Sujet Précédent Sujet Suivant

Spyworn.win32 et bestsellerantivirus

Résolu/Fermé
Utilisateur anonyme - 11 nov. 2007 à 17:31
 Utilisateur anonyme - 17 nov. 2007 à 19:15
Bonjour,
voila j'ai un probleme avec spyworn.win32 (comment enlever e tun programme antivirus qui c'est placer seul et impossible d'enlever!

voila un rapport fait avec Hijackthis Version Française
Logfile of HijackThis v1.99.1
Scan saved at 17:25:52, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\Washer\washer.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {25997E08-274A-4217-8F71-C89C754242C1} - C:\WINDOWS\system32\mljhede.dll
O2 - BHO: (no name) - {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} - (no file)
O2 - BHO: (no name) - {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\yvmqpgqg.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsu60.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\dtyoaidw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C0104A8A-857C-45DB-9AFC-A0274CB45102} - C:\WINDOWS\system32\ddayv.dll
O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\BestsellerAntivirus\Tools\IEFWBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\dtyoaidw.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com
O4 - HKLM\..\Run: [BestsellerAntivirus] C:\Program Files\BestsellerAntivirus\pgs.exe
O4 - HKLM\..\Run: [3f1512ae] rundll32.exe "C:\WINDOWS\system32\hsmtjanl.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.be/SnapfishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dtyoaidw - C:\WINDOWS\SYSTEM32\dtyoaidw.dll
O20 - Winlogon Notify: mljhede - C:\WINDOWS\SYSTEM32\mljhede.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Creative Technology Ltd. - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

32 réponses

Précédent
  • 1
  • 2
Réponse 21 / 32
Utilisateur anonyme
15 nov. 2007 à 23:14
Fichier trdcvkes.dll_ reçu le 2007.11.15 23:05:11 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 8/32 (25%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 6.
L'heure estimée de démarrage est entre 55 et 78 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.16.0 2007.11.15 -
AntiVir 7.6.0.34 2007.11.15 TR/Dldr.ConHook.Gen
Authentium 4.93.8 2007.11.15 -
Avast 4.7.1074.0 2007.11.15 -
AVG 7.5.0.503 2007.11.15 Clicker.JXQ
BitDefender 7.2 2007.11.15 -
CAT-QuickHeal 9.00 2007.11.15 -
ClamAV 0.91.2 2007.11.15 -
DrWeb 4.44.0.09170 2007.11.15 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.2.5297 2007.11.15 -
Ewido 4.0 2007.11.15 -
FileAdvisor 1 2007.11.15 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.14 -
F-Secure 6.70.13030.0 2007.11.15 Vundo.gen49
Ikarus T3.1.1.12 2007.11.15 -
Kaspersky 7.0.0.125 2007.11.15 -
McAfee 5164 2007.11.15 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2661 2007.11.15 -
Norman 5.80.02 2007.11.15 Vundo.gen49
Panda 9.0.0.4 2007.11.15 Spyware/Virtumonde
Prevx1 V2 2007.11.15 Trojan.Vundo
Rising 20.18.31.00 2007.11.15 -
Sophos 4.23.0 2007.11.15 -
Sunbelt 2.2.907.0 2007.11.15 -
Symantec 10 2007.11.15 Trojan.Vundo
TheHacker 6.2.9.129 2007.11.15 -
VBA32 3.12.2.5 2007.11.15 -
VirusBuster 4.3.26:9 2007.11.15 -
Webwasher-Gateway 6.0.1 2007.11.15 Trojan.Dldr.ConHook.Gen
Information additionnelle
File size: 86080 bytes
MD5: 99d6f1af29de733044cd42227f0418e3
SHA1: e96d358d135dfdf97da4339abf51b2972cca0a75
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=5BFAAFC24074BCCE508C0193A7BA5A003F01D110
0
Réponse 22 / 32
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 nov. 2007 à 23:17
regarde mon message 20 pour la suite apres avoir analysé tous les fichiers donnés


