INFECTE PAR TROJAN CONHOOK ET VIRTUMONDE
xavax2
Messages postés
3
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Slt, Bit defender m'a trouvé 2 trojans:
win32/virtumonde.M
win32/conhook.C
(avant il y avait aussi win32/fotomoto.A mais il n'a plus l'air d'être là)
je vous mets le Hijack en espèrant que vous pourrez me donner un coup de main, thx.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:35:32, on 08/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\Micro Application\9 Dictionnaires Utiles\MediaDICO9Ut.EXE
C:\Program Files\Micro Application\9 Dictionnaires Utiles\Rac9Ut.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\dllcache\winmga.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\winbbs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Xav'\Local Settings\Temporary Internet Files\Content.IE5\HHYMYLG3\HiJackThis_v2[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\ddcawxy.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [chcenter] C:\Program Files\IMSI\HiJaak Image Manager 1.5\Capture\chcenter.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MediaDICO9Ut] C:\Program Files\Micro Application\9 Dictionnaires Utiles\LanceMediaDICO9Ut.exe Lancement
O4 - HKCU\..\Run: [SPYWAREREMOVER] C:\Program Files\BulletProofSoft.com\BPS Spyware & Adware Remover\SpyRem.exe /STARTUP
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xavax2.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} (phoneaccess Class) - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.aprr.fr/fr/preparation_au_voyage/temps_reel/webcams
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Filter hijack: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll
O20 - Winlogon Notify: byxuuur - byxuuur.dll (file missing)
O20 - Winlogon Notify: ddcawxy - C:\WINDOWS\SYSTEM32\ddcawxy.dll
O20 - Winlogon Notify: xxyawwx - xxyawwx.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Reload Browse - {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} - C:\WINDOWS\system32\svchosts.dll (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 13053 bytes
Configuration: Windows XP
Internet Explorer 7.0
win32/virtumonde.M
win32/conhook.C
(avant il y avait aussi win32/fotomoto.A mais il n'a plus l'air d'être là)
je vous mets le Hijack en espèrant que vous pourrez me donner un coup de main, thx.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:35:32, on 08/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\Micro Application\9 Dictionnaires Utiles\MediaDICO9Ut.EXE
C:\Program Files\Micro Application\9 Dictionnaires Utiles\Rac9Ut.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\dllcache\winmga.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\winbbs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Xav'\Local Settings\Temporary Internet Files\Content.IE5\HHYMYLG3\HiJackThis_v2[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\ddcawxy.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [chcenter] C:\Program Files\IMSI\HiJaak Image Manager 1.5\Capture\chcenter.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MediaDICO9Ut] C:\Program Files\Micro Application\9 Dictionnaires Utiles\LanceMediaDICO9Ut.exe Lancement
O4 - HKCU\..\Run: [SPYWAREREMOVER] C:\Program Files\BulletProofSoft.com\BPS Spyware & Adware Remover\SpyRem.exe /STARTUP
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xavax2.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} (phoneaccess Class) - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.aprr.fr/fr/preparation_au_voyage/temps_reel/webcams
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Filter hijack: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll
O20 - Winlogon Notify: byxuuur - byxuuur.dll (file missing)
O20 - Winlogon Notify: ddcawxy - C:\WINDOWS\SYSTEM32\ddcawxy.dll
O20 - Winlogon Notify: xxyawwx - xxyawwx.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Reload Browse - {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} - C:\WINDOWS\system32\svchosts.dll (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 13053 bytes
Configuration: Windows XP
Internet Explorer 7.0
A voir également:
- INFECTE PAR TROJAN CONHOOK ET VIRTUMONDE
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan sms-par google - Accueil - Virus
- Google Messages va mieux vous protéger des liens dangereux - Accueil - Messagerie instantanée
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Virus trojan al11 ✓ - Forum Virus
5 réponses
Bonjour
Désinstalle ce "programme" qui est un rogue (saloperie) : BPS Spyware & Adware Remover
¤ ¤ Clic sur "démarrer", "exécuter", tape: services.msc
Cherche dans la liste la ligne ci-dessous, tu fais un clic droit dessus choisis "propriétés" et régle la sur "désactivé"
- Microsoft Genuine Advantage
- Google Updater Service
- NVIDIA Display Driver Service
¤ Télécharges : process xp ici:
http://download.sysinternals.com/Files/ProcessExplorer.zip
Déconnectes toi du net et fermes tous les programmes en cours.
