Sujet Précédent Sujet Suivant

Gros probleme warning spyware

Résolu
gaetan621 -  
 Utilisateur anonyme -
Bonjour,mon problème et que en fond écran j ai le message suivant:
warning spyware threat has been detected on you pc
merci de m aider
A voir également:

8 réponses

Réponse 1 / 8
Utilisateur anonyme
 
Je suis désolé mais tu n'as pas bien paramétré AVG.

Tu ouvres AVG Anti Spyware.

Tu cliques sur la loupe (Analyser)

Tu cliques sur l'onglet Paramètres

en dessous de Définir l'action par défaut pour les logiciels malveillants détectés


Tu as une ligne bleue soulignée qui est Actions recommandées

Tu cliques dessus et tu cliques sur Quarantaine qui doit s'afficher en bleu gras souligné.

Tu refermes fenêtre principal

Et tu recommence un scan complet en mode sans échec.

Désolé mais là tu n'as fait qu'un scan sans rien supprimer des bestioles trouvées (il y en a).

Je sais c'est long, il est important de bien lire tout ce qui est écrit, chaque mot à son importance.

_
1
gaetan621
 
bonsoir booddha j ai refait deux fois le scane j ai tous suprimer il n y a plus rien je ne peut pas te dire merci
je le pense tres fort tu ma apporte une tres bonne aide encore heureu qu il y a despersonne comme toi bonne nuit trop bien l equipe
0
Réponse 2 / 8
Utilisateur anonyme
 

Bonjour/Bonsoir
• Ne pas surfer ailleurs que sur le site
• Couper MSN ou tout autre connexion hormis celle sur le site
• Appliquer exactement et dans l'ordre les procédures indiquées.
• Au cas ou plusieurs intervenants se manifestent, en choisir un et un seul.

• Rester devant la machine en rafraichissant souvent le forum pour voir les nouvelles réponses.
• Répondre sans attendre à toutes les questions posées dans l'ordre ou elles ont étés posées
• Soyez précis dans vos réponses. Tenez vous en au sujet et rien qu'au sujet.
• A proscrire : le language SMS.

• Ne pas quitter tant qu'il n'est pas dit explicitement que le problème est résolu ou qu'il
dépasse les compétences de celui ou ceux qui vous aident.
• N'ouvrez pas plusieurs discussions sur le même sujet sauf si on vous le demande
(Problème non résolu. Ca arrive)

• Ne pas s'impatienter. L'analyse d'un rapport et la recherche de solutions
appropriées prends un certain temps.
Inutile donc de reposter le même message. Nous ne vous oublions pas,
nous vous cherchons une solution

• Ne pas oublier : nous sommes bénévoles.
Nous mangeons, nous dormons, nous travaillons, nous avons une vie de famille aussi.


Préalable
• Vider la corbeille
• Fermer toutes les applications

================ PareFeu XP - Vista ===================
• Si un autre pare-feu que celui de windows est installé, vérifier qu'il est actif et passer à l'étape CCleaner

• Sinon

pour activer/désactiver le Pare-feu Vista
pour activer/désactiver le Pare-feu Xp le Pare-feu Vista

• Activer le pare-Feu si ce n'est déjà fait

===================== CCLEANER ========================

Nettoyage avec CCleaner
On va commencer par faire un peu le ménage

• Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo.

• Fermer toutes les applications
• Lancer CCLeaner
S'il n'est pas en Français cliquer sur Options, Setting, Language
et sélectionner Français
• cocher dans le menu Nettoyeur - onglet Windows :
Internet Explorer: Fichiers Internet Temporaires, Cookies
• Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
• Avancé: Vieilles données du Prefetch
• Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
• Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java
• Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications :
Firefox/Mozilla: Cache Internet, Cookies
• Click sur Analyse
• Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur.
• Click sur Registre
• Sélectionner tout
• Click sur Chercher des erreurs (En bas)

Une fois le scan terminé sélectionner tout
• Click sur Réparer les erreurs sélectionnées