a plus
0
Réponse 23 / 32
Utilisateur anonyme
15 nov. 2007 à 23:24
Fichier xheunbwv.dll_ reçu le 2007.11.15 23:15:04 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 11/32 (34.38%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 6.
L'heure estimée de démarrage est entre 55 et 78 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.16.0 2007.11.15 -
AntiVir 7.6.0.34 2007.11.15 TR/Vundo.CA
Authentium 4.93.8 2007.11.15 -
Avast 4.7.1074.0 2007.11.15 -
AVG 7.5.0.503 2007.11.15 Obfustat.VTX
BitDefender 7.2 2007.11.15 Adware.Virtumonde.GHI
CAT-QuickHeal 9.00 2007.11.15 -
ClamAV 0.91.2 2007.11.15 -
DrWeb 4.44.0.09170 2007.11.15 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.2.5297 2007.11.15 -
Ewido 4.0 2007.11.15 -
FileAdvisor 1 2007.11.15 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.14 -
F-Secure 6.70.13030.0 2007.11.15 -
Ikarus T3.1.1.12 2007.11.15 -
Kaspersky 7.0.0.125 2007.11.15 not-a-virus:AdWare.Win32.SecToolBar.k
McAfee 5164 2007.11.15 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2661 2007.11.15 Win32/Adware.SecToolbar
Norman 5.80.02 2007.11.15 W32/Virtumonde.IIT
Panda 9.0.0.4 2007.11.15 Spyware/Virtumonde
Prevx1 V2 2007.11.15 Trojan.Zlob
Rising 20.18.31.00 2007.11.15 -
Sophos 4.23.0 2007.11.15 -
Sunbelt 2.2.907.0 2007.11.15 -
Symantec 10 2007.11.15 Trojan.Vundo
TheHacker 6.2.9.129 2007.11.15 Trojan/BHO.ui
VBA32 3.12.2.5 2007.11.15 -
VirusBuster 4.3.26:9 2007.11.15 -
Webwasher-Gateway 6.0.1 2007.11.15 Trojan.Vundo.CA
Information additionnelle
File size: 145984 bytes
MD5: 0e2d51539d9bb17e116e41c1396520cd
SHA1: 5bcb7fa90beab9ac25a3c840dea11e314d3fd6f7
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=5E3C8ADC40D98E673AB20272A7FF1C00C714E363
0
Réponse 24 / 32
Utilisateur anonyme
16 nov. 2007 à 07:54
File/Folder C:\WINDOWS\SYSTEM32\xheunbwv.dll not found.
File/Folder C:\WINDOWS\SYSTEM32\saxnxsma.dll not found.
File/Folder C:\WINDOWS\SYSTEM32\rbfwokwp.dll not found.
File/Folder C:\WINDOWS\SYSTEM32\trdcvkes.dll not found.
File/Folder C:\WINDOWS\SYSTEM32\ssqqrqp.dll
C:\WINDOWS\SYSTEM32\lvpyodau.dll not found.
File/Folder C:\WINDOWS\SYSTEM32\yayvwxv.dll not found.

Created on 11/16/2007 07:46:57
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 32
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 nov. 2007 à 09:19
____________


Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

 Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
 Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
 Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html

_______________________

remplace avast par antivir et colle moi un rapport:

https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)

________________________
recolle un rapport hijackthis
et dis moi tes problemes
0
Réponse 26 / 32
Utilisateur anonyme
16 nov. 2007 à 09:44
raport antivir


AntiVir PersonalEdition Classic
Report file date: vendredi 16 novembre 2007 09:10

Scanning for 930405 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: YVES

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:56
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 08:09:22
ANTIVIR3.VDF : 7.0.0.222 75776 Bytes 16/11/2007 08:09:22
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 16/11/2007 08:09:22
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 3/08/2007 08:46:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 8/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 7/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: Y:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 16 novembre 2007 09:10

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'KPF4GUI.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'RAPIMGR.EXE' - '1' Module(s) have been scanned
Scan process 'WCESCOMM.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'KPF4GUI.EXE' - '1' Module(s) have been scanned
Scan process 'WLANCFG.EXE' - '1' Module(s) have been scanned
Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'KPF4SS.EXE' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned
Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'Y:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '17' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\PAGEFILE.SYS
[WARNING] The file could not be opened!
C:\upload_moi_YVES.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> _OTMoveIt/MovedFiles/WINDOWS/system32/hblqlbbh.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
--> _OTMoveIt/MovedFiles/WINDOWS/system32/xheunbwv.dll
[DETECTION] Is the Trojan horse TR/Vundo.CA
--> _OTMoveIt/MovedFiles/WINDOWS/system32/saxnxsma.dll
[DETECTION] Is the Trojan horse TR/Vundo.CA
--> _OTMoveIt/MovedFiles/WINDOWS/system32/rbfwokwp.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
--> _OTMoveIt/MovedFiles/WINDOWS/system32/trdcvkes.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
--> _OTMoveIt/MovedFiles/WINDOWS/system32/lvpyodau.dll
[DETECTION] Is the Trojan horse TR/BHO.RF
--> qoobox/Quarantine/C/Documents and Settings/yves/Application Data/install_en[1].exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.WinFixer.AU
--> qoobox/Quarantine/C/z.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.Agent.133120
--> qoobox/Quarantine/C/WINDOWS/SYSTEM32/awttqnk.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/SYSTEM32/iifecba.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/SYSTEM32/tdwmsgxn.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
--> qoobox/Quarantine/C/WINDOWS/SYSTEM32/u4/wr31drs.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> qoobox/Quarantine/C/WINDOWS/SYSTEM32/DRIVERS/FMTR.sys.vir
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.BestSeller.A.3
--> qoobox/Quarantine/C/WINDOWS/SYSTEM32/ddayv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47a950f4.qua'!
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agen.593920
[INFO] The file was moved to '47af532c.qua'!
C:\Program Files\Hijackthis Version Française\backups\backup-20071113-134725-222.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47a0550e.qua'!
C:\System Volume Information\_restore{33B876CD-58C2-4D27-B29A-7391664323E4}\RP234\A0152453.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '476e5676.qua'!
C:\System Volume Information\_restore{33B876CD-58C2-4D27-B29A-7391664323E4}\RP234\A0152454.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '46113b27.qua'!
C:\System Volume Information\_restore{33B876CD-58C2-4D27-B29A-7391664323E4}\RP234\A0152455.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '476e5678.qua'!
C:\System Volume Information\_restore{33B876CD-58C2-4D27-B29A-7391664323E4}\RP234\A0152456.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '476e5677.qua'!
C:\System Volume Information\_restore{33B876CD-58C2-4D27-B29A-7391664323E4}\RP234\A0152457.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '46113b28.qua'!
C:\System Volume Information\_restore{33B876CD-58C2-4D27-B29A-7391664323E4}\RP239\A0153840.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agen.593920
[INFO] The file was moved to '476e5680.qua'!
C:\System Volume Information\_restore{33B876CD-58C2-4D27-B29A-7391664323E4}\RP239\A0153841.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '46113bd1.qua'!
C:\VundoFix Backups\dtyoaidw.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '47b656c6.qua'!
C:\VundoFix Backups\yvmqpgqg.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47aa56c8.qua'!
C:\VundoFix Backups\zscprlhp.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '47a056c5.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\hblqlbbh.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47a956b5.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\xheunbwv.dll
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '47a256bb.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\saxnxsma.dll
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '47b556b4.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rbfwokwp.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47a356b5.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\trdcvkes.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47a156c6.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\lvpyodau.dll
[DETECTION] Is the Trojan horse TR/BHO.RF
[INFO] The file was moved to '47ad56ca.qua'!
C:\qoobox\Quarantine\C\z.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.Agent.133120
[INFO] The file was moved to '47a25683.qua'!
C:\qoobox\Quarantine\C\Documents and Settings\yves\Application Data\install_en[1].exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.WinFixer.AU
[INFO] The file was moved to '47b056c3.qua'!
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\awttqnk.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47b156cd.qua'!
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\iifecba.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47a356bf.qua'!
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\tdwmsgxn.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b456ba.qua'!
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ddayv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '479e56bb.qua'!
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\u4\wr31drs.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477056c9.qua'!
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\FMTR.sys.vir
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.BestSeller.A.3
[INFO] The file was moved to '479156a4.qua'!
Begin scan in 'Y:\' <yves partit>


