Gros probleme warning spyware

Résolu
gaetan621 -  
 booddha -
Bonjour,mon problème et que en fond écran j ai le message suivant:
warning spyware threat has been detected on you pc
merci de m aider
Configuration: Windows XP
Firefox 2.0.0.12

8 réponses

  1. booddha
     
    Je suis désolé mais tu n'as pas bien paramétré AVG.

    Tu ouvres AVG Anti Spyware.

    Tu cliques sur la loupe (Analyser)

    Tu cliques sur l'onglet Paramètres

    en dessous de Définir l'action par défaut pour les logiciels malveillants détectés


    Tu as une ligne bleue soulignée qui est Actions recommandées

    Tu cliques dessus et tu cliques sur Quarantaine qui doit s'afficher en bleu gras souligné.

    Tu refermes fenêtre principal

    Et tu recommence un scan complet en mode sans échec.

    Désolé mais là tu n'as fait qu'un scan sans rien supprimer des bestioles trouvées (il y en a).

    Je sais c'est long, il est important de bien lire tout ce qui est écrit, chaque mot à son importance.

    _
    1
    1. gaetan621
       
      bonsoir booddha j ai refait deux fois le scane j ai tous suprimer il n y a plus rien je ne peut pas te dire merci
      je le pense tres fort tu ma apporte une tres bonne aide encore heureu qu il y a despersonne comme toi bonne nuit trop bien l equipe
      0
  2. booddha
     

    Bonjour/Bonsoir
    • Ne pas surfer ailleurs que sur le site
    • Couper MSN ou tout autre connexion hormis celle sur le site
    • Appliquer exactement et dans l'ordre les procédures indiquées.
    • Au cas ou plusieurs intervenants se manifestent, en choisir un et un seul.

    • Rester devant la machine en rafraichissant souvent le forum pour voir les nouvelles réponses.
    • Répondre sans attendre à toutes les questions posées dans l'ordre ou elles ont étés posées
    • Soyez précis dans vos réponses. Tenez vous en au sujet et rien qu'au sujet.
    • A proscrire : le language SMS.

    • Ne pas quitter tant qu'il n'est pas dit explicitement que le problème est résolu ou qu'il
    dépasse les compétences de celui ou ceux qui vous aident.
    • N'ouvrez pas plusieurs discussions sur le même sujet sauf si on vous le demande
    (Problème non résolu. Ca arrive)

    • Ne pas s'impatienter. L'analyse d'un rapport et la recherche de solutions
    appropriées prends un certain temps.
    Inutile donc de reposter le même message. Nous ne vous oublions pas,
    nous vous cherchons une solution

    • Ne pas oublier : nous sommes bénévoles.
    Nous mangeons, nous dormons, nous travaillons, nous avons une vie de famille aussi.


    Préalable
    • Vider la corbeille
    • Fermer toutes les applications

    ================ PareFeu XP - Vista ===================
    • Si un autre pare-feu que celui de windows est installé, vérifier qu'il est actif et passer à l'étape CCleaner

    • Sinon

    pour activer/désactiver le Pare-feu Vista
    pour activer/désactiver le Pare-feu Xp le Pare-feu Vista

    • Activer le pare-Feu si ce n'est déjà fait

    ===================== CCLEANER ========================

    Nettoyage avec CCleaner
    On va commencer par faire un peu le ménage

    • Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo.

    • Fermer toutes les applications
    • Lancer CCLeaner
    S'il n'est pas en Français cliquer sur Options, Setting, Language
    et sélectionner Français
    • cocher dans le menu Nettoyeur - onglet Windows :
    Internet Explorer: Fichiers Internet Temporaires, Cookies
    • Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
    • Avancé: Vieilles données du Prefetch
    • Décocher dans le menu Options - sous-menu Avancé :
    Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
    • Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java
    • Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications :
    Firefox/Mozilla: Cache Internet, Cookies
    • Click sur Analyse
    • Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur.
    • Click sur Registre
    • Sélectionner tout
    • Click sur Chercher des erreurs (En bas)

    Une fois le scan terminé sélectionner tout
    • Click sur Réparer les erreurs sélectionnées

    ==================== HIJACKTHIS ======================

    HijackThis

    • Télécharger HijackThis
    • Installer HijackThis en se laissant guider

    • Renommer HijackThis.exe en Monjack.exe <== I M P O R T A N T

    • Fermer toutes les applications
    • Lancer hitjackthis
    • Click sur Do a system scan and save a logfile
    • Copier/Coller le rapport dans le prochain message
    • Attendre la suite
    _
    0
  3. gaetan621 Messages postés 10 Statut Membre
     
    il faut que j attend la suite la j ai hijacktis bloc note
    0
    1. booddha
       
      Attendre la suite c'était après avoir copier/coller le rapport sur le forum.
      0
  4. booddha
     
    Selectionne tout ce qu'il ya dans le bloc note

    Click droit --> copier

    Et tu fais click droit dans le prochain message sur le forum et coller.