Dézippes process xp et double clique sur processxp.exe
¤ Dans la fenêtre principale de processxp double clic sur winlogon.exe(sur la gauche)
Dans la nouvelle fenêtre qui s'ouvre clic sur l'onglet "threads"
sélectionne seulement les lignes qui contiennent la dll infectée: ddcawxy.dll
Tu selectionnes la ligne infectée puis tu cliques sur "kill" pour chacune des lignes infectées trouvées.
une fois fait, valide avec "ok"
¤ Dans la fenêtre principale de processxp double clicsur "explorer.exe"
Dans la nouvelle fenêtre qui s'ouvre cliques sur l'onglet "threads"
sélectionnes seulement les lignes qui contiennent la dll infectée: ddcawxy.dll
Selectionne la ligne puis cliques sur "kill" pour chacune des lignes infectées trouvées.
une fois fait, valide avec "ok"
¤ Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\ddcawxy.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [chcenter] C:\Program Files\IMSI\HiJaak Image Manager 1.5\Capture\chcenter.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
+ toutes les O16
18 - Filter hijack: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll
O20 - Winlogon Notify: byxuuur - byxuuur.dll (file missing)
O20 - Winlogon Notify: ddcawxy - C:\WINDOWS\SYSTEM32\ddcawxy.dll
O20 - Winlogon Notify: xxyawwx - xxyawwx.dll (file missing)
¤ Clic sur démarrer, rechercher, tous les fichiers et dossiersn cherche et supprime si présent :
- hlwin.dll
- xxyawwx.dll
- byxuuur.dll
- winmga.exe
ddcawxy.dll
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
¤ Télécharge et installe AVG anti-spyware : mets le à jour
Tu fais un scan complet de ton système, dès qu'il a fini.
Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp
Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gsel
Désinstalle ce "programme" qui est un rogue (saloperie) : BPS Spyware & Adware Remover
¤ ¤ Clic sur "démarrer", "exécuter", tape: services.msc
Cherche dans la liste la ligne ci-dessous, tu fais un clic droit dessus choisis "propriétés" et régle la sur "désactivé"
- Microsoft Genuine Advantage
- Google Updater Service
- NVIDIA Display Driver Service
¤ Télécharges : process xp ici:
http://download.sysinternals.com/Files/ProcessExplorer.zip
Déconnectes toi du net et fermes tous les programmes en cours.
Dézippes process xp et double clique sur processxp.exe
¤ Dans la fenêtre principale de processxp double clic sur winlogon.exe(sur la gauche)
Dans la nouvelle fenêtre qui s'ouvre clic sur l'onglet "threads"
sélectionne seulement les lignes qui contiennent la dll infectée: ddcawxy.dll
Tu selectionnes la ligne infectée puis tu cliques sur "kill" pour chacune des lignes infectées trouvées.
une fois fait, valide avec "ok"
¤ Dans la fenêtre principale de processxp double clicsur "explorer.exe"
Dans la nouvelle fenêtre qui s'ouvre cliques sur l'onglet "threads"
sélectionnes seulement les lignes qui contiennent la dll infectée: ddcawxy.dll
Selectionne la ligne puis cliques sur "kill" pour chacune des lignes infectées trouvées.
une fois fait, valide avec "ok"
¤ Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\ddcawxy.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [chcenter] C:\Program Files\IMSI\HiJaak Image Manager 1.5\Capture\chcenter.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
+ toutes les O16
18 - Filter hijack: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll
O20 - Winlogon Notify: byxuuur - byxuuur.dll (file missing)
O20 - Winlogon Notify: ddcawxy - C:\WINDOWS\SYSTEM32\ddcawxy.dll
O20 - Winlogon Notify: xxyawwx - xxyawwx.dll (file missing)
¤ Clic sur démarrer, rechercher, tous les fichiers et dossiersn cherche et supprime si présent :
- hlwin.dll
- xxyawwx.dll
- byxuuur.dll
- winmga.exe
ddcawxy.dll
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
¤ Télécharge et installe AVG anti-spyware : mets le à jour
Tu fais un scan complet de ton système, dès qu'il a fini.
Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp
Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gsel
Merci Boulepate62 d'avoir répondu si vite, quelques petites questions:
- "Désinstalle ce "programme" qui est un rogue (saloperie) : BPS Spyware & Adware Remover "
Je ne l'ai pas trouvé dans Ajout/Supp de prog.
-"Tu selectionnes la ligne infectée puis tu cliques sur "kill" pour chacune des lignes infectées trouvées.
une fois fait, valide avec "ok" "
Il n'y avait aucune ligne avec écrit ddcawxy.dll.
-"O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\ddcawxy.dll"
Ces deux lignes n'étaient pas dans le rapport Hijack.
Je te mets le rapport de AVG, j'attends ta réponse pour savoir ce que je dois faire. Merci.
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 15:22:51 10/07/2007
+ Résultat de l'analyse:
HKU\S-1-5-21-2941556645-648594528-1953578004-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignoré.
HKU\S-1-5-21-2941556645-648594528-1953578004-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Ignoré.
C:\WINDOWS\system32\fk.dll -> Adware.AdPatrol : Ignoré.
C:\Program Files\Everest Poker\Everest Poker.exe -> Adware.Casino : Ignoré.
C:\Program Files\Everest Poker\cstart-tmp.exe -> Adware.Casino : Ignoré.
C:\Program Files\Everest Poker\cstart.exe -> Adware.Casino : Ignoré.
HKU\S-1-5-21-2941556645-648594528-1953578004-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5054F860-748D-4840-B7B4-DDDB428421AF} -> Adware.Generic : Ignoré.
HKLM\SOFTWARE\HbTools -> Adware.HotBar : Ignoré.
HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Ignoré.
HKLM\SOFTWARE\Classes\CLSID\{85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} -> Adware.LinkMaker : Ignoré.