End of the scan: vendredi 16 novembre 2007 09:40
Used time: 30:13 min

The scan has been done completely.

5404 Scanning directories
264966 Files were scanned
40 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
27 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
264926 Files not concerned
2224 Archives were scanned
1 Warnings
36 Notes
0
Réponse 27 / 32
Utilisateur anonyme
16 nov. 2007 à 09:47
Logfile of HijackThis v1.99.1
Scan saved at 9:47:30, on 16/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.be/SnapfishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Creative Technology Ltd. - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
0
Réponse 28 / 32
Utilisateur anonyme
16 nov. 2007 à 12:22
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec ven. 16/11/2007 a 12:16:38,73

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
0
Réponse 29 / 32
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 nov. 2007 à 22:32
vire tout ce qui est dans vundofix backups en allant dans poste de travail puis C...
C:\VundoFix Backups\

__________________

vire tout ce qui est dans MovedFiles en allant dans poste de travail puis C...

C:\_OTMoveIt\MovedFiles\

_______________________
vire tout ce qui est dans Quarantineen allant dans poste de travail puis C...

C:\qoobox\Quarantine

_______________________


si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

puis redemarre ton ordi

puis réactive là

_______________________
installe
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

_______________________

recolle un rapport antivr et surtout dis tes problemes















pour info:


pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT + si tea timer non active de spybot: WINDOWS DEFENDER ou SPYWARE TERMINATOR

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf
0
Réponse 30 / 32
Utilisateur anonyme
17 nov. 2007 à 08:35
AntiVir PersonalEdition Classic
Report file date: samedi 17 novembre 2007 07:47

Scanning for 930655 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: YVES

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:56
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 08:09:22
ANTIVIR3.VDF : 7.0.0.223 79360 Bytes 16/11/2007 12:36:52
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 16/11/2007 08:09:22
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 3/08/2007 08:46:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 8/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 7/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: Y:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 17 novembre 2007 07:47

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'KPF4GUI.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'KPF4GUI.EXE' - '1' Module(s) have been scanned
Scan process 'WLANCFG.EXE' - '1' Module(s) have been scanned
Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RAPIMGR.EXE' - '1' Module(s) have been scanned
Scan process 'KPF4SS.EXE' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'WCESCOMM.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned
Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'Y:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '17' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\PAGEFILE.SYS
[WARNING] The file could not be opened!
Begin scan in 'Y:\' <yves partit>


End of the scan: samedi 17 novembre 2007 08:16
Used time: 29:19 min

The scan has been done completely.

5368 Scanning directories
264204 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
264204 Files not concerned
2213 Archives were scanned
1 Warnings
36 Notes
0
Réponse 31 / 32
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 nov. 2007 à 18:02
encore des pbs?
0
Réponse 32 / 32
Utilisateur anonyme
17 nov. 2007 à 19:15
non plus de problemes!!!

je te remercie mille fois de ton coup de main !

merci beaucoup
0