    _
    0
    1. gaetan621 Messages postés 10 Statut Membre
       
      mon mon mon mon Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 01:31:28, on 19/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\mgmrwmrv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\PixArt\PAC7302\Monitor.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\WgaTray.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\CCleaner\CCleaner.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2filovemessenger%2fmars2005%2fbetty_boop.png%3f
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [e0724bdb] rundll32.exe "C:\WINDOWS\system32\ehgsbpgo.dll",b
      O4 - HKLM\..\Run: [BMe3417847] Rundll32.exe "C:\WINDOWS\system32\mphswkfb.dll",s
      O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S4.tmp" /EF "HKCU"
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
      O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_9.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gaetan621 Messages postés 10 Statut Membre
     
    il faut que j attend la suite la j ai hijacktis bloc note
    mon mon mon mon Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:31:28, on 19/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\mgmrwmrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2filovemessenger%2fmars2005%2fbetty_boop.png%3f
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [e0724bdb] rundll32.exe "C:\WINDOWS\system32\ehgsbpgo.dll",b
    O4 - HKLM\..\Run: [BMe3417847] Rundll32.exe "C:\WINDOWS\system32\mphswkfb.dll",s
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S4.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_9.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    0
  7. booddha
     
    A première vue tu as 4 types d'infections différentes.
    On va blinder la machine. Et on verra ce qu'il reste après.

    =============== DESINSTALLER AVAST ==================

    desintaller avast qui est une vrai passoire via le lien ci dessous

    desintal Avast

    ===================== ANTIVIR ========================

    Télécharger ANTIVIR qui est un antivirus gratuit

    Suivre la procédure jusqu'au bout. En cas de doute demander

    Procédure d'installation

    Pour les réglages

    ------
    • Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    • Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.

    • Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    • Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------
    • Faire une analyse complète de la machine

    En fin de scan ( qui est assez long)

    • Clic Sauvegarder REPORT puis Enregistrer sous et choisir bureau
    -------
    • Relancer la machine en mode normal
    • Copier/coller le rapport ici

    ================ AVG ANTI-SPYWARE ===================
    Gratuit
    Merci à ep44 pour ce mode explicatif
    Télécharger:
    AVG-AntiSpyware
    • Installer
    • Le lancer
    • Click : Mise à jour
    ------
    • Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    • Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.

    • Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    • Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------
    • Dans ANALYSE ( en forme de loupe )
    • Paramètres ==> sous COMMENT REAGIR==>click sur Actions recommandées ==>Quarantaine
    • Click : Analyse complète du système

    En fin de scan ( qui est assez long)

    • Clic Appliquer toutes les actions <== ceci Très important
    • Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
    -------
    • Relancer la machine en mode normal
    • Copier/coller le rapport ici + un rapport Hijackthis

    Cette procédure est assez longue. Tu n'es pas obligé de rester devant le PC pendant ce temps là. On finira demain si tu veux bien. Je ne serai pas là dans la journée.

    Si tu peux fait les différentes procédures, poste les rapports.

    Si tu as le moindre doute. Poste ici ce qui t'arrête, je répondrai demain.

    _
    0
    1. gaetan621 Messages postés 10 Statut Membre
       
      AntiVir PersonalEdition Classic
      Report file date: mercredi 19 mars 2008 11:27

      Scanning for 1157825 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Username: vero
      Computer name: UNICORNI-1246DA

      Version information:
      BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
      AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
      AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
      LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
      LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 01:11:04
      ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 01:11:04
      ANTIVIR3.VDF : 7.0.3.49 297472 Bytes 18/03/2008 01:11:04
      AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 19/03/2008 01:11:04
      AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
      AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
      AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
      AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/03/2008 01:11:04
      AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
      AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
      AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
      NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
      RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
      RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

      Configuration settings for the scan:
      Jobname..........................: Local Drives
      Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: D:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: on
      Scan all files...................: All files
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: mercredi 19 mars 2008 11:27

      Starting search for hidden objects.
      The driver could not be initialized.