HKU\S-1-5-21-2941556645-648594528-1953578004-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85A77577-A8CA-41B7-AA1E-DDAD4C0B12B1} -> Adware.LinkMaker : Ignoré.
C:\WINDOWS\system32\PreUninstallHL.exe -> Adware.LinkReplacer : Ignoré.
C:\Documents and Settings\Xav'\Local Settings\Temp\C9E67.tmp/LMSetup2.exe -> Adware.MDH : Ignoré.
HKU\S-1-5-21-2941556645-648594528-1953578004-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Ignoré.
HKU\S-1-5-21-2941556645-648594528-1953578004-1005\Software\Microsoft\Windows\CurrentVersion\Run\\SPYWAREREMOVER -> Adware.SpywareRemover : Ignoré.
C:\Program Files\Microsoft AntiSpyware\Quarantine\5A5DA186-1919-40F5-B4C7-DCB72D\CC1ADFFD-26DB-4C48-9A83-CF1B4A -> Adware.SpywareStrike : Ignoré.
C:\Program Files\Microsoft AntiSpyware\Quarantine\9C1337DC-3B9D-472D-A5EB-5C095C\508FFBB0-51B6-44DC-93E1-BA96B0 -> Adware.SpywareStrike : Ignoré.
C:\Program Files\Microsoft AntiSpyware\Quarantine\C1B8F5B6-C1C5-4AA7-AC1B-E410D8\04F60213-EA6C-4830-BF5F-BF2531 -> Adware.SpywareStrike : Ignoré.
C:\Program Files\Fichiers communs\WinSoftware\WFF.exe -> Adware.Winfixer : Ignoré.
C:\WINDOWS\system32\drivers\WFF.sys -> Adware.Winfixer : Ignoré.
C:\WINDOWS\system32\dllcache\winmga.exe -> Backdoor.VanBot.dk : Ignoré.
C:\WINDOWS\system32\hqqxbltt.exe -> Downloader.Tiny.id : Ignoré.
C:\WINDOWS\system32\kpxqgtov.exe -> Downloader.Tiny.id : Ignoré.
C:\WINDOWS\system32\ngmdqyly.exe -> Downloader.Tiny.id : Ignoré.
C:\WINDOWS\system32\rhvdiuho.exe -> Downloader.Tiny.id : Ignoré.
C:\WINDOWS\system32\rpclsgie.exe -> Downloader.Tiny.id : Ignoré.
C:\WINDOWS\system32\wwdeauvn.exe -> Downloader.Tiny.id : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@247realmedia[2].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@2o7[2].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@autoscout24.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@clubmed.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@karavel.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@mistergooddeal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@nike.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@philips.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@pinnaclesystems.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@snapfish.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@sonyeurope.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@adbrite[1].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ad.adition[2].txt -> TrackingCookie.Adition : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@admarketplace[1].txt -> TrackingCookie.Admarketplace : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@adviva[1].txt -> TrackingCookie.Adviva : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@casinotropez[1].txt -> TrackingCookie.Casinotropez : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@clickbank[1].txt -> TrackingCookie.Clickbank : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cz11.clickzs[1].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@com[2].txt -> TrackingCookie.Com : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@connextra[2].txt -> TrackingCookie.Connextra : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@enhance[1].txt -> TrackingCookie.Enhance : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@e-2dj6wjlygjajwao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@estat[2].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@www.etracker[1].txt -> TrackingCookie.Etracker : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@fastclick[2].txt -> TrackingCookie.Fastclick : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@media.fastclick[1].txt -> TrackingCookie.Fastclick : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@hitbox[1].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@searchportal.information[2].txt -> TrackingCookie.Information : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ilead.itrack[2].txt -> TrackingCookie.Itrack : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ivwbox[1].txt -> TrackingCookie.Ivwbox : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@beta.search.live[1].txt -> TrackingCookie.Live : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ie.search.msn[1].txt -> TrackingCookie.Msn : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@search.msn[1].txt -> TrackingCookie.Msn : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@oewabox[2].txt -> TrackingCookie.Oewabox : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@stat.onestat[2].txt -> TrackingCookie.Onestat : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@data2.perf.overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@perf.overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ads.planetactive[2].txt -> TrackingCookie.Planetactive : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@realmedia[1].txt -> TrackingCookie.Realmedia : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@revenue[2].txt -> TrackingCookie.Revenue : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@revsci[1].txt -> TrackingCookie.Revsci : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@edge.ru4[1].txt -> TrackingCookie.Ru4 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@www.saxobank[2].txt -> TrackingCookie.Saxobank : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@serving-sys[3].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@specificclick[2].txt -> TrackingCookie.Specificclick : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@statcounter[2].txt -> TrackingCookie.Statcounter : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@tacoda[2].txt -> TrackingCookie.Tacoda : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@valueclick[2].txt -> TrackingCookie.Valueclick : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@server4.web-stat[1].txt -> TrackingCookie.Web-stat : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@web-stat[2].txt -> TrackingCookie.Web-stat : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@m.webtrends[1].txt -> TrackingCookie.Webtrends : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@yadro[1].txt -> TrackingCookie.Yadro : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@c1.zedo[1].txt -> TrackingCookie.Zedo : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@zedo[1].txt -> TrackingCookie.Zedo : Ignoré.