==================== HIJACKTHIS ======================

HijackThis

• Télécharger HijackThis
• Installer HijackThis en se laissant guider

• Renommer HijackThis.exe en Monjack.exe <== I M P O R T A N T

• Fermer toutes les applications
• Lancer hitjackthis
• Click sur Do a system scan and save a logfile
• Copier/Coller le rapport dans le prochain message
• Attendre la suite
_
0
Réponse 3 / 8
gaetan621 Messages postés 10 Statut Membre
 
il faut que j attend la suite la j ai hijacktis bloc note
0
Utilisateur anonyme
 
Attendre la suite c'était après avoir copier/coller le rapport sur le forum.
0
Réponse 4 / 8
Utilisateur anonyme
 
Selectionne tout ce qu'il ya dans le bloc note

Click droit --> copier

Et tu fais click droit dans le prochain message sur le forum et coller.

_
0
gaetan621 Messages postés 10 Statut Membre
 
mon mon mon mon Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:31:28, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2filovemessenger%2fmars2005%2fbetty_boop.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [e0724bdb] rundll32.exe "C:\WINDOWS\system32\ehgsbpgo.dll",b
O4 - HKLM\..\Run: [BMe3417847] Rundll32.exe "C:\WINDOWS\system32\mphswkfb.dll",s
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S4.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
gaetan621 Messages postés 10 Statut Membre
 
il faut que j attend la suite la j ai hijacktis bloc note
mon mon mon mon Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:31:28, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2filovemessenger%2fmars2005%2fbetty_boop.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [e0724bdb] rundll32.exe "C:\WINDOWS\system32\ehgsbpgo.dll",b
O4 - HKLM\..\Run: [BMe3417847] Rundll32.exe "C:\WINDOWS\system32\mphswkfb.dll",s
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S4.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Réponse 6 / 8
Utilisateur anonyme
 
A première vue tu as 4 types d'infections différentes.
On va blinder la machine. Et on verra ce qu'il reste après.

=============== DESINSTALLER AVAST ==================

desintaller avast qui est une vrai passoire via le lien ci dessous

desintal Avast

===================== ANTIVIR ========================

Télécharger ANTIVIR qui est un antivirus gratuit

Suivre la procédure jusqu'au bout. En cas de doute demander

Procédure d'installation

Pour les réglages

------
• Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
• Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.

• Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
• Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
• Faire une analyse complète de la machine

En fin de scan ( qui est assez long)
• Clic Sauvegarder REPORT puis Enregistrer sous et choisir bureau
-------
• Relancer la machine en mode normal
• Copier/coller le rapport ici

================ AVG ANTI-SPYWARE ===================
Gratuit
Merci à ep44 pour ce mode explicatif
Télécharger:
AVG-AntiSpyware
• Installer
• Le lancer
• Click : Mise à jour
------
• Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
• Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.

• Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
• Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
• Dans ANALYSE ( en forme de loupe )
• Paramètres ==> sous COMMENT REAGIR==>click sur Actions recommandées ==>Quarantaine
• Click : Analyse complète du système

En fin de scan ( qui est assez long)
• Clic Appliquer toutes les actions <== ceci Très important
• Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
• Relancer la machine en mode normal
• Copier/coller le rapport ici + un rapport Hijackthis

Cette procédure est assez longue. Tu n'es pas obligé de rester devant le PC pendant ce temps là. On finira demain si tu veux bien. Je ne serai pas là dans la journée.

Si tu peux fait les différentes procédures, poste les rapports.

Si tu as le moindre doute. Poste ici ce qui t'arrête, je répondrai demain.

_
0
gaetan621 Messages postés 10 Statut Membre
 
AntiVir PersonalEdition Classic
Report file date: mercredi 19 mars 2008 11:27

Scanning for 1157825 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: vero
Computer name: UNICORNI-1246DA

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 01:11:04
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 01:11:04
ANTIVIR3.VDF : 7.0.3.49 297472 Bytes 18/03/2008 01:11:04
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 19/03/2008 01:11:04
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/03/2008 01:11:04
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 19 mars 2008 11:27

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'antivir_workstation_win7u_en_h.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
17 processes with 17 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] In the drive 'E:\' no data medium is inserted!
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!

