau\Scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {C9905EF0-610F-4404-9030-A3F345D069F5} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files 2\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files 2\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Auto Detect.lnk = E:\Program Files 2\iConcepts Music Express\MEAutoDetect.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\cnetcrc.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\cnetcrc.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://craziestcreature.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Unknown owner - E:\Program Files 2\AVG Anti-Spyware 7.5\guard.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe Question: comment je pourais effacer les <> des antivirus pour faire en sorte qu'ils ne se contredisent pas.....(a chaque fois, je crois que mon ordinateur est infecter, mais c'est des backup des autres antivirus.....(est-ce que je devrais les effacer a la main???)

FillPCA · Answer

Bonjour,

Ca se termine en effet. Pour les backups, on va s'en chercher, mais il reste des petites choses non traitées.

Installe Hijackthis dans un répertoire dédié comme C:\HJT par exemple.

1)     *  Télécharge OTMoveIt  (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
    * Double-clique sur OTMoveIt.exe pour lancer le programme,
    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

C:\Documents and Settings\Samuel Moreau\Application Data	mpB.tmp.exe
C:\Documents and Settings\Samuel Moreau\Application Data	mp1C.tmp.exe
E:\Program Files 2\SDFix

    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles
    * Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

2) Ouvre Hijackthis>"Do a scan only" et coche ceci :
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O2 - BHO: (no name) - {C9905EF0-610F-4404-9030-A3F345D069F5} - (no file) 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install 
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE 

Clique sur fix/réparer.

3) Ouvre OTMoveIt et clique sur "clean up !". Si ton pare-feu se manifeste, accepte. Vide la corbeille.

4) Télécharge et installe Ccleaner :
https://www.ccleaner.com/download

Installe-le (pour Ccleaner, il faut décocher la toolbar Yahoo !). 

Clique "analyse" puis "lancer le nettoyage".

5) Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

6) Edite le rapport AVGantispyware.

7) As-tu encore des soucis ? Sinon, je te donne les derniers conseils.

FillPCA

loverskater · Answer

hem...O4 - HKLM\..\Run: [nwiz] nwiz.exe /install  ceci est un programme qui est avec ma carte graphique....donc est ce que je le dinsinstalle vraiment???? (rechercher google....)

loverskater · Answer

C:\Documents and Settings\Samuel Moreau\Application Data	mpB.tmp.exe moved successfully.
C:\Documents and Settings\Samuel Moreau\Application Data	mp1C.tmp.exe moved successfully.
Folder move failed. E:\Program Files 2\SDFix\HOSTS scheduled to be moved on reboot.
E:\Program Files 2\SDFix\backups moved successfully.
E:\Program Files 2\SDFix\backupreg moved successfully.
E:\Program Files 2\SDFix moved successfully.
 
Created on 06-16-2007 12:27:33

Non je n'ai plus aucun souci,    Merci encore tu a été tres gentil de m'aider, le scan avec AGV 7.5 s'en vien ce soir ou demain matin ;)

merci

FillPCA · Answer

Bonjour,

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
Cette ligne n'est pas indispensable au démarrage. Tu peux toutefois la laisser si tu le préfères.

FillPCA

loverskater · Answer

Encore ces trojan =(

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	12:13 2007-06-17

 + Résultat de l'analyse:	



C:\Documents and Settings\Samuel Moreau\Local Settings\Temporary Internet Files\Content.IE5\3YXAF5ZB\ffa_dn[1] -> Trojan.Agent.agv : Aucune action entreprise.
C:\Documents and Settings\Samuel Moreau\Local Settings\Temporary Internet Files\Content.IE5\0BJXUHYN\koocwolla_20070601[1] -> Trojan.Agent.anr : Aucune action entreprise.
C:\VundoFix Backups\mljkige.dll.bad -> Trojan.Agent.bi : Aucune action entreprise.
C:\Documents and Settings\Samuel Moreau\Local Settings\Temporary Internet Files\Content.IE5\3YXAF5ZB
auj[1] -> Trojan.BHO.g : Aucune action entreprise.
C:\Documents and Settings\Samuel Moreau\Local Settings\Temporary Internet Files\Content.IE5\5FPJ6S9E
auj[1] -> Trojan.BHO.g : Aucune action entreprise.


Fin du rapport

FillPCA · Answer

Bonjour,

Tu as mal utilisé AVGantispyware car il est écrit ceci : Aucune action entreprise. 
1) 

        * Lance OTmoveIT.
        * Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).
          NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.
        * Une liste apparaît dans la partie gauche d'OTmoveIT.
        * Un message apparaît pour confirmer le nettoyage. Confirme.
        * Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi..

2) As-tu utilisé Ccleaner ? Ouvre de nouveau Ccleaner, clique sur "analyse" puis "lancer le nettoyage".
3) On recommence avec AVGantispyware. Suis bien les étapes :
Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

Edite ce rapport.

FillPCA

loverskater · Answer

--------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 18:38 2007-06-18 + Résultat de l'analyse: C:\Recycled\Dc38\mljkige.dll.bad -> Trojan.Agent.bi : Nettoyé. C:\Documents and Settings\Samuel Moreau\Local Settings\Temporary Internet Files\Content.IE5\5FPJ6S9E auj[1] -> Trojan.BHO.g : Nettoyé. Fin du rapport Dsl, je suis un peu lent a repondre....mais je suis vraiment débordé ces temps si.... Bon coté ordinateur je n'ai plus de souci, plus de pop-up, mon ordinateur <> plus vite, mais comme c'est un pentium III, 600 Mgh (je ne sais pas si je lai écrit correctement lol) elle n'est pas très rapide, alors sa fais une grosse différence! Encore merci, si tu veut que je peux poster un log hijackthis?!

FillPCA · Answer

Bonjour,

A priori, c'est tout bon.

1) Tu peux supprimer les outils utilisés (sauf Ccleaner et AVGantispyware) et vider ta corbeille.
2) Tu dois désactiver la restauration système. Pour cela, fais un clic droit sur « poste de travail ». Dans l’onglet « restauration du système », coche la case « désactiver la restauration système ». Clique sur OK>appliquer.

Décoche cette case, clique sur appliquer>OK et redémarre le PC.

3) Il te faut un firewall car tu n'en as pas. Certains produits gratuits sont efficaces (Outpost, Zone alarm, Kerio etc...)

Si tu n'as plus de problème, tu peux marquer ton sujet en cliquant sur "résolu".

Bon surf !

FillPCA

loverskater · Answer

Merci encore de m'avoir aider, jepeux maintenant <> en paix. J'ai essayer out post, mais il a fait <> mes jeux online alors je vais essayer kerio!

FillPCA · Answer

Salut,

content d'avoir pu t'aider.

FillPCA

Trojan.Agent.anr,Trojan.BHO.bh etc..revien tt

27 réponses

Discussions similaires