HKU\S-1-5-21-2941556645-648594528-1953578004-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0103CD4-D1CE-411A-B75B-4FEC072867F4} -> Trojan.Puper.ac : Ignoré.
C:\WINDOWS\system32\opnkllm.exe -> Trojan.Small : Ignoré.
C:\comment.htt -> Trojan.Starter.a : Ignoré.
C:\Documents and Settings\Xav'\Bureau\Ma musique\Ma musique.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Mes images\Famille\Chassat\Chassat.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Mes images\Gauthé\Gauthé.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Mes images\Mes images.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Mes images\Salon de l'auto 2006\Salon de l'auto 2006.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Mes images\Week end Bretagne novembre 2006\Week end Bretagne novembre 2006.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Mes images\saint Etienne\saint Etienne.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Rink hockey\Rink hockey.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Rink hockey\préparation physique\préparation physique.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\prog scolaire\STAPS\M1 PPMR\M1 PPMR.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\prog scolaire\STAPS\M1 PPMR\Management des groupes\Management des groupes.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\prog scolaire\STAPS\M1 PPMR\Préparation mentale\Préparation mentale.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\prog scolaire\STAPS\STAPS.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\prog scolaire\prog scolaire.exe -> Worm.Rays : Ignoré.
C:\Program Files\eMule\Incoming\Incoming.exe -> Worm.Rays : Ignoré.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034677.exe -> Worm.Rays : Ignoré.
Fin du rapport
- "Désinstalle ce "programme" qui est un rogue (saloperie) : BPS Spyware & Adware Remover "
Je ne l'ai pas trouvé dans Ajout/Supp de prog.
-"Tu selectionnes la ligne infectée puis tu cliques sur "kill" pour chacune des lignes infectées trouvées.
une fois fait, valide avec "ok" "
Il n'y avait aucune ligne avec écrit ddcawxy.dll.
-"O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\ddcawxy.dll"
Ces deux lignes n'étaient pas dans le rapport Hijack.
Je te mets le rapport de AVG, j'attends ta réponse pour savoir ce que je dois faire. Merci.
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 15:22:51 10/07/2007
+ Résultat de l'analyse:
HKU\S-1-5-21-2941556645-648594528-1953578004-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignoré.
HKU\S-1-5-21-2941556645-648594528-1953578004-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Ignoré.
C:\WINDOWS\system32\fk.dll -> Adware.AdPatrol : Ignoré.
C:\Program Files\Everest Poker\Everest Poker.exe -> Adware.Casino : Ignoré.
C:\Program Files\Everest Poker\cstart-tmp.exe -> Adware.Casino : Ignoré.
C:\Program Files\Everest Poker\cstart.exe -> Adware.Casino : Ignoré.
HKU\S-1-5-21-2941556645-648594528-1953578004-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5054F860-748D-4840-B7B4-DDDB428421AF} -> Adware.Generic : Ignoré.
HKLM\SOFTWARE\HbTools -> Adware.HotBar : Ignoré.
HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Ignoré.
HKLM\SOFTWARE\Classes\CLSID\{85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} -> Adware.LinkMaker : Ignoré.
HKU\S-1-5-21-2941556645-648594528-1953578004-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85A77577-A8CA-41B7-AA1E-DDAD4C0B12B1} -> Adware.LinkMaker : Ignoré.
C:\WINDOWS\system32\PreUninstallHL.exe -> Adware.LinkReplacer : Ignoré.
C:\Documents and Settings\Xav'\Local Settings\Temp\C9E67.tmp/LMSetup2.exe -> Adware.MDH : Ignoré.
HKU\S-1-5-21-2941556645-648594528-1953578004-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Ignoré.
HKU\S-1-5-21-2941556645-648594528-1953578004-1005\Software\Microsoft\Windows\CurrentVersion\Run\\SPYWAREREMOVER -> Adware.SpywareRemover : Ignoré.
C:\Program Files\Microsoft AntiSpyware\Quarantine\5A5DA186-1919-40F5-B4C7-DCB72D\CC1ADFFD-26DB-4C48-9A83-CF1B4A -> Adware.SpywareStrike : Ignoré.
C:\Program Files\Microsoft AntiSpyware\Quarantine\9C1337DC-3B9D-472D-A5EB-5C095C\508FFBB0-51B6-44DC-93E1-BA96B0 -> Adware.SpywareStrike : Ignoré.
C:\Program Files\Microsoft AntiSpyware\Quarantine\C1B8F5B6-C1C5-4AA7-AC1B-E410D8\04F60213-EA6C-4830-BF5F-BF2531 -> Adware.SpywareStrike : Ignoré.
C:\Program Files\Fichiers communs\WinSoftware\WFF.exe -> Adware.Winfixer : Ignoré.
C:\WINDOWS\system32\drivers\WFF.sys -> Adware.Winfixer : Ignoré.
C:\WINDOWS\system32\dllcache\winmga.exe -> Backdoor.VanBot.dk : Ignoré.
C:\WINDOWS\system32\hqqxbltt.exe -> Downloader.Tiny.id : Ignoré.