Starting to scan the registry.
C:\WINDOWS\system32\WLCtrl32.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.lkz.9
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\WLCtrl32.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.lkz.9

The registry was scanned ( '35' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\afrpctiaf.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4853026e.qua'!
C:\WINDOWS\system32\atedlewz.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484602c1.qua'!
C:\WINDOWS\system32\azzltuhh.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '485b02d5.qua'!
C:\WINDOWS\system32\bbzvold.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '485b02c0.qua'!
C:\WINDOWS\system32\bjiywmjnm.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484a02ce.qua'!
C:\WINDOWS\system32\bkvdrnwx.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '485702d1.qua'!
C:\WINDOWS\system32\boofskepl.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '485002d9.qua'!
C:\WINDOWS\system32\bzxdcansn.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48590302.qua'!
C:\WINDOWS\system32\cbtnpkpy.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '485502f0.qua'!
C:\WINDOWS\system32\cmgppdspou.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48480303.qua'!
C:\WINDOWS\system32\cpgyhkf.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4848030d.qua'!
C:\WINDOWS\system32\csujpfcxhe.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48560314.qua'!
C:\WINDOWS\system32\cxhiefyhqs.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4849031c.qua'!
C:\WINDOWS\system32\dcluopjj.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484d0313.qua'!
C:\WINDOWS\system32\derlywm.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48530318.qua'!
C:\WINDOWS\system32\dgdaipd.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4845031e.qua'!
C:\WINDOWS\system32\djjrkqd.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484b0326.qua'!
C:\WINDOWS\system32\djlyvr.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484d0328.qua'!
C:\WINDOWS\system32\dysafmkk.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48540344.qua'!
C:\WINDOWS\system32\edfyckga.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48470333.qua'!
C:\WINDOWS\system32\eotsqayfn.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48550341.qua'!
C:\WINDOWS\system32\ewuanjkdj.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48560352.qua'!
C:\WINDOWS\system32\eyrdejsrqa.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48530358.qua'!
C:\WINDOWS\system32\fjhoakdfn.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4849034d.qua'!
C:\WINDOWS\system32\fonvthjsb.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.KX.3
[INFO] The file was moved to '484f0355.qua'!
C:\WINDOWS\system32\fwwpnh.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48580361.qua'!
C:\WINDOWS\system32\georxa.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4850035b.qua'!
C:\WINDOWS\system32\ggozaexsfd.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4850035f.qua'!
C:\WINDOWS\system32\gokqybh.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484c0369.qua'!
C:\WINDOWS\system32\gtcxuwzvy.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48440371.qua'!
C:\WINDOWS\system32\gwpotdjgs.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48510377.qua'!
C:\WINDOWS\system32\hhrejlws.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4853036b.qua'!
C:\WINDOWS\system32\hsjfwdqh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '484b0379.qua'!
C:\WINDOWS\system32\hvytcdkan.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '485a0380.qua'!
C:\WINDOWS\system32\iaokqdbs.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4850036e.qua'!
C:\WINDOWS\system32\ijdptzc.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4845037e.qua'!
C:\WINDOWS\system32\ikpwqgnsr.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48510382.qua'!
C:\WINDOWS\system32\imloxrpo.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '484d0388.qua'!
C:\WINDOWS\system32\jsplrndff.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48510398.qua'!
C:\WINDOWS\system32\knjxjuqi.VIR
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '484b0398.qua'!
C:\WINDOWS\system32\lhlvsw.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484d0397.qua'!
C:\WINDOWS\system32\lkopjgfae.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4850039d.qua'!
C:\WINDOWS\system32\lsgujzxtj.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484803aa.qua'!
C:\WINDOWS\system32\lwdvdxrc.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '484503b1.qua'!