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'notepad.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'setup.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'antivir_workstation_win7u_en_h.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'guard.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      17 processes with 17 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [NOTE] No virus was found!
      Master boot sector HD1
      [NOTE] No virus was found!
      [WARNING] The boot sector file could not be read!
      [WARNING] Error code: 0x0015
      Master boot sector HD2
      [NOTE] No virus was found!
      [WARNING] The boot sector file could not be read!
      [WARNING] Error code: 0x0015
      Master boot sector HD3
      [NOTE] No virus was found!
      [WARNING] The boot sector file could not be read!
      [WARNING] Error code: 0x0015
      Master boot sector HD4
      [NOTE] No virus was found!
      [WARNING] The boot sector file could not be read!
      [WARNING] Error code: 0x0015

      Start scanning boot sectors:
      Boot sector 'C:\'
      [NOTE] No virus was found!
      Boot sector 'E:\'
      [NOTE] In the drive 'E:\' no data medium is inserted!
      Boot sector 'F:\'
      [NOTE] In the drive 'F:\' no data medium is inserted!
      Boot sector 'G:\'
      [NOTE] In the drive 'G:\' no data medium is inserted!
      Boot sector 'H:\'
      [NOTE] In the drive 'H:\' no data medium is inserted!

      Starting to scan the registry.
      C:\WINDOWS\system32\WLCtrl32.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.lkz.9
      [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
      [WARNING] The file could not be deleted!
      C:\WINDOWS\system32\WLCtrl32.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.lkz.9