C:\WINDOWS\system32\kpxqgtov.exe -> Downloader.Tiny.id : Ignoré.
C:\WINDOWS\system32\ngmdqyly.exe -> Downloader.Tiny.id : Ignoré.
C:\WINDOWS\system32\rhvdiuho.exe -> Downloader.Tiny.id : Ignoré.
C:\WINDOWS\system32\rpclsgie.exe -> Downloader.Tiny.id : Ignoré.
C:\WINDOWS\system32\wwdeauvn.exe -> Downloader.Tiny.id : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@247realmedia[2].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@2o7[2].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@autoscout24.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@clubmed.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@karavel.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@mistergooddeal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@nike.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@philips.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@pinnaclesystems.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@snapfish.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@sonyeurope.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@adbrite[1].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ad.adition[2].txt -> TrackingCookie.Adition : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@admarketplace[1].txt -> TrackingCookie.Admarketplace : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@adviva[1].txt -> TrackingCookie.Adviva : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@casinotropez[1].txt -> TrackingCookie.Casinotropez : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@clickbank[1].txt -> TrackingCookie.Clickbank : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cz11.clickzs[1].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@com[2].txt -> TrackingCookie.Com : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@connextra[2].txt -> TrackingCookie.Connextra : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@enhance[1].txt -> TrackingCookie.Enhance : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@e-2dj6wjlygjajwao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@estat[2].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@www.etracker[1].txt -> TrackingCookie.Etracker : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@fastclick[2].txt -> TrackingCookie.Fastclick : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@media.fastclick[1].txt -> TrackingCookie.Fastclick : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@hitbox[1].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@searchportal.information[2].txt -> TrackingCookie.Information : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ilead.itrack[2].txt -> TrackingCookie.Itrack : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ivwbox[1].txt -> TrackingCookie.Ivwbox : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@beta.search.live[1].txt -> TrackingCookie.Live : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ie.search.msn[1].txt -> TrackingCookie.Msn : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@search.msn[1].txt -> TrackingCookie.Msn : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@oewabox[2].txt -> TrackingCookie.Oewabox : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@stat.onestat[2].txt -> TrackingCookie.Onestat : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@data2.perf.overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@perf.overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ads.planetactive[2].txt -> TrackingCookie.Planetactive : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@realmedia[1].txt -> TrackingCookie.Realmedia : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@revenue[2].txt -> TrackingCookie.Revenue : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@revsci[1].txt -> TrackingCookie.Revsci : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@edge.ru4[1].txt -> TrackingCookie.Ru4 : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@www.saxobank[2].txt -> TrackingCookie.Saxobank : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@serving-sys[3].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@specificclick[2].txt -> TrackingCookie.Specificclick : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@statcounter[2].txt -> TrackingCookie.Statcounter : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@tacoda[2].txt -> TrackingCookie.Tacoda : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@valueclick[2].txt -> TrackingCookie.Valueclick : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@server4.web-stat[1].txt -> TrackingCookie.Web-stat : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@web-stat[2].txt -> TrackingCookie.Web-stat : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@m.webtrends[1].txt -> TrackingCookie.Webtrends : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@yadro[1].txt -> TrackingCookie.Yadro : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@c1.zedo[1].txt -> TrackingCookie.Zedo : Ignoré.
C:\Documents and Settings\Xav'\Cookies\xav'@zedo[1].txt -> TrackingCookie.Zedo : Ignoré.
HKU\S-1-5-21-2941556645-648594528-1953578004-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0103CD4-D1CE-411A-B75B-4FEC072867F4} -> Trojan.Puper.ac : Ignoré.
C:\WINDOWS\system32\opnkllm.exe -> Trojan.Small : Ignoré.
C:\comment.htt -> Trojan.Starter.a : Ignoré.
C:\Documents and Settings\Xav'\Bureau\Ma musique\Ma musique.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Mes images\Famille\Chassat\Chassat.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Mes images\Gauthé\Gauthé.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Mes images\Mes images.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Mes images\Salon de l'auto 2006\Salon de l'auto 2006.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Mes images\Week end Bretagne novembre 2006\Week end Bretagne novembre 2006.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Mes images\saint Etienne\saint Etienne.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Rink hockey\Rink hockey.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\Rink hockey\préparation physique\préparation physique.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\prog scolaire\STAPS\M1 PPMR\M1 PPMR.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\prog scolaire\STAPS\M1 PPMR\Management des groupes\Management des groupes.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\prog scolaire\STAPS\M1 PPMR\Préparation mentale\Préparation mentale.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\prog scolaire\STAPS\STAPS.exe -> Worm.Rays : Ignoré.
C:\Documents and Settings\Xav'\Mes documents\prog scolaire\prog scolaire.exe -> Worm.Rays : Ignoré.
C:\Program Files\eMule\Incoming\Incoming.exe -> Worm.Rays : Ignoré.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034677.exe -> Worm.Rays : Ignoré.
Fin du rapport
Tu peux tout supprimer pour AVG antispyware mis à part everest poker si tu y joues encore car si les espions il va ne plus fonctionner.