C:\WINDOWS\system32\melpjzq.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484d03a8.qua'!
C:\WINDOWS\system32\mjvpqob.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '485703b2.qua'!
C:\WINDOWS\system32\mljjk.VIR
[DETECTION] Is the Trojan horse TR/Vundo.DZL
[INFO] The file was moved to '484b03b6.qua'!
C:\WINDOWS\system32\mphswkfb.VIR
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '484903c0.qua'!
C:\WINDOWS\system32\muzudv.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '485b03de.qua'!
C:\WINDOWS\system32\mvnwgpjxk.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484f03e1.qua'!
C:\WINDOWS\system32\mwcvdwp.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484403e4.qua'!
C:\WINDOWS\system32\nskfchsy.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '484c03e8.qua'!
C:\WINDOWS\system32\nygcuogc.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484803f6.qua'!
C:\WINDOWS\system32\oeramcj.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '485303e6.qua'!
C:\WINDOWS\system32\ohevuzbqw.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484603ec.qua'!
C:\WINDOWS\system32\ohfrmurn.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '484703ee.qua'!
C:\WINDOWS\system32\osljvpmas.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484d03fd.qua'!
C:\WINDOWS\system32\pchptasp.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '484903f1.qua'!
C:\WINDOWS\system32\pfirqmujz.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484a03f8.qua'!
C:\WINDOWS\system32\plibgw.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484a0401.qua'!
C:\WINDOWS\system32\prermfrtj.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4846040b.qua'!
C:\WINDOWS\system32\qfnnrwbs.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '484f0409.qua'!
C:\WINDOWS\system32\qhpphv.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4851040d.qua'!
C:\WINDOWS\system32\qnkcmmg.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484c0416.qua'!
C:\WINDOWS\system32\rsseldxzx.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48540425.qua'!
C:\WINDOWS\system32\ssswlyo.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48540437.qua'!
C:\WINDOWS\system32\stshpqem.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48540441.qua'!
C:\WINDOWS\system32\suwfxrtzxj.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48580444.qua'!
C:\WINDOWS\system32\tmhwuxsh.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48490443.qua'!
C:\WINDOWS\system32\tprxntox.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48530449.qua'!
C:\WINDOWS\system32\tqrbaitz.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4853044c.qua'!
C:\WINDOWS\system32\ukhfgikwu.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4849044c.qua'!
C:\WINDOWS\system32\ulsoenbt.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48540450.qua'!
C:\WINDOWS\system32\uqxkiibkm.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48590459.qua'!
C:\WINDOWS\system32\vavwnne.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4857044e.qua'!
C:\WINDOWS\system32\vnqsyx.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48520460.qua'!
C:\WINDOWS\system32\vuysmi.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '485a046a.qua'!
C:\WINDOWS\system32\vwkhhscck.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484c046e.qua'!
C:\WINDOWS\system32\wfpdsvfe.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48510462.qua'!
C:\WINDOWS\system32\WLCtrl32.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.lkz.9
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\xapnrmwnc.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48510489.qua'!
C:\WINDOWS\system32\xlhrorumaa.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484904e7.qua'!
C:\WINDOWS\system32\xmxjkq.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '485904eb.qua'!
C:\WINDOWS\system32\xyasiybbtx.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484204fc.qua'!
C:\WINDOWS\system32\yayvvwx.VIR
[DETECTION] Is the Trojan horse TR/Vundo.ecg.1
[INFO] The file was moved to '485a04e6.qua'!
C:\WINDOWS\system32\zjlgfycus.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '484d04fe.qua'!
C:\WINDOWS\system32\zyatkftflx.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48420510.qua'!
C:\WINDOWS\system32\drivers\Yxg81.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ras\slipmenu1.scp
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '484a0654.qua'!
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: mercredi 19 mars 2008 13:25
Used time: 1:57:59 min

The scan has been done completely.