      The registry was scanned ( '35' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\WINDOWS\system32\afrpctiaf.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4853026e.qua'!
      C:\WINDOWS\system32\atedlewz.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484602c1.qua'!
      C:\WINDOWS\system32\azzltuhh.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '485b02d5.qua'!
      C:\WINDOWS\system32\bbzvold.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '485b02c0.qua'!
      C:\WINDOWS\system32\bjiywmjnm.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484a02ce.qua'!
      C:\WINDOWS\system32\bkvdrnwx.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '485702d1.qua'!
      C:\WINDOWS\system32\boofskepl.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '485002d9.qua'!
      C:\WINDOWS\system32\bzxdcansn.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48590302.qua'!
      C:\WINDOWS\system32\cbtnpkpy.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '485502f0.qua'!
      C:\WINDOWS\system32\cmgppdspou.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48480303.qua'!
      C:\WINDOWS\system32\cpgyhkf.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4848030d.qua'!
      C:\WINDOWS\system32\csujpfcxhe.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48560314.qua'!
      C:\WINDOWS\system32\cxhiefyhqs.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4849031c.qua'!
      C:\WINDOWS\system32\dcluopjj.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484d0313.qua'!
      C:\WINDOWS\system32\derlywm.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48530318.qua'!
      C:\WINDOWS\system32\dgdaipd.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4845031e.qua'!
      C:\WINDOWS\system32\djjrkqd.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484b0326.qua'!
      C:\WINDOWS\system32\djlyvr.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484d0328.qua'!
      C:\WINDOWS\system32\dysafmkk.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '48540344.qua'!
      C:\WINDOWS\system32\edfyckga.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48470333.qua'!
      C:\WINDOWS\system32\eotsqayfn.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48550341.qua'!
      C:\WINDOWS\system32\ewuanjkdj.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48560352.qua'!
      C:\WINDOWS\system32\eyrdejsrqa.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48530358.qua'!
      C:\WINDOWS\system32\fjhoakdfn.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4849034d.qua'!
      C:\WINDOWS\system32\fonvthjsb.exe
      [DETECTION] Is the Trojan horse TR/Spy.Agent.KX.3
      [INFO] The file was moved to '484f0355.qua'!
      C:\WINDOWS\system32\fwwpnh.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48580361.qua'!
      C:\WINDOWS\system32\georxa.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4850035b.qua'!
      C:\WINDOWS\system32\ggozaexsfd.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4850035f.qua'!
      C:\WINDOWS\system32\gokqybh.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484c0369.qua'!
      C:\WINDOWS\system32\gtcxuwzvy.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48440371.qua'!
      C:\WINDOWS\system32\gwpotdjgs.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48510377.qua'!
      C:\WINDOWS\system32\hhrejlws.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '4853036b.qua'!
      C:\WINDOWS\system32\hsjfwdqh.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '484b0379.qua'!
      C:\WINDOWS\system32\hvytcdkan.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '485a0380.qua'!
      C:\WINDOWS\system32\iaokqdbs.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4850036e.qua'!
      C:\WINDOWS\system32\ijdptzc.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4845037e.qua'!
      C:\WINDOWS\system32\ikpwqgnsr.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48510382.qua'!
      C:\WINDOWS\system32\imloxrpo.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '484d0388.qua'!
      C:\WINDOWS\system32\jsplrndff.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48510398.qua'!
      C:\WINDOWS\system32\knjxjuqi.VIR
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '484b0398.qua'!
      C:\WINDOWS\system32\lhlvsw.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484d0397.qua'!
      C:\WINDOWS\system32\lkopjgfae.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4850039d.qua'!
      C:\WINDOWS\system32\lsgujzxtj.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484803aa.qua'!
      C:\WINDOWS\system32\lwdvdxrc.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '484503b1.qua'!
      C:\WINDOWS\system32\melpjzq.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484d03a8.qua'!
      C:\WINDOWS\system32\mjvpqob.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '485703b2.qua'!
      C:\WINDOWS\system32\mljjk.VIR
      [DETECTION] Is the Trojan horse TR/Vundo.DZL
      [INFO] The file was moved to '484b03b6.qua'!
      C:\WINDOWS\system32\mphswkfb.VIR
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '484903c0.qua'!
      C:\WINDOWS\system32\muzudv.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '485b03de.qua'!
      C:\WINDOWS\system32\mvnwgpjxk.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484f03e1.qua'!
      C:\WINDOWS\system32\mwcvdwp.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484403e4.qua'!
      C:\WINDOWS\system32\nskfchsy.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '484c03e8.qua'!
      C:\WINDOWS\system32\nygcuogc.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484803f6.qua'!
      C:\WINDOWS\system32\oeramcj.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '485303e6.qua'!
      C:\WINDOWS\system32\ohevuzbqw.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484603ec.qua'!
      C:\WINDOWS\system32\ohfrmurn.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '484703ee.qua'!
      C:\WINDOWS\system32\osljvpmas.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484d03fd.qua'!
      C:\WINDOWS\system32\pchptasp.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '484903f1.qua'!
      C:\WINDOWS\system32\pfirqmujz.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484a03f8.qua'!
      C:\WINDOWS\system32\plibgw.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484a0401.qua'!
      C:\WINDOWS\system32\prermfrtj.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4846040b.qua'!
      C:\WINDOWS\system32\qfnnrwbs.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '484f0409.qua'!
      C:\WINDOWS\system32\qhpphv.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4851040d.qua'!
      C:\WINDOWS\system32\qnkcmmg.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484c0416.qua'!
      C:\WINDOWS\system32\rsseldxzx.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48540425.qua'!
      C:\WINDOWS\system32\ssswlyo.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48540437.qua'!
      C:\WINDOWS\system32\stshpqem.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48540441.qua'!
      C:\WINDOWS\system32\suwfxrtzxj.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48580444.qua'!
      C:\WINDOWS\system32\tmhwuxsh.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48490443.qua'!
      C:\WINDOWS\system32\tprxntox.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48530449.qua'!
      C:\WINDOWS\system32\tqrbaitz.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4853044c.qua'!
      C:\WINDOWS\system32\ukhfgikwu.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4849044c.qua'!
      C:\WINDOWS\system32\ulsoenbt.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '48540450.qua'!
      C:\WINDOWS\system32\uqxkiibkm.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48590459.qua'!
      C:\WINDOWS\system32\vavwnne.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '4857044e.qua'!
      C:\WINDOWS\system32\vnqsyx.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48520460.qua'!
      C:\WINDOWS\system32\vuysmi.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '485a046a.qua'!
      C:\WINDOWS\system32\vwkhhscck.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484c046e.qua'!
      C:\WINDOWS\system32\wfpdsvfe.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO] The file was moved to '48510462.qua'!
      C:\WINDOWS\system32\WLCtrl32.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.lkz.9
      [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
      [WARNING] The file could not be deleted!
      C:\WINDOWS\system32\xapnrmwnc.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48510489.qua'!
      C:\WINDOWS\system32\xlhrorumaa.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484904e7.qua'!
      C:\WINDOWS\system32\xmxjkq.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '485904eb.qua'!
      C:\WINDOWS\system32\xyasiybbtx.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484204fc.qua'!
      C:\WINDOWS\system32\yayvvwx.VIR
      [DETECTION] Is the Trojan horse TR/Vundo.ecg.1
      [INFO] The file was moved to '485a04e6.qua'!
      C:\WINDOWS\system32\zjlgfycus.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '484d04fe.qua'!
      C:\WINDOWS\system32\zyatkftflx.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO] The file was moved to '48420510.qua'!
      C:\WINDOWS\system32\drivers\Yxg81.sys
      [WARNING] The file could not be opened!
      C:\WINDOWS\system32\ras\slipmenu1.scp
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
      [INFO] The file was moved to '484a0654.qua'!
      Begin scan in 'E:\'
      Search path E:\ could not be opened!
      Le périphérique n'est pas prêt.