A toi de voir soit tu supprimes tout et tu réinstalles ce logiciel soit tu les ignores avec AVG (clic droit sur les lignes everest poker)
¤ Clic sur démarrer, poste de travail, C:, Program Files, cherche et supprime ;
- BulletProofSoft.com
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
Tu as choppé une sale bestiole, méfie toi du peertopeer la prochaine ça pourrait être pire.
¤ ¤ Fais ce nettoyage: à faire réguliérement
*Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> https://www.clubic.com/telecharger-fiche14492-ccleaner.html
- Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problémes.
- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
http://redir.fr/gmll
¤ Télécharge Spywareblaster
----> spyware blaster
Puis exécute le logiciel pour lui appliquer les protections.
Si tu as besoin d'aide, regarde ce tutoriel pour Spywareblaster
--> http://redir.fr/ggll
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
A toi de voir soit tu supprimes tout et tu réinstalles ce logiciel soit tu les ignores avec AVG (clic droit sur les lignes everest poker)
¤ Clic sur démarrer, poste de travail, C:, Program Files, cherche et supprime ;
- BulletProofSoft.com
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
Tu as choppé une sale bestiole, méfie toi du peertopeer la prochaine ça pourrait être pire.
¤ ¤ Fais ce nettoyage: à faire réguliérement
*Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> https://www.clubic.com/telecharger-fiche14492-ccleaner.html
- Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problémes.
- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
http://redir.fr/gmll
¤ Télécharge Spywareblaster
----> spyware blaster
Puis exécute le logiciel pour lui appliquer les protections.
Si tu as besoin d'aide, regarde ce tutoriel pour Spywareblaster
--> http://redir.fr/ggll
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
BitDefender Online Scanner
Scan report generated at: Wed, Jul 11, 2007 - 12:15:21
Scan path: C:\;D:\;F:\;G:\;H:\;I:\;J:\;
Statistics
Time
00:55:18
Files
168174
Folders
5989
Boot Sectors
3
Archives
7373
Packed Files
9433
Results
Identified Viruses
14
Infected Files
51
Suspect Files
0
Warnings
0
Disinfected
1
Deleted Files
62
Engines Info
Virus Definitions
656515
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\All Users\Documents\setup.exe
Infected with: Win32.Gael.3666
C:\Documents and Settings\All Users\Documents\setup.exe
Disinfected
C:\Documents and Settings\All Users\Documents\setup.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\All Users\Documents\setup.exe
Disinfection failed
C:\Documents and Settings\All Users\Documents\setup.exe
Deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5PL2MQ7P\raser[1].htm
Infected with: MemScan:Trojan.Virtumonde.IC
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5PL2MQ7P\raser[1].htm
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5PL2MQ7P\raser[1].htm
Deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EMM0XY78\im++[1].exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EMM0XY78\im++[1].exe=>(AutoIT)
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EMM0XY78\im++[1].exe=>(AutoIT)
Deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EMM0XY78\linux[1].exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EMM0XY78\linux[1].exe=>(AutoIT)
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EMM0XY78\linux[1].exe=>(AutoIT)
Deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I9WFKJS2\linux[1].exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I9WFKJS2\linux[1].exe=>(AutoIT)
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I9WFKJS2\linux[1].exe=>(AutoIT)
Deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PEE7VVKS\linux[3].exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PEE7VVKS\linux[3].exe=>(AutoIT)
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PEE7VVKS\linux[3].exe=>(AutoIT)
Deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PEE7VVKS\lo1[1]
Infected with: MemScan:Trojan.Virtumod.ALX
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PEE7VVKS\lo1[1]
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PEE7VVKS\lo1[1]
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP433\A0025457.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP433\A0025457.exe=>(AutoIT)
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP433\A0025457.exe=>(AutoIT)
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0026459.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0026459.exe=>(AutoIT)
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0026459.exe=>(AutoIT)
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0026466.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0026466.exe=>(AutoIT)
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0026466.exe=>(AutoIT)
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0027470.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0027470.exe=>(AutoIT)
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0027470.exe=>(AutoIT)
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP436\A0029488.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP436\A0029488.exe=>(AutoIT)
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP436\A0029488.exe=>(AutoIT)
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033359.dll
Infected with: MemScan:Trojan.Virtumod.ALX
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033359.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033359.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033360.dll
Infected with: Trojan.Spy.VBStat.B
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033360.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033361.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033361.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033361.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033362.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033362.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033362.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033363.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033363.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033363.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP441\A0033409.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP441\A0033409.exe=>(AutoIT)
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP441\A0033409.exe=>(AutoIT)
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034442.dll
Infected with: MemScan:Trojan.Virtumod.ALX
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034442.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034442.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034446.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034446.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034446.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034447.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034447.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034447.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034456.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034456.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034456.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034457.dll
Infected with: MemScan:Trojan.Virtumod.ALX
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034457.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034457.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034460.dll
Infected with: Trojan.JuanSearch.A
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034460.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034460.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP448\A0034623.dll
Infected with: MemScan:Trojan.Virtumod.ALX
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP448\A0034623.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP448\A0034623.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP448\A0034624.dll
Infected with: MemScan:Trojan.Virtumod.ALX