4071 Scanning directories
160596 Files were scanned
89 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
87 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
160507 Files not concerned
4947 Archives were scanned
4 Warnings
0 Notes
0
gaetan621 Messages postés 10 Statut Membre
 
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 17:23:40 19/03/2008

+ Résultat de l'analyse:



C:\Program Files\180search assistant -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180search assistant\180sa.exe -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180search assistant\sau.exe -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180searchassistant -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180searchassistant\saap.exe -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180searchassistant\sac.exe -> Adware.180Solutions : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} -> Adware.Generic : Aucune action entreprise.
HKU\S-1-5-21-57989841-1336601894-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Aucune action entreprise.
C:\System Volume Information\_restore{80846D97-6BD8-446E-8892-BA244A7F29CB}\RP205\A0024588.exe -> Downloader.Tiny.ali : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@clickbank[2].txt -> TrackingCookie.Clickbank : Aucune action entreprise.
:mozilla.199:C:\Documents and Settings\vero\Application Data\Mozilla\Firefox\Profiles\qheg6cdq.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Aucune action entreprise.
:mozilla.151:C:\Documents and Settings\vero\Application Data\Mozilla\Firefox\Profiles\qheg6cdq.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.


Fin du rapport
0
gaetan621
 
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 17:23:40 19/03/2008

+ Résultat de l'analyse:



C:\Program Files\180search assistant -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180search assistant\180sa.exe -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180search assistant\sau.exe -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180searchassistant -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180searchassistant\saap.exe -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180searchassistant\sac.exe -> Adware.180Solutions : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} -> Adware.Generic : Aucune action entreprise.
HKU\S-1-5-21-57989841-1336601894-725345543-1003\Software\Microsoft\Windows\CurrentVersion\­Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Aucune action entreprise.
C:\System Volume Information\_restore{80846D97-6BD8-446E-8892-BA244A7F29CB}\RP205\A0024588.exe -> Downloader.Tiny.ali : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@clickbank[2].txt -> TrackingCookie.Clickbank : Aucune action entreprise.
:mozilla.199:C:\Documents and Settings\vero\Application Data\Mozilla\Firefox\Profiles\qheg6cdq.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Aucune action entreprise.
:mozilla.151:C:\Documents and Settings\vero\Application Data\Mozilla\Firefox\Profiles\qheg6cdq.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
0
Réponse 7 / 8
Utilisateur anonyme
 
Y a eu du ménage de fait, mais y en reste

Il manque la procédure AVG Anti Spyware.

Revoir le message N° 6 plus haut

N'oublie pas les rapports.

_
0
gaetan621 Messages postés 10 Statut Membre
 
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 17:23:40 19/03/2008

+ Résultat de l'analyse:



C:\Program Files\180search assistant -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180search assistant\180sa.exe -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180search assistant\sau.exe -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180searchassistant -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180searchassistant\saap.exe -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180searchassistant\sac.exe -> Adware.180Solutions : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} -> Adware.Generic : Aucune action entreprise.
HKU\S-1-5-21-57989841-1336601894-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Aucune action entreprise.
C:\System Volume Information\_restore{80846D97-6BD8-446E-8892-BA244A7F29CB}\RP205\A0024588.exe -> Downloader.Tiny.ali : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@clickbank[2].txt -> TrackingCookie.Clickbank : Aucune action entreprise.
:mozilla.199:C:\Documents and Settings\vero\Application Data\Mozilla\Firefox\Profiles\qheg6cdq.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Aucune action entreprise.
:mozilla.151:C:\Documents and Settings\vero\Application Data\Mozilla\Firefox\Profiles\qheg6cdq.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\vero\Cookies\vero@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.


Fin du rapport
0
Réponse 8 / 8
Utilisateur anonyme
 
Remet un rapport HijackThis

_
0

Discussions similaires

Cpu fan fail
Mistik -
Bobo -

2 réponses
Warning : your computer CHIP Fan Fail or spee
Lalane -
oufben08 -

16 réponses
Message " Your chassis has been opened"
tophe70 -
Anonyme -

14 réponses
Symbole Attention dans Word
Nortec59 -
LOUL7619 -

33 réponses