      Begin scan in 'F:\'
      Search path F:\ could not be opened!
      Le périphérique n'est pas prêt.

      Begin scan in 'G:\'
      Search path G:\ could not be opened!
      Le périphérique n'est pas prêt.

      Begin scan in 'H:\'
      Search path H:\ could not be opened!
      Le périphérique n'est pas prêt.

      Begin scan in 'D:\'
      Search path D:\ could not be opened!
      Le périphérique n'est pas prêt.



      End of the scan: mercredi 19 mars 2008 13:25
      Used time: 1:57:59 min

      The scan has been done completely.

      4071 Scanning directories
      160596 Files were scanned
      89 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      87 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      160507 Files not concerned
      4947 Archives were scanned
      4 Warnings
      0 Notes
      0
    2. gaetan621 Messages postés 10 Statut Membre
       
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 17:23:40 19/03/2008

      + Résultat de l'analyse:



      C:\Program Files\180search assistant -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180search assistant\180sa.exe -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180search assistant\sau.exe -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180searchassistant -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180searchassistant\saap.exe -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180searchassistant\sac.exe -> Adware.180Solutions : Aucune action entreprise.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} -> Adware.Generic : Aucune action entreprise.
      HKU\S-1-5-21-57989841-1336601894-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Aucune action entreprise.
      C:\System Volume Information\_restore{80846D97-6BD8-446E-8892-BA244A7F29CB}\RP205\A0024588.exe -> Downloader.Tiny.ali : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@clickbank[2].txt -> TrackingCookie.Clickbank : Aucune action entreprise.
      :mozilla.199:C:\Documents and Settings\vero\Application Data\Mozilla\Firefox\Profiles\qheg6cdq.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Aucune action entreprise.
      :mozilla.151:C:\Documents and Settings\vero\Application Data\Mozilla\Firefox\Profiles\qheg6cdq.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.


      Fin du rapport
      0
    3. gaetan621
       
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 17:23:40 19/03/2008

      + Résultat de l'analyse:



      C:\Program Files\180search assistant -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180search assistant\180sa.exe -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180search assistant\sau.exe -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180searchassistant -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180searchassistant\saap.exe -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180searchassistant\sac.exe -> Adware.180Solutions : Aucune action entreprise.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} -> Adware.Generic : Aucune action entreprise.
      HKU\S-1-5-21-57989841-1336601894-725345543-1003\Software\Microsoft\Windows\CurrentVersion\­Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Aucune action entreprise.
      C:\System Volume Information\_restore{80846D97-6BD8-446E-8892-BA244A7F29CB}\RP205\A0024588.exe -> Downloader.Tiny.ali : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@clickbank[2].txt -> TrackingCookie.Clickbank : Aucune action entreprise.
      :mozilla.199:C:\Documents and Settings\vero\Application Data\Mozilla\Firefox\Profiles\qheg6cdq.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Aucune action entreprise.
      :mozilla.151:C:\Documents and Settings\vero\Application Data\Mozilla\Firefox\Profiles\qheg6cdq.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
      0
  8. booddha
     
    Y a eu du ménage de fait, mais y en reste

    Il manque la procédure AVG Anti Spyware.

    Revoir le message N° 6 plus haut

    N'oublie pas les rapports.

    _
    0
    1. gaetan621 Messages postés 10 Statut Membre
       
      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 17:23:40 19/03/2008

      + Résultat de l'analyse:



      C:\Program Files\180search assistant -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180search assistant\180sa.exe -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180search assistant\sau.exe -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180searchassistant -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180searchassistant\saap.exe -> Adware.180Solutions : Aucune action entreprise.
      C:\Program Files\180searchassistant\sac.exe -> Adware.180Solutions : Aucune action entreprise.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} -> Adware.Generic : Aucune action entreprise.
      HKU\S-1-5-21-57989841-1336601894-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Aucune action entreprise.
      C:\System Volume Information\_restore{80846D97-6BD8-446E-8892-BA244A7F29CB}\RP205\A0024588.exe -> Downloader.Tiny.ali : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@clickbank[2].txt -> TrackingCookie.Clickbank : Aucune action entreprise.
      :mozilla.199:C:\Documents and Settings\vero\Application Data\Mozilla\Firefox\Profiles\qheg6cdq.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Aucune action entreprise.
      :mozilla.151:C:\Documents and Settings\vero\Application Data\Mozilla\Firefox\Profiles\qheg6cdq.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
      C:\Documents and Settings\vero\Cookies\vero@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.


      Fin du rapport
      0