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP448\A0034624.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP448\A0034624.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034634.dll
Infected with: MemScan:Trojan.Virtumod.ALX
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034634.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034634.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034635.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034635.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034635.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034675.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034675.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034675.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034696.exe
Infected with: Win32.Wukill.E@mm
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034696.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034696.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034697.exe
Infected with: Win32.Wukill.E@mm
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034697.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034697.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034698.exe
Infected with: Trojan.Agent.AAMG
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034698.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034698.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034699.exe
Infected with: Trojan.Clicker.MNB
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034699.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034699.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034700.exe
Infected with: Trojan.Clicker.Agent.NP
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034700.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034700.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034701.exe
Infected with: Trojan.Clicker.MNB
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034701.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034701.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034702.exe
Infected with: Trojan.Clicker.MNB
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034702.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034702.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034703.exe
Infected with: Trojan.Clicker.MNB
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034703.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034703.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034704.exe
Infected with: Trojan.Clicker.MNB
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034704.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034704.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034705.exe
Infected with: Trojan.Downloader.Navipromo.A
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034705.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034705.exe
Deleted
C:\VundoFix Backups\awtss.dll.bad
Infected with: MemScan:Trojan.Virtumod.ALX
C:\VundoFix Backups\awtss.dll.bad
Disinfection failed
C:\VundoFix Backups\awtss.dll.bad
Deleted
C:\VundoFix Backups\fccccya.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\fccccya.dll.bad
Disinfection failed
C:\VundoFix Backups\fccccya.dll.bad
Deleted
C:\VundoFix Backups\itpcrgba.dll.bad
Infected with: Trojan.JuanSearch.A
C:\VundoFix Backups\itpcrgba.dll.bad
Disinfection failed
C:\VundoFix Backups\itpcrgba.dll.bad
Deleted
C:\winbbs.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\winbbs.exe=>(AutoIT)
Disinfection failed
C:\winbbs.exe=>(AutoIT)
Deleted
C:\WINDOWS\system32\asnokfya.dll
Infected with: Trojan.JuanSearch.A
C:\WINDOWS\system32\asnokfya.dll
Disinfection failed
C:\WINDOWS\system32\asnokfya.dll
Delete failed
C:\WINDOWS\system32\fccccya.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\WINDOWS\system32\fccccya.dll
Disinfection failed
C:\WINDOWS\system32\fccccya.dll
Deleted
C:\WINDOWS\system32\hggfcbx.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\WINDOWS\system32\hggfcbx.dll
Disinfection failed
C:\WINDOWS\system32\hggfcbx.dll
Deleted
C:\WINDOWS\system32\mljgdcc.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\WINDOWS\system32\mljgdcc.dll
Disinfection failed
C:\WINDOWS\system32\mljgdcc.dll
Deleted
C:\WINDOWS\system32\ssqqrrs.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\WINDOWS\system32\ssqqrrs.dll
Disinfection failed
C:\WINDOWS\system32\ssqqrrs.dll
Deleted
C:\winsfr.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\winsfr.exe=>(AutoIT)
Disinfection failed
C:\winsfr.exe=>(AutoIT)
Deleted
C:\winspur.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\winspur.exe=>(AutoIT)
Disinfection failed
C:\winspur.exe=>(AutoIT)
Deleted
Scan report generated at: Wed, Jul 11, 2007 - 12:15:21
Scan path: C:\;D:\;F:\;G:\;H:\;I:\;J:\;
Statistics
Time
00:55:18
Files
168174
Folders
5989
Boot Sectors
3
Archives
7373
Packed Files
9433
Results
Identified Viruses
14
Infected Files
51
Suspect Files
0
Warnings
0
Disinfected
1
Deleted Files
62
Engines Info
Virus Definitions
656515
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\All Users\Documents\setup.exe
Infected with: Win32.Gael.3666
C:\Documents and Settings\All Users\Documents\setup.exe
Disinfected
C:\Documents and Settings\All Users\Documents\setup.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\All Users\Documents\setup.exe
Disinfection failed
C:\Documents and Settings\All Users\Documents\setup.exe
Deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5PL2MQ7P\raser[1].htm
Infected with: MemScan:Trojan.Virtumonde.IC
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5PL2MQ7P\raser[1].htm
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5PL2MQ7P\raser[1].htm
Deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EMM0XY78\im++[1].exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EMM0XY78\im++[1].exe=>(AutoIT)
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EMM0XY78\im++[1].exe=>(AutoIT)
Deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EMM0XY78\linux[1].exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EMM0XY78\linux[1].exe=>(AutoIT)
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EMM0XY78\linux[1].exe=>(AutoIT)
Deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I9WFKJS2\linux[1].exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I9WFKJS2\linux[1].exe=>(AutoIT)
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I9WFKJS2\linux[1].exe=>(AutoIT)
Deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PEE7VVKS\linux[3].exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PEE7VVKS\linux[3].exe=>(AutoIT)
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PEE7VVKS\linux[3].exe=>(AutoIT)
Deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PEE7VVKS\lo1[1]
Infected with: MemScan:Trojan.Virtumod.ALX
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PEE7VVKS\lo1[1]
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PEE7VVKS\lo1[1]
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP433\A0025457.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP433\A0025457.exe=>(AutoIT)
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP433\A0025457.exe=>(AutoIT)
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0026459.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0026459.exe=>(AutoIT)
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0026459.exe=>(AutoIT)
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0026466.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0026466.exe=>(AutoIT)
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0026466.exe=>(AutoIT)
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0027470.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0027470.exe=>(AutoIT)
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP434\A0027470.exe=>(AutoIT)
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP436\A0029488.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP436\A0029488.exe=>(AutoIT)
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP436\A0029488.exe=>(AutoIT)
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033359.dll
Infected with: MemScan:Trojan.Virtumod.ALX
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033359.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033359.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033360.dll
Infected with: Trojan.Spy.VBStat.B
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033360.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033361.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033361.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033361.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033362.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033362.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033362.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033363.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033363.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP440\A0033363.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP441\A0033409.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP441\A0033409.exe=>(AutoIT)
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP441\A0033409.exe=>(AutoIT)
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034442.dll
Infected with: MemScan:Trojan.Virtumod.ALX
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034442.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034442.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034446.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034446.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034446.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034447.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034447.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP444\A0034447.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034456.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034456.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034456.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034457.dll
Infected with: MemScan:Trojan.Virtumod.ALX
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034457.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034457.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034460.dll
Infected with: Trojan.JuanSearch.A
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034460.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP445\A0034460.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP448\A0034623.dll
Infected with: MemScan:Trojan.Virtumod.ALX
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP448\A0034623.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP448\A0034623.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP448\A0034624.dll
Infected with: MemScan:Trojan.Virtumod.ALX
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP448\A0034624.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP448\A0034624.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034634.dll
Infected with: MemScan:Trojan.Virtumod.ALX
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034634.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034634.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034635.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034635.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034635.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034675.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034675.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP449\A0034675.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034696.exe
Infected with: Win32.Wukill.E@mm
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034696.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034696.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034697.exe
Infected with: Win32.Wukill.E@mm
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034697.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034697.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034698.exe
Infected with: Trojan.Agent.AAMG
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034698.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034698.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034699.exe
Infected with: Trojan.Clicker.MNB
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034699.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034699.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034700.exe
Infected with: Trojan.Clicker.Agent.NP
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034700.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034700.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034701.exe
Infected with: Trojan.Clicker.MNB
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034701.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034701.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034702.exe
Infected with: Trojan.Clicker.MNB
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034702.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034702.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034703.exe
Infected with: Trojan.Clicker.MNB
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034703.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034703.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034704.exe
Infected with: Trojan.Clicker.MNB
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034704.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034704.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034705.exe
Infected with: Trojan.Downloader.Navipromo.A
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034705.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP450\A0034705.exe
Deleted
C:\VundoFix Backups\awtss.dll.bad
Infected with: MemScan:Trojan.Virtumod.ALX
C:\VundoFix Backups\awtss.dll.bad
Disinfection failed
C:\VundoFix Backups\awtss.dll.bad
Deleted
C:\VundoFix Backups\fccccya.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\fccccya.dll.bad
Disinfection failed
C:\VundoFix Backups\fccccya.dll.bad
Deleted
C:\VundoFix Backups\itpcrgba.dll.bad
Infected with: Trojan.JuanSearch.A
C:\VundoFix Backups\itpcrgba.dll.bad
Disinfection failed
C:\VundoFix Backups\itpcrgba.dll.bad
Deleted
C:\winbbs.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\winbbs.exe=>(AutoIT)
Disinfection failed
C:\winbbs.exe=>(AutoIT)
Deleted
C:\WINDOWS\system32\asnokfya.dll
Infected with: Trojan.JuanSearch.A
C:\WINDOWS\system32\asnokfya.dll
Disinfection failed
C:\WINDOWS\system32\asnokfya.dll
Delete failed
C:\WINDOWS\system32\fccccya.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\WINDOWS\system32\fccccya.dll
Disinfection failed
C:\WINDOWS\system32\fccccya.dll
Deleted
C:\WINDOWS\system32\hggfcbx.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\WINDOWS\system32\hggfcbx.dll
Disinfection failed
C:\WINDOWS\system32\hggfcbx.dll
Deleted
C:\WINDOWS\system32\mljgdcc.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\WINDOWS\system32\mljgdcc.dll
Disinfection failed
C:\WINDOWS\system32\mljgdcc.dll
Deleted
C:\WINDOWS\system32\ssqqrrs.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\WINDOWS\system32\ssqqrrs.dll
Disinfection failed
C:\WINDOWS\system32\ssqqrrs.dll
Deleted
C:\winsfr.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\winsfr.exe=>(AutoIT)
Disinfection failed
C:\winsfr.exe=>(AutoIT)
Deleted
C:\winspur.exe=>(AutoIT)
Infected with: Trojan.Virtumod.IZ
C:\winspur.exe=>(AutoIT)
Disinfection failed
C:\winspur.exe=>(AutoIT)
Deleted
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
http://www.suspectfile.com/systemscan/
* Coche uniquement ces cases, décoche tout le reste :
- Recent Files, 60 days
Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
http://www.suspectfile.com/systemscan/
* Coche uniquement ces cases, décoche tout le reste :
- Recent Files, 60 days